Security Concerns Plague Emerging Chip Architecture

An emerging chip architecture gaining traction in smartphones, automotive technologies, and other electronics may find adoption stymied by security concerns.

Using x86 and ARM processors for hardware development can get expensive because of royalties that have to be paid to the owners (Intel and Arm). RISC-V is an instruction set on which customers can personalize silicon chips to meet their needs, much like how Lego blocks are put together. RISC-V is open and free to license, so anyone can design, manufacture, and sell RISC-V chips and software.

RISC-V is drawing interest among companies in the auto, critical infrastructure, and industrial sectors. For example, NASA is creating chips based on RISC-V that it intends to use in its space programs. Omdia estimates RISC-V shipments could tally 17 billion processors in 2030, improving 50% every year starting in 2024.

"46% of those processors are expected to be found in industrial applications, although the biggest growth over the forecast period will come in the automotive segment," Omdia said.

Vulnerabilities in Designs

RISC-V's open-source ethos is its biggest advantage, but also a liability: bad actors could introduce backdoors in the chip designs. Vulnerabilities in RISC-V chips used in automotive technology or critical infrastructure could be disastrous.

At Black Hat USA in August, researchers disclosed Ghostwrite, which allows users to bypass memory protection and access privileged memory in a RISC-V chip design called Xuantie C910. The Xuantie C910, designed by T-Head, a subsidiary of China-based Alibaba Group, received a lot of publicity when it was launched three years ago. It was one of the earliest RISC-V processors with a vector extension, which helps CPUs run demanding applications that include AI.

The vulnerability is particularly concerning because it affects the chip's proprietary vector extension, which wasn't properly implemented, says Fabian Thomas, a researcher in the group at CISPA Helmholtz Center for Information Security that discovered GhostWrite. Chip makers can patch the C910 by disabling the vector extension, but it will still be difficult to implement.

"People bought it and built 64-core machines because of that, and now we have to tell them to disable it," Thomas says.

Shared Designs, Hard to Patch

The issue is not in the RISC-V architecture itself, but in a faulty silicon implementation. Chip designers are enthusiastic about sharing RISC-V designs, but this means that designs with vulnerabilities may potentially be replicated and used in various areas. Resulting devices could be vulnerable to attack, and may be difficult to patch with microcode updates.

"The digital transformation happening in these sectors means they're all connected now, creating potential to exploit across all these very safety-critical systems," says Margaret Schmitt, a hardware security consultant.

It's already difficult to fix hardware vulnerabilities with firmware updates. The open nature of this chip architecture means it will be difficult to fix them in the field. "The silicon vulnerability is worse because you can't really fix them in the field in many cases... if it connects to critical infrastructure, this could be seen forever," says Alex Matrosov, CEO at Binarly.io.

There are hundreds of RISC-V designs available on GitHub to pick up, but security teams need to consider the risks of winding up with malicious chip designs with backdoors. "This is similar to open-source software projects where people [make] changes, saying 'I'm making it better,' but it's actually a backdoor or malware," Schmitt says.

The concern is especially heightened as the RISC-V architecture has become a priority for Russia and China, which are investing heavily in the technology to build homegrown chips. China and Russia ramped up RISC-V adoption after the U.S. banned the export of advanced chips to these countries amid trade and political hostilities.

The U.S. government has already talked about limiting RISC-V access to China, though that may be hard to do as the architecture is open source.

"You're seeing a potential basis for China to use this, a potential for unintended or intentionally added weaknesses to be a serious concern," says Schmitt.

Working With Security Partners

Organizations working with RISC-V chips on a shoestring budget may make the decision to sacrifice security, says Mike Eftimakis, vice president of strategy and ecosystem at Codasip, a software company.

"To be able to find a bug, you have to have the infrastructure behind you. It's very expensive and requires specialized knowledge, so it naturally shrinks the base of people who could potentially help with the verification of these devices," Eftimakis says.

Hardware security experts recommended going to established RISC-V companies with solid security processes, a strong customer base, and a good track record of designing chips. One example is Santa Clara, Calif.-based SiFive, which handles security analysis and rigorous compliance testing in its cores. The company has a large customer base that includes Google and NASA, a spokesman said in an email.

Another RISC-V company, Cupertino, Calif-based Ventana Micro Systems, uses the Caliptra specification to put security features directly in computing chips. Caliptra was developed by the Open Compute Project, a coalition which includes Google, Microsoft, AMD, and Nvidia.

Ventana Micro leaders have extensive experience working with x86 and ARM architectures, and are using that experience to secure RISC-V chips. "We applied these learnings during our ground-up development and have many patented features targeted at making our microarchitecture resilient to attacks," a company spokesperson said in an email.