The epiphany that emerged from UF engineering professors Swarup Bhunia and Sandip Ray was such a game-changing proposal that IEEE Spectrum, the flagship news magazine of the Institute of Electrical and Electronics Engineers, insisted that they coauthor an October 2017 feature article to unveil the concept to their two million print and online subscribers.
With the rapid proliferation of all things ‘Internet of Things’ (IoT) — the realm of smart or automated objects and devices that are interconnected or exchange data via the Internet — a necessary, cost-effective microchip security solution has followed. The answer posed by Dr. Bhunia, Ph.D., director of Warren B. Nelms Institute for the Connected World and Semmoto Endowed Professor in the Department of Electrical and Computer Engineering (ECE), and Dr. Ray, Ph.D., Endowed IoT Term Professor in ECE, seemed an impossibility, or at least a misnomer: ‘patchable hardware.’ But the breakthrough may actually be what the industry was waiting for.
“Hardware, microchips, are not patchable,” Dr. Bhunia said. “Once they’re designed, you can’t fix their security problems.” He and Dr. Ray observed that industrial chip security protocol was ad hoc and reactive — finding a problem, then fixing it in the next iteration, with no protection against potential unknown attacks. In time, industry experts realized that was an expensive proposition. “Any time you get a security attack, what do you do? There is no other recourse but a product recall, which will cost billions of dollars. Industry has done it that way forever.”
But the two conceived a novel approach six years prior, when Dr. Ray was with the Intel Corporation. The initial thrust of their research, which found its inspiration by mimicking the self-regulating function of the human brain, recently found its way into a research program for the Department of Defense (DoD), called Automatic Implementation of Secure Silicon (AISS). With $2.4 million in funding from industry research partner and prime contractor Northrop Grumman, the UF co-investigators successfully capped their four-year chip design research work with a revolutionized microchip security, making it part of the intuitive, patchable hardware.
“This is a paradigm change, not in fabrication or in the production process, but the design architecture; the chip itself handles all the security aspects,” Dr. Bhunia said. “Our investigation in the DARPA/DoD grant has two related, critical aspects. First, it explores the concept of ‘security brain’ — a plug-and-play module that can be inserted into modern microchips to account for all their security needs. It acts as a central agent responsible for track-and-trace-control of all security-critical activities. Second, this security brain is patchable, meaning it can be upgraded when needed to meet evolving security requirements.”
The security brain is a version of microchip architecture known as a “system on a chip” (SoC), essentially an integrated circuit that takes a single platform and integrates an entire electronic or computer system onto it. SoC promises innovative solutions with respect to security, but also for sustainability/reducing energy waste and reducing the space occupied by large systems, and it will be essential for advancements in Artificial Intelligence and Machine Learning. Where the UF engineers transcended typical SoC is in building a comprehensive, flexible and configurable architecture that can self-generate SoC designs targeted to a variety of deployment needs — features that Dr. Ray said do not exist on any current framework for SoC synthesis.
“The idea is to introduce cybersecurity in microelectronics in a disciplined way,” he said. “The project aims to develop innovative technology for efficient, modular, and field-upgradable hardware platform with customizable security. A distinctive aspect of the solution is that it is developed through purely open-source components, and it will enable the scientific community and industry to seamlessly replicate the approach, augment it with new research solutions and integrate it with microelectronics design and development flows.”
Dr. Ray explains that “Your brain isn’t going to anticipate everything that’s going to happen in your life, but it still handles all those variables because it’s configurable. It can change the strategy. This does the same thing using security policies and other chip design aspects. Just like your brain, it’s adaptable; it doesn’t just offer one solution for one problem.”
“When you think about cybersecurity, a lot of it can be solved by making the microchips smarter, in that the chip can make security more robust, more flexible,” Dr. Bhunia said. “The question was, ‘Can we make a good security platform built on the hardware itself?’ Now, cybersecurity solutions can be built from the ground up from the chip itself. In order to do that, you need to make it smarter by managing the assets that are already stored on the chip, like those in a smart watch: we store information on it, personal data, critical software code, encryption keys when it’s communicating with your phone. Making it smarter means being able to better protect those varied security assets which are inside the chip, at the same time building the software stack that goes onto it.”
Apart from the cost savings that could be realized by this technology, the sustainability implications of this new microchip design have the potential to help ameliorate a chip shortage crisis that is presently threatening to choke the world economy by eliminating the need for upgrades that must be manufactured with materials that are either in short supply or caught in supply chain limbo.
Because the patchable hardware of the UF researchers’ security brain provides solutions for everything from smart lawn sprinklers to nuclear submarines, the allure for the DoD and DARPA was an equitable tradeoff between the cost of security and the benefits of the configurable chips, something they call the ‘economics of security,’ giving them a suite of tools to automatically incorporate security into their myriad warfighting electronics. “The configurability is the attraction,” Dr. Bhunia said. “You don’t need the same level of security for a nuclear submarine as you do a drone — or an automated lawn sprinkler.”