About semiconductors, microchips, innovation and security risks
There is a variety of terms circulating around the subject... semiconductors, microchips, 200-millimeter wafers. What are all these things exactly?
MICHAEL SCHWARZ: Yes, we have a lot of technical terms in this field! Generally speaking, a semiconductor is always the most important component of all our technical devices. These semiconductors are parts with special current-conducting properties that are used to direct the current in electrical circuits in a targeted manner, and to make the current in computers think, so to speak. Without semiconductors, we could not build computers like we have today. These semiconductors mostly consist of the basic material silicon, which is extracted from sand, and these are then produced into so-called wafers in the manufacturing process. This means that this silicon is allowed to grow into crystals and these crystals are cut into fine round slices. We then call these wafers. And these wafers come in different sizes, for example 200 millimeters. Various chemical and mechanical processes are then used to produce chips from these pure slices of silicon. There are processes such as targeted contamination with atoms, coating, exposure, etching and oxidation - there are various processes for forming our chips from this layer of silicon, which we can then use. We also end up hearing terms like processor or microprocessor. That's what we as consumers get out of this wafer. And those are made up of tons of these semiconductors, in many cases transistors. Those are the basic switches in our elements. A modern processor that we have in the computer today consists of about ten billion of these transistors.
Max, you are not involved in the actual production of chips, but you are particularly familiar with the non-material level of chips. Your solution checks whether everything has been properly carried out in the development process of such a microchip. How is such a chip designed and at what point does LUBIS EDA come into play?
MAX BIRTEL: Basically, you can say that semiconductor development starts with a plan, a specification of what the chip should be able to do. This is often based on the needs of the market and, of course, also on the customers who want a very specific chip. So a specification is written that states what functions the chip should have, how big it should be, with what power consumption... Then the first functional properties are defined at a very abstract level. And the next step is to go to the hardware level. The chip is described in a model-like process. You can think of it as software code, but in hardware language. There, it is determined what the chip should really be able to do. Roughly speaking, you can say where every 1 and every 0 should appear in order to perform the chip's function. And at this level we then also enter with LUBIS EDA and make sure that all functions as they are described in the specifications actually work in this chip. Only when many steps have been completed, right up to actually planning where the conductors should run, does the chip go into physical production. You can imagine that a digital development process can take between one and four years, depending on how complex the chip will be.
These chips are everywhere these days, in smartphones, but also in household appliances, in medical devices,... What we keep hearing is that nothing really works in new cars without microchips. So apparently these little parts are insanely important to our modern lives, right?
MICHAEL SCHWARZ: Every one of us carries multiple computers with us at pretty much all times, for example the obvious ones like smartphones and smartwatches. But also the ones that we don't even see that way, like in smartcards, meaning our credit card. Microchips are also already built into many of our keys. We now walk around with loads of computers all the time. It's simply impossible to imagine life without it.
If we stick to the issue of cars. I have read that microchips ensure, for example, that the parking assistant works or even triggers the airbag. In these scenarios, I think it quickly becomes clear why it is crucial that they function without errors and cannot be manipulated. It feels like any small device that has a microchip in it can very quickly become a big problem. Michael, can you tell us something about the specific security risks you are dealing with, i.e. basic attack vectors and specifically the side channel attack?
MICHAEL SCHWARZ: First of all, you have to say, processors like this are incredibly complex. We're talking about billions of transistors. There's just nobody in the world anymore who could know and understand every part on a processor like that, it's just not possible anymore. That was a bit different until let's say 40 years ago. Then it was still in lanes with several thousand transistors. Then you could still check these plans manually and make sure that the thing was correct. Today, we can no longer do that. This means that we are working with systems that are so complex that we can no longer understand everything. But that also means that when we create such complex systems as humans, we also make mistakes - that's human. All things we build have errors, and that is also the case with processors. We now have digital processes to build hardware as well. We no longer draw circuit diagrams by hand and plug transistors together, but we write software and then we have programs that generate the hardware for us from that. We often know that when we have software that it's not bug-free. And when we use that software to generate hardware, we have errors there as well. That then leads to behavior on the processor that was not intended. These errors are an attack vector for attackers. That can lead to somewhere not checking whether someone has permission to access data, and then you can access data that you shouldn't be able to access. We showed that just recently, in August 2022 with ÆPIC leak. That was the exact sort of bug in Intel processors, where they simply forgot to specify whether you were allowed to access a certain area or not.
