Where Technology Meets Security: Key Storage and Data Separation for System-on-Chips

This article investigates the dependency between advances in chip technology, architectures, and security. Two major properties of secure systems are analyzed in this context: data separation of different applications and secure storage of cryptographic keys. We discuss first examples for compromising data separation, e.g. the Rowhammer attack on modern DRAMs, enabled by the sensitivity of shrinked DRAM cells for crosstalk effects, or Meltdown and Spectre attacks using cache side channels. These attacks show the dependency between data separation and advances in technology and architecture. Even more powerful attacks exploiting bus and network-on-chip traffic are possible. Another area where technology meets security is the storage of cryptographic keys. New technologies offer new ways to realize non-volatile memory (NVM) for secret data storage and to implement physical unclonable functions (PUFs), which generate the key during system start and do not store it permanently in NVM. To enable good PUFs, technology and security people should work together as early as possible in the development phase, since PUFs must be characterized carefully. Ideally a PUF module is provided as a characterized and reliable security primitive in the design library. If we manage to take security already into account in early technology development phases and during architecture definition, we will get more secure systems-on-chip in the future.