ARLINGTON, Va. – U.S. military researchers are asking experts from five universities and six companies to help make trusted computing and cyber security a routine part of digital integrated circuit design.
Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., on Wednesday announced selections of 11 organizations for the Automatic Implementation of Secure Silicon (AISS) program to protect advanced chips from known cyber attack strategies.
The AISS program seeks to make it easy to include defense mechanisms in systems-on-chip (SoC) design and fabrication. It aims to balance cyber security tradeoffs between advanced chip architectures and economic tradeoffs like power consumption, chip packaging size, and performance, while improving design productivity, DARPA officials say.
The 11 companies and universities chosen are in two separate teams. The project collectively will be worth about $75 million, although DARPA has not released specific contract figures.
The first team consists of software design and development tool company Synopsys in Mountain View, Calif.; Arm Holdings in Cambridge, England; the Boeing Co. in Chicago; the Florida Institute for Cybersecurity Research at the University of Florida in Gainesville, Fla.; Texas A&M University in College Station, Texas; UltraSoC Technologies Ltd. in Cambridge, England; and University of California-San Diego in San Diego.
The second team consists of the Northrop Grumman Corp. Electronic Systems segment in Linthicum, Md.,; IBM Corp. in Armonk, N.Y.; University of Arkansas in Fayetteville, Ark.; and University of Florida in Gainesville, Fla.
AISS is a 48-month program for built-in chip cyber security, divided into two technical areas: security and platform -- each with three phases spanning 15, 18 and 15 months. Security involves a subsystem that implements security features and interacts with related structures and services on- and off-chip. Platform involves a processor subsystem composed of processor, memory, and coprocessors or accelerators.
The objective of the DARPA AISS program is to enable a design tool and intellectual property (IP) ecosystem for digital chips where chip manufacturers could incorporate security naturally into chip design with minimal effort and expense.
The program also seeks to enable rapid evaluation of architectural alternatives that consider security as a crucial part of conventional design economics to bring power, speed, and security to advanced chip design.
Northrop Grumman and IBM will seek to enhance technologies first developed under the DARPA Supply Chain Hardware Integrity for Electronics Defense (SHIELD) program to develop a tool to verify the trustworthiness of protected electronic components without disrupting or harming the system into which they have been designed. Northrop Grumman was part of the SHIELD program.
These two companies will use SHIELD-developed technologies as a starting point to design an Asset Management Infrastructure (AMI) to protect chips throughout their life cycles. The goal is to implement the AMI using distributed ledger technology, which provides for a high-availability cloud-based system to manage keys, certificates, watermarks, policies, and tracking data to ensure that chips remain secure as they move through the design process.
The Synopsys-led team, meanwhile, will integrate the security engine technology developed in the first research area into system-on-chip (SOC) platforms in an automated way.
In effect, this second research area focuses on combining the new security-aware electronic design automation (EDA) tools developed under AISS with commercial off-the-shelf (COTS) IP from Synopsys, Arm, and chip instrumentation specialist UltraSoC.
This capability could allow enable designers to specify power, area, speed, and security (PASS) constraints on these AISS tools, which then will generate implementations automatically based on the application.
Throughout the past decade, cyber security threats have evolved from attacks only on software to threatening computer hardware like digital chips, as well as software, DARPA researchers explain. The popularity of internet-connected devices is encouraging hackers to shift their attention to chips that enable complex capabilities across commercial and military applications.
No common tools or other solutions are in wide use today. Modern chips are complex and expensive just to design, let alone to include built-in security. Absence of automation makes incorporating security in chips a laborious and manual task that requires specific design expertise. The result: most of today’s chips are unprotected.
Related: Air Force to brief industry on project to develop a secure ASIC for cyber security
The AISS project calls for a cloud-based design environment with an open-source RISC-V platform as well as a commercial ARM processor for use in SoC design.
The AISS program is part of the DARPA Electronics Resurgence Initiative (ERI) to ensure far-reaching improvements in electronics performance and pushing the limits of traditional scaling. Essentially it seeks to simplify incorporating security into mainstream chip designs, as well as develop advanced defenses and countermeasures.
Specifically, the program aims at protecting digital chips from side-channel attacks, reverse-engineering attacks, supply chain attacks, and malicious hardware attacks. It seeks to enable automatic generation of on-chip security subsystems that defend against supply chain, side channel, reverse engineering, and malicious hardware attacks, while interacting as necessary with off-chip support for key management, watermarking, obfuscation, authentication, provisioning, tracking, and analytics.
The program also seeks to enable automatic generation of the processor subsystem or platform to customize processors, memories, logic accelerators, peripherals, and on-chip interconnects to optimize integration with the security subsystem.
By reducing the security burden of commercial silicon design, AISS aims at a sweeping effect on the commercial chip market by creating application-appropriate security that is baked in while significantly reducing development schedule.