A second, relatively new attack surface are the so-called side-channel attacks. We have the ability to verify things and make sure there are no mistakes. However, we still have attack vectors that we can exploit, and that's through side effects. This has been known in the physical world for some time. Quite intuitively, you can think of it like this: Way down in a processor, we see only zeros and ones being processed, nothing else, and when a processor is working with that, it needs different amounts of power depending on whether it is processing a zero or a one. These are exactly the effects we have in the physical world in processors: Depending on the data that is used, the power consumption changes. And as the power consumption changes, so does the temperature. In other cases, for example with a division, the runtime of this division changes. So depending on the data that is being divided on a PC, there will be different execution times. And all these things do not change the error-free nature of computers. But: We can observe them and thus draw conclusions about which data is being processed at the moment. And via these conclusions, we can then also draw inferences, in the worst case for a secure system, about secret data, such as cryptographic keys. In our research, we are concerned precisely with these side effects. Which ones exist, which ones can be observed, and most importantly: which ones can be observed directly from the software, without having to connect a measuring device. That was the basis from which Spectre and Meltdown emerged.
Further progress in the fight against Meltdown, Spectre and Co.
Okay, I'll definitely go with that: Semiconductor manufacturing is really highly complex. And the requirements are becoming more and more complex. An increasing amount of information has to fit on these microchips. In addition, the Corona pandemic has triggered a semiconductor crisis. Now, there are efforts to make the availability of semiconductors in Europe more independent. The EU is promoting the location of new factories such as Wolfspeed's in Saarland. A year ago, for example, it was also announced that Intel would produce in Magdeburg. But the EU is also driving chip production through a new law. Max, are you familiar with this and know what it regulates?
MAX BIRTEL: The background is to strengthen the semiconductor industry in Europe. We have two factors: Almost 70 percent of all the software that is used to develop these chips comes from the United States. Production, on the other hand, takes place mainly in Asia, including Taiwan. That's where the most modern factories for chip production are located. And so, of course, as Europe, on the one hand you have the North Americans, who control a lot of the market for chip design, and then in Asia you have control over the production of the entire chips. At that time, Europe had a world market share of between six and seven percent in the semiconductor industry and, at the latest as a result of the crisis, it became clear that this was a key technology and that we wanted to invest in it and keep up with it. The aim is to increase the world market share to 20 percent. It's also about semiconductor sovereignty. So we want to both make our own chips "made in Europe" and then produce them here, so that we simply won't run into such bottlenecks in the future. That's why several billions are now being invested, among other things to locate production factories here in Europe - I think Bosch has also built another one in the Dresden area - so a lot is currently happening there, but of course we also want to ensure that the so-called intellectual property, i.e. the semiconductor designs and the models, are developed in Europe in the future.
Finally, to wrap things up: What does the location of the semiconductor factory in Saarland means for LUBIS EDA? Do you expect positive effects that could be useful for you in the future?
MAX BIRTEL: I would rather say indirectly than directly. We have nothing to do with physical production in that sense now. We won't be selling machines or machine software for semiconductor production.
But of course this will develop a semiconductor ecosystem in the region and create positive effects for the industry like: The more jobs are created, the more experts for the field settle in the region. Likewise, the industry will become more interesting for regional graduates who have not had semiconductors on their radar until now. This can lead to more teaching and research opportunities, which in turn could be a basis for future spin-offs or new business models.
Of course, this will also benefit us at some point, but of course, if chips are produced somewhere, they are usually developed somewhere as well. ZF is planning a research center - without knowing exactly whether they will design their own chips there, I'm pretty sure that they would have to be designed somewhere - so there are definitely points of contact for us. You don't necessarily have to see it as an individual topic, but it also has the potential to trigger at least parts of a value chain.
We also see a general trend that the automotive industry in Germany is thinking much more about semiconductor development. Companies that are not traditionally chip producers, such as Apple and Tesla, are increasingly opting for chip development in order to keep this know-how in-house. And in general: If the automotive industry in Germany now follows suit, it definitely makes sense for us as a German company with the regional location advantage to find a connection there and hopefully we can also pull something out of it.
Dr. Michael Schwarz is Faculty at the CISPA Helmholtz Center for Information Security. His career began as a programmer at Germany's largest semiconductor manufacturer. Michael studied and earned his doctorate in Graz, Austria, and then dedicated himself to research. His group focuses on the low-level security of modern computer systems, concentrating on microarchitecture and side-channel attacks and their defenses. He is best known for discovering security vulnerabilities in microprocessors, particularly Spectre and Meltdown - with a research team he found a completely new type of vulnerabilities that could be used to steal secret data. Now he continues to work with his own team in this new area of research.
Dr. Max Birtel works as CFO at LUBIS EDA, founded this startup with two others two years ago, Dr. Tobias Ludwig and Dr. Michael Schwarz. LUBIS EDA has developed software for the verification of digital integrated circuits that are included in many microchips. The methodology is called "Formal Verification." It can be used to ensure that semiconductors do not contain functional errors, because these could potentially also be a gateway to security problems. LUBIS EDA is supported by CISPA since last year.