For those of you that haven’t seen it yet, a recent July 7th post by Ed Sperling is must read for anyone interested in the migration to chiplets. “Security Risks Widen with Commercial Chiplets”. He pulls together a number of inciteful comments from industry security experts on the impact of chiplets on security risks. I’ve excerpted the article below.
In addition, a whitepaper by Rambus on the topic can be downloaded here.
Sperling notes that the commercialization of chiplets is expected to increase the number and breadth of attack surfaces in electronic systems, making it harder to keep track of all the hardened IP jammed into a package and to verify its authenticity and robustness against hackers.
Until now, he writes, security has been a non-issue for chiplet modules because the only companies using chiplets today ( AMD, Intel, Marvell) internally source those chiplets. But as we begin to see a broader acceptance of chiplets, and the market for third-party chiplets grows, this will become a greater issue. Security experts expect commercially available chiplets will almost certainly open the door to a variety of security-related issues.
“In a perfect world, we would make a catalog of chiplets, test all of them, and give them a rating for security……. then, once you start building your chip, you compile these chiplets…. and you’re good to go. That’s an ideal world.” But “… a chiplet may be obsolete after a couple of years. It would need to be redesigned and updated, and new vulnerabilities will be introduced. But in addition to that, the security landscape is continuously evolving because new attacks are being discovered……. What is secure today can be very insecure tomorrow. So, security is not a state. It’s a process. “
Counterfeiting is not a new problem in the chip industry, but as chips are used for more critical functions, concerns about counterfeiting are growing. Reportedly there are thousands of chips available today on the gray market that are either counterfeit or remarketed chips from dead or discarded products. In some cases, the counterfeiters have etched legitimate part numbers into the chips or included an authentication code that matches the “golden” code provided by the manufacturer.
“If hackers can get into the back end of the supply chain, they can ship chiplets that are pre-hacked. The weakest company in the supply chain becomes the weakest link in a system, and you must adjust your attack to the weakest link.” These problems become more difficult to prevent or even identify as the supply chain extends in all directions with off-the-shelf chiplets. “How do you ensure the authenticity of every piece of microelectronics moving from wafer sort up through final test, where assembly and test are performed in a different country, and then attached to a board in yet another country?”
What are the reliable ways of actually tracking those pieces to ensure that the system that you’re building has authentic components whether it be a counterfeit part done with malicious intent or a cheap knockoff of an authentic part?
Solutions
The chip industry has been working on solutions for the past decade. “One solution for future devices involves activation of chiplets” “A similar approach would be to use encrypted tests from the manufacturer such as a validation process for the hardware, which produces reports that tell you this is real. You can run these encrypted tests and it will confirm that it’s still working when you insert a chiplet into your design. This is where the industry needs to go. Without that, it’s going to be hard for people to drop chiplets into their design …. They need to have traceability.”
As chiplets remain in the market for long periods of time many will need to be updated through firmware or software in order to stay current with known security issues and current communications protocols. Less obvious is how security requirements will change over time, and how a growing number of chiplet-related standards will need to be adjusted as new vulnerabilities emerge.
One approach, favored by mil/aero is to keep track of all these components through blockchain ledgers, which is part of the U.S. government’s “zero trust” initiative. Another option is to add programmability into a system using eFPGAs to change bitstreams as needed for security reasons. That makes it much harder to attack a device because the bitstreams are never the same.
Sony and Samsung Battle for Leadership in CMOS Image Sensors
Scott Foster of Asia Times reports that the market for image sensors has become extremely competitive with Sony fighting to maintain its lead, Samsung seeking to extend recent gains, and Omnivision establishing itself as a strong number three.
Sony, which has dominated the image sensor market for many years, has dropped in market share from 53% to 43% over the past two years. According to various reports, Samsung has moved up from 18% to at least 22% of the market, with its share of the smartphone market as high as 26%. Omnivision has increased its market share from just under 10% to as much as 14%. Several other image sensor makers have <10% market shares, including ST Micro (France), OnSemi (USA), SK Hynix (South Korea), GalaxyCore and Smartsens (China), and Panasonic and Canon (Japan).
Sony expects the image sensor market to grow at a combined annual growth rate of approximately 9% through 2030 driven by high-end smartphones, advanced driver assistance systems, industrial applications, and security. Sony is planning image sensor-related capital spending of $6.7 B (March 2022-2024 ).
Sony is developing imaging technologies for more sophisticated smartphone cameras, interchangeable lens cameras, advanced driver assistance systems, and eventually autonomous driving, industrial applications, augmented reality, and virtual reality.
- Evolving high-end smartphone cameras will require higher resolution, higher speed to support video, and higher magnification zoom.
- Advanced driver assistance systems include six to eight front, surround, and rear-view cameras per car. Autonomous driver service vehicles will require 16 to 20 cameras each with higher resolution and synchronization with light detection and ranging.
- Industrial applications include production line monitoring, product inspection, sorting at logistics bases, recycled materials sorting and predictive maintenance.
- Augmented reality and virtual reality applications include head-mounted displays, AR glasses, iris recognition, gaze detection, hand tracking, human/space recognition, and SLAM (simultaneous localization and mapping).
R&D, including work on the integration of image sensing and artificial intelligence, will be carried out in Japan, China, the US and Germany.
Samsung has upgraded its image sensors, launching the world’s first 100MP smartphone camera in 2019 and the first 200MP model in 2021. The 200MP model stands out for its performance in low-light environments. On top of that, Samsung is reportedly working on an image sensor with more than 500MP that would match the resolution of the human eye.
For all the latest on Advanced Packaging stay linked to IFTLE………………………