August 18, 2008
Blood Sport – Securities & Security
Please note that contributed articles, blog entries, and comments posted on are the views and opinion of the author and do not necessarily represent the views and opinions of the management and staff of Internet Business Systems and its subsidiary web-sites.
Peggy Aycinena - Contributing Editor

by Peggy Aycinena - Contributing Editor
Posted anew every four weeks or so, the EDA WEEKLY delivers to its readers information concerning the latest happenings in the EDA industry, covering vendors, products, finances and new developments. Frequently, feature articles on selected public or private EDA companies are presented. Brought to you by If we miss a story or subject that you feel deserves to be included, or you just want to suggest a future topic, please contact us! Questions? Feedback? Click here. Thank you!

Some standards have robust security built in, which protect third-party multi-media - things like HDMI [high-definition multimedia interface]. WiMax also has a security scheme similar HDMI for building security requirements into the hardware, and
Blue-ray as well. All of these things take security very seriously at the silicon layer, because that's where you need to store sensitive information that's fundamental to how the system works.

Brian Neill - A lot of security standards have licensing bodies or are proprietary. HDCP [High-bandwidth Digital Content Protection] is licensed by Intel, for instance. When you license a technology - say HDCP or AACS [Advanced Access Content System] for Blue-ray - the licenses say data will be secure, both in the field and while the device is being manufactured.

But it's pretty common knowledge that when you're using subcontractors in Asia for manufacturing, those subcontractors haven't signed the license, so it's up to you to make sure your subcontractors are complying. Or, it's up to us here at Certicom [working on behalf of our customers] to be sure that all levels of security are being honored.

Peggy Aycinena - Clearly, there's a lot of motivation and market pressure to get these security issues under control. What are you guys contributing?

Craig Rawlings - Kilopass provides secure storage in the chip in the silicon layers, in the physical layers.

Brian Neill - And Certicom's role is to get that secure information into the chip during manufacturing at the factory.

Craig Rawlings - We call this front-to-back security. The front-end from design, and the back-end from manufacturing. Our two companies are joining forces as strategic partners to set the stage for what we're about to tackle.

Peggy Aycinena - I'm lost again. What data are we securing here?

Craig Rawlings - We have all these sophisticated locks, encryption schemes that provide an incredible lock. The problem is, you can have the greatest lock on the front of the house and still have to leave the key somewhere. In our case, these keys are stored in non-volatile memory, [which is retained even] if the power's taken away.

In the past, that's been a hard drive, or masked ROM, or a data stick. These traditional non-volatile memory technologies are relatively low cost, but they're not physically secure. In a hard drive, for instance, you can scan it magnetically to get the information off of it. Attackers are very sophisticated these days and have figured out how to go for the key first. Then, everything else in the security scheme falls apart.

Peggy Aycinena - So we're talking about securing the key?
Craig Rawlings - Yes, we're specifically talking about the storage of encryption keys for protecting media that's distributed through the HDMI interface, the standard for communicating or distributing information between different types of multi-media equipment.

Kilopass has a high-density NV memory technology that's built into standard logic CMOS. You don't need to store the key information in an external device in this case, because it's built into the physical layer during the manufacturing process. High-density memory keeps the costs down in terms of die area, and therefore makes a great storage facility for the key.

Our technology is based on an anti-fuse, where we're actually hiding the key information amidst the atoms of silicon. It's like looking for a needle in a haystack to find the key, unless you know where to look, because it's based on randomness. This makes the memory, and the key stored there, very secure from all types of attacks - passive attacks, semi-invasive attacks, and invasive attacks.

Peggy Aycinena - Can you define those categories of attack?

Craig Rawlings - Passive attacks are done electrically without looking inside the chip. You can determine what's in there by giving stimulus to the device and seeing how it responds.

Semi-invasive attacks may involve doing things environmentally or through modest physical attacks -breaking the device open and looking at it under a microscope to see what's in there.

Invasive attacks are deep attacks. Some people use microprobes. They can even attach a wire inside of the chip, but they have to have a big budget for the very fine equipment needed to do that. Basically everything's hackable.

Peggy Aycinena - And everybody has a price, which really guarantees that everything's eventually hackable, even hardware.

Craig Rawlings - Yes, everybody has a price. But we want [to set the price very high], to force them to have a lot a money and a lot of resources [to do this work]. We don't want to have to worry about some teenager in Sweden breaking into a standard that protects data.

Peggy Aycinena - Couldn't you just hire those Swedish teenagers?

Brian Neill - Maybe, but they'd need a business plan. [Laughing]

Craig Rawlings - Or, we could force things down into the silicon layer where it's a lot harder to attack, so no kids or adults will be successful at breaking the standard. Also, if it requires somebody with a Ph.D. to understand the technology, [we're in better shape from a security point of view].

Peggy Aycinena - I'm not sure all hackers are really unethical. Maybe they just see it as a challenge, a puzzle to be solved.

Craig Rawlings - Yeah, a lot of teenagers are probably just mischievous, but we're not just looking at key storage as an application for the Kilopass technology. We're also looking at design IP protection. We live in a very global marketplace, IP protection is not equal across all borders, and legal protections aren't as compelling as they used t be. We all know that if you don't protect innovation - which is what IP is all about - innovation comes to a screeching halt.

