Cloud native EDA tools & pre-optimized hardware platforms
As device scaling becomes unfeasible and too expensive for most applications, the popularity of using multiple small chiplets, each with a dedicated function, within a multi-die system grows. Future complex designs could easily include 100 chiplets sourced from various vendors, making the already complex and increasingly untrustworthy SoC supply chain even more so. Spreading functionality over multiple chiplets from different vendors increases the attack surface of electronic systems in many ways. Chiplets from untrusted sources can be malicious, vulnerable to attacks, or unreliable. Third parties can overproduce chiplets or steal IP.
Traditional tracking and securing chips methods are too costly, unreliable, and not flexible enough for complex multi-die designs. Synopsys offers very strong and flexible authentication solutions based on its patented SRAM physical unclonable function, or SRAM PUF, technology. These solutions can be used from the earliest moment in production to ensure that every chiplet is genuine and secure. IP can be bound to the hardware of the chiplet and communications between all parts of the system can be securely authenticated to protect from eavesdropping and alteration.
Depending on the application, the threat model, and the system's security boundaries, different levels of trust validation for multi-die designs may apply. A first level of trust validation is obtained by using SRAM PUFs to identify chiplets and detect counterfeit chiplets. Only 0.2 kB of SRAM is needed to create a fuzzy chiplet identifier that can be used to uniquely identify each individual chiplet. This solution works on any chiplet and enables tracking from the earliest moment in the production, without the need to store an identity or key on the device, enabling the identification and tracking of chiplets that have no NVM available.
The Synopsys flagship products Synopsys PUF and Synopsys PUF - Software offer a higher level of trust validation, e.g. for chiplet and data authentication or IP binding. These solutions enable secure connections using PUF-based chiplet-unique symmetric keys that are only known within the multi-die system. No UID programming is needed, and there is no need for NVM inside the chipset to store keys.
The strongest level of authentication can be achieved by combining SRAM PUFs with asymmetric crypto connected to a traditional PKI system where every chiplet obtains a device certificate from the manufacturer guaranteeing its authenticity. A certificate is only as strong as the protection of the private key. Synopys PUF-based solutions offer the strongest form of key protection.
Synopsys PUF security solutions are available in both IP and software. They use the inherently random start-up values of SRAM as a PUF, which generates the entropy required for a strong hardware RoT. The root key is re-generated every time the chip is powered up and is only available (in volatile memory) when needed. This means the key is never present in persistent memory, not even when the chip is powered down, which raises the security significantly and eliminates the need for secure memory.
Synopsys PUF can be used with any foundry and process node. It can be applied easily to almost any chip. Synopsys PUF IP has been deployed and proven in hundreds of millions of devices certified by EMVCo, Visa, CC EAL6+, PSA, ioXt, and governments across the globe.
Synopsys PUF ¨C Software solutions democratize RoT technology by uncoupling it from silicon fabrication, ensuring it can be accessed, understood, and implemented by application developers at scale. A trust anchor can even be retrofitted on deployed devices.