The decline in performance of old chips creates new vulnerabilities, and addressing these issues requires some complex trade-offs.
The longer a silicon chip is in use in the field, the more susceptible it becomes to network attacks, raising questions about the optimal lifespan of circuits and the impact of extending that lifespan.
This is especially challenging for security and mission-critical applications, as some of the most complex designs can cost up to $100 million to develop. Chip manufacturers want to amortize this investment over a longer lifespan. However, as devices become increasingly complex and heterogeneous, analysis needs to be conducted in the context of total cost of ownership, which increasingly includes security.
Lee Harrison, Director of Automotive IC Solutions at Siemens Digital Industries Software, stated, “As chips age, the boundary between operational devices and faulty devices gradually narrows. Typically, the aging process starts at time zero, and as the chip ages, timing margins and other factors gradually diminish. Many of the security features of a device lie in its ability to withstand attacks, particularly side-channel attacks. The closer a device gets to a failed state, the more vulnerable it becomes to attacks, and the more likely it is that side-channel attacks will have a real impact on the device’s functionality.”
The increase in vulnerabilities is caused by various factors. The first factor is obvious and not necessarily related to technology. The longer a device is in the field, the more time attackers have to find and exploit vulnerabilities. This is especially true for chips accessible to hackers (such as automotive chips).
Moreover, as more devices are interconnected and connected to the internet, inaccessible hardware becomes increasingly vulnerable. For multi-chip devices, this may include connections within the package as well as wireless connections.
Even worse, as the performance of circuits declines, the resilience margins for temperature, voltage, and other factors also weaken. The solution is to increase more precise monitoring and security design methods, but this requires sharing data across the entire semiconductor and electronic systems supply chain, which many companies are reluctant to do due to the possibility of competitors seeing the data.
01
Time Threat on Chip Durability
On the other hand, hackers are plentiful. For criminal organizations, state and corporate hackers, criminal groups, and even some independent programmers, cyberattacks on electronic products are big business. Many of them have deep technical understanding and the ingenuity and persistence to crack devices, whether through hardware or software hacking. Given enough time and computational resources, any design can be hacked, and electronic blueprints can be sold on the dark web for cryptocurrency.
Simon Rance, General Manager and Head of Process Data and Management Business at Keysight, said, “Over time, any type of technology will be attacked and vulnerabilities will be discovered, whether intentionally or unintentionally. There are always access points, whether from the hardware side, usually through ports (like buses), or from the software side, which are often more vulnerable. You can not only crack software but also access hardware through software and firmware. This is a challenge because as devices age, their vulnerabilities will always be exposed. They are shared publicly, even on websites like Reddit.”
The challenge of defending against future attackers has a core issue. Hardware will remain unchanged, while attackers’ methods will continuously evolve. They have plenty of time to detect vulnerabilities, but designers cannot go back and fix these issues.
“This is not an easy challenge to solve,” said Rance. “The cost of predicting and preventing this situation in advance is high, so they usually invest in hardware within controlled systems, and security is their top priority. If it’s hardware, such as a secure bus on a chip, the bus data may be encrypted and kept away from the CPU or processor. But when you start making these types of architectural choices and decisions, the cost of the chip goes up.”
02
Focus Areas on Chip Durability
Even though most circuits will eventually be hacked in some way, it doesn’t mean that every circuit is equally vulnerable. Different types of semiconductors and components of SoCs (System on Chips) become more susceptible to attacks as they age. According to a paper published by researchers from Virginia Tech in 2024, SRAM shows gradual analog domain-level changes over time, which attackers can simulate.
“Today, the power, performance, area, and heat of these devices are fully validated,” Rance said. “The people designing these devices know that if the heat goes slightly out of range, it will affect system functionality and applications, and this could be exploited. If you heat something up to a certain point, it can cause other devices to shut down. Or, you can freeze it, which often provides backdoor access to certain devices. Power is another factor in timing. Whether it’s electromagnetic pulses or any such factors, different types of factors can cause data timing mismatches either within or between devices. This doesn’t necessarily expose dangerous problems, but it may imbalance the information to the point where it cannot be executed as intended.”
At advanced nodes, thin films and wires are more susceptible to aging effects, such as dielectric breakdown and electromigration over time, meaning the level of vulnerabilities may rise. At the most advanced nodes, security needs close attention to clock speed and local temperature. This is why security-critical circuits (such as some in automotive applications) are often located at larger, older nodes.
“The size of transistors must be larger, and the size of metal interconnects must also be larger,” Harrison said. “This is the trade-off between smaller geometric processes and margins. More advanced nodes are always more vulnerable to attacks because the technology itself is more vulnerable. When you switch to smaller nodes, you need to pay more attention to this and consider it in your physical design.”
03
Easier to Attack on Chip Durability?
Designs that do not evolve over time may not be any safer than those that are constantly patched and updated. This is an advantage for programmable logic because it can be updated in the field. In contrast, ASICs “are optimized from the start,” said Mike Borza, a scientist at Synopsys. “All the ways to fix discovered security flaws will be built around software. So in a sense, as attacks become more advanced, attackers’ understanding of the system grows, and the number of methods they can use to exploit the system will increase over time.”
Performance degradation plays a significant role here. Scott Best, Technical Director at Rambus, said there are three types of performance degradation. Electromigration is a well-known phenomenon that can be addressed by not exceeding the maximum values of power and signal lines or implementing random masking and other side-channel countermeasures. However, other types of performance degradation, such as the degradation of pFETs and nFETs, can accumulate charge that impacts threshold voltage.
“At first glance, this may not seem important, but many designs are precise to an inch or a micron,” Best said. “If you really have detectors, it feels like a process shift.”