Peggy Aycinena - How did you guys find each other?

Brian Neill - We were both looking on Google for something like the other guy had. When we saw that our two products are distinct, but co-exist, we asked - why not tie our two products together more closely. That's the genesis of our partnership.

Peggy Aycinena - Brian, what does Certicom contribute to the partnership?

Brian Neill - At Certicom, we see our product as an add-on to Kilopass memories, an add-on that allows the memory to be programmed natively by a Certicom key-inject system at post-package test. Not only do we stick appliances on the test floor to do this work [at the manufacturing site], we also offer software that takes keys for different standards and injects them into the device.

Basically, you have to decrypt the key before you put it into the chip, so you have this security gap at the tester. With our tools, we keep keys protected all the way to the chips. There really isn't any technology on the market right now that competes with that.

So, from Certicom's point of view, we get and protect the secret data that people sign away their life for. You might purchase a set of a million keys, for instance, then put each of those keys into a million devices, so everything's unique.

Peggy Aycinena - Craig, the Kilopass contribution?

Craig Rawlings - When the key is stored in the chip, we make it much harder for that key to be exposed. That information's much more secure inside the chip.

Peggy Aycinena - So again, why can't security be handled in the software?

Craig Rawlings - Brian actually does do some software security.

Brian Neill - We do have products in software, using general-purpose platforms. We configure those general-purpose platforms using COT components to do what you have to do. That's great for word processors, but we've had 2 decades of software with people trying to do security in software, and we always find that you need to obfuscate things to hide the cryptographic keys. You have to keep the key in memory or in special tokens or other portable hardware, or do it by putting the key into the chip itself.

You can find the full EDACafe event calendar here.

To read more news, click here.

-- Peggy Aycinena, Contributing Editor.

Review Article
  • Get Real August 22, 2008
    Reviewed by 'Bob P'

    Cunning? Vengeance? Oh please. This is business. Business is war. Plain and simple.

      2 of 2 found this review helpful.
      Was this review helpful to you?   (Report this review as inappropriate)

  • It's not clear that Mentor is harmed as much as you believe August 19, 2008
    Reviewed by 'Sean Murphy'
    Mentor closed at 10.79 on May 22, which was the last time they reported. They closed today at 10.62, so down 17 cents. It's not at all clear that animosity drove the Cadence takeover offer, as much as the belief on the part of Cadence management that they could do a better job running a combined company. There may be many things right or wrong in that calculation but wanting to "damage Mentor" strikes me as a remote possibility, especially given how damaging this set of actions may prove to Cadence.
    When they announced the deal on June 18, Cadence closed at 10.84. They closed today at 7.74, so they are still down almost 29% from that level (primarily due to the reaction to their last quarter results, but clearly doubts about the merger's viability were expressed on the analyst call, and the FTC's reaction presaged rough sledding no matter what).
    This combination of doubling down on their private offer by making it public, followed by a sudden removal cannot be a positive for Cadence. Mentor's concerns that regulatory issues would be problematic was certainly borne out by FTC actions to date.
    We don't know what results Mentor will announce this quarter (or at least I don't) but it's not clear that accurately assessing that the merger was problematic puts Wally in hot water. When Cadence revised their revenue and earnings estimates strongly down for the rest of the year they probably limited their ability to finance the acquisition to that point that it was no longer viable.
    The thing that's surprising to me is that they also announced a $500 million stock buy back (about 1/4 of their market cap on the day that they announced it) when they withdrew the merger offer. This is on top of an earlier $400M buy back this year. They have put all of their other smaller (friendly) acquisition efforts on hold, it would seem that they should go back to acquisitions of promising technologies in emerging markets as a way to ignite growth.
    Sean Murphy

      6 of 7 found this review helpful.
      Was this review helpful to you?   (Report this review as inappropriate)

For more discussions, follow this link …

True Circuits:

Featured Video
Peggy AycinenaWhat Would Joe Do?
by Peggy Aycinena
Acquiring Mentor: Four Good Ideas, One Great
More Editorial  
Manager, Field Applications Engineering for Real Intent at Sunnyvale, CA
Upcoming Events
SEMICON Europe at Grenoble France - Oct 25 - 27, 2016
ARM TechCon 2016 at Santa Clara Convention Center Santa Clara CA - Oct 25 - 27, 2016
Call For Proposals Now Open! at Santa Clara Convention Center, Santa Clara, CA California CA - Oct 25 - 27, 2016
DeviceWerx - 2016 at Green Valley Ranch Casino & Resort Las Vegas NV - Nov 3 - 4, 2016
DownStream: Solutions for Post Processing PCB Designs
Verific: SystemVerilog & VHDL Parsers

Internet Business Systems © 2016 Internet Business Systems, Inc.
595 Millich Dr., Suite 216, Campbell, CA 95008
+1 (408)-337-6870 — Contact Us, or visit our other sites:
AECCafe - Architectural Design and Engineering TechJobsCafe - Technical Jobs and Resumes GISCafe - Geographical Information Services  MCADCafe - Mechanical Design and Engineering ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy Policy