Aggressive Design Reuse for Ubiquitous Zero-Trust Edge Security—From Physical Design to Machine-Learning-Based Hardware Patching

This work presents an overview of challenges and solid pathways toward ubiquitous and sustainable hardware security in next-generation silicon chips at the edge of distributed and connected systems (e.g., IoT and AIoT). As the first challenge, the increasingly connected nature and the exponential proliferation of edge devices are unabatingly increasing the overall attack surface, making attacks easier and mandating ubiquitous security down to each edge node. At the same time, the necessity to incorporate zero-trust policies in large-scale distributed systems requires a complete set of security primitives for hardware-backed authentication, and a higher degree of physical context awareness (including primitives detecting the onset of physical attacks). Thus, making the inclusion of such security primitives economically sustainable even in low-end devices is a second key challenge. As third challenge, the ever-changing vulnerability landscape and the need for increased chip longevity in distributed systems require security assurance methods that are sustainable and adaptive across the entire chip lifecycle. In this work, design principles and promising directions to enable ubiquitous and sustainable security capabilities along with physical awareness are discussed. Such achievements require a fundamental rethinking of design methodologies to enable aggressive design and resource reuse (e.g., area, power, and design effort), along with low-cost on-chip sensorization and intelligence for physical attack detection. Such rethinking inevitably crosses over the traditional design abstractions, and requires innovation from the physical to the algorithmic level. At the physical and circuit levels, design and resource reuse is enabled by immersed-in-logic and in-memory security approaches. At the algorithm level, “hardware patching” is introduced and exemplified to show that runtime intelligence (machine learning) allows security capabilities to adapt and improve over time, as typical of security patching in software. Sensing techniques to detect attacks in situ from noninvasive to invasive are illustrated while still preserving fully automated design approaches. Overall, the above design principles are expected to push security capabilities in distributed systems to a new level, ultimately making the edge more intelligent and self-reliant, and security measures more distributed.