These changes are not equally noticeable across all components. A paper published in 2018 by several universities and imec found that workload has a significant impact on component performance degradation, making them more vulnerable to attacks. While memory is especially susceptible, Borza stated that memory is not the only aspect that becomes more vulnerable over time.
“Memory is one of the main factors that ages, but other aging factors include various oscillators and even data paths,” he said. “The time required to transmit data across a path will change. These changes are not large; sometimes they are very small, but they are large enough to be detectable as they change over time. As long as you have this capability, someone could exploit it.”
04
Other Risk Factors on Chip Durability
Peter Laackmann, Senior Vice President of Security at Infineon, noted that the aging of unprotected chips can simulate the impact of techniques used to break the low-end security of standard microcontrollers.
“For non-secure (so-called ‘security-enhanced’) microcontrollers, one of the most important threats is ‘fault injection attacks,'” Laackmann said. “With this attack, the attacker tries to introduce errors in the chip’s internal data processing, storage, or transmission. If a secure chip performs incorrect calculations or data retrieval, the attacker can bypass access controls. Furthermore, if an attacker successfully modifies encryption calculations at the right time, secret private keys could be exposed.”
The inherent vulnerabilities of SoCs also extend to small chips. However, since multiple chips are integrated into a system, there are additional threats.
“One exposed point in chip packaging design is that physically, it’s larger, and it needs to be connected through ‘on’ and ‘off’ chip interconnects,” Borza said. “Whether it’s vertical stacking, flat architectures, or a combination of both, someone might be able to probe the interconnect layers and intercept or modify the data moving between chips. This is why the risk or exposure of such designs increases, but the basic principles remain unchanged.”
05
Security Design on Chip Durability
Although aging is inevitable, it doesn’t mean it can’t be addressed. As Laackmann from Infineon observed, microcontrollers from the 1990s often relied on sensors to detect inappropriate environmental conditions, such as abnormal power supply voltage, temperature, clock frequency, or laser irradiation.
With the continuous advancement of available attack technologies, sensors now need to be more robust.
“When you’re monitoring the silicon, what you need to be aware of is that if your monitor slowly sees the degradation of the silicon, that’s acceptable. This is the curve you expect to see,” Harrison said. “But if you suddenly see anomalies or spikes, you know that this is not part of the natural aging process. This is an attack on the silicon itself. By monitoring the general aging process of the silicon, you can also monitor a certain amount of side-channel attacks.”
Function monitoring is also a key security measure to prevent hackers from exploiting the time advantage. Since monitors can be configured via software, Borza pointed out that designers are able to update their profiles and change the types of data collected, as well as monitor new attacks that emerge over time.
As Laackmann said, architectures that prioritize security must be the “inherent foundation” for certified security controllers. “As a countermeasure against physical attacks and potential threats from natural or accelerated aging, modern certified secure microcontrollers (such as those provided by Infineon) must be built on security design principles. In terms of security, this means that no matter where the physical influence originates, the chip’s task is to detect errors and trigger countermeasures or alarms. Modern certified secure controllers typically use hardware encryption accelerators, including internal data masking and extensive use of randomization features, as well as internal software to implement encryption. These measures ensure there is an efficient barrier against side-channel analysis methods, effectively protecting the chip from attacks, including accelerated and natural aging.”
Another method is to establish triple modular redundancy, which can measure and compare faults.
“TMR, or simply doing computational redundancy, is usually a way to mitigate single-event disturbances in RAD hardware designs,” said Best from Rambus. “This is not only crucial in satellites but also in land-based automotive applications. Some safety-critical systems inside cars need lockstep cores—functional redundancy side by side. You can perform the same computation in two different processor cores in lockstep, and they will continuously monitor each other to ensure they stay in lockstep. Now, if an adversary tries to exploit aging effects to attack your chip, these redundancies help mitigate those attacks because now your adversary has to make their attacks as redundant as the defense, which can be unexpectedly difficult.”
06
Edge Security
Part of security design is understanding how attackers work. As Harrison explained, side-channel attacks are achieved by applying pressure or altering environmental parameters to push a device out of a stable state. This can be done using techniques such as peak voltage or temperature and observing whether it allows access to secure channels.
However, designing this resilience requires a trade-off. “This clearly affects the overall functional timing within the device,” Harrison said. “If you have enough margin, you have to work really hard to attack the device and make it unstable. But as the device ages, as you approach these margins, the device may be very, very close to failure. For example, the time between two functional flip-flops in that timing path becomes longer and longer.”
07
Conclusion
As chips age, they become more susceptible to attacks, particularly side-channel attacks. This is because chips degrade over time, but also because, as the devices are used longer, hackers have more opportunities to find weaknesses.
Security design methods include actively monitoring activities such as voltage and temperature spikes, which can help defend against these attacks, but they may also impact performance and power consumption. Therefore, while it is important to leave reasonable margins for temperature and voltage in design, no device can ever be completely secure throughout its lifespan. The challenge lies in finding the right balance.
Disclaimer:
- This channel does not make any representations or warranties regarding the availability, accuracy, timeliness, effectiveness, or completeness of any information posted. It hereby disclaims any liability or consequences arising from the use of the information.
- This channel is non-commercial and non-profit. The re-posted content does not signify endorsement of its views or responsibility for its authenticity. It does not intend to constitute any other guidance. This channel is not liable for any inaccuracies or errors in the re-posted or published information, directly or indirectly.
- Some data, materials, text, images, etc., used in this channel are sourced from the internet, and all reposts are duly credited to their sources. If you discover any work that infringes on your intellectual property rights or personal legal interests, please contact us, and we will promptly modify or remove it.
