The semiconductor industry in India is currently fabless, which means while designs are developed domestically, the actual chip manufacturing is conducted abroad. Although PSMC and Tata Electronics have plans to establish a semiconductor fabrication plant in India by 2026, Indian companies still rely on international foundries like TSMC for producing chips designed within the country.
To discuss these risks and ways to mitigate them, Shashwath TR, CEO and founder of Mindgrove Technologies, shared insights with AIM. “When I send our design to a foundry, I am placing our intellectual property in their hands,” Shashwath explained. Mindgrove Technologies, a Chennai-based semiconductor firm established in 2021, specializes in the design and production of Systems on Chips (SoCs).
The company raised $2.32 million in seed funding last year, led by Sequoia Capital India (now Peak XV Partners). In May, Mindgrove launched India’s first commercial high-performance SoC, Secure IoT, which is set to enter production next year. “Once it goes into production, it will generate revenue for us,” Shashwath added.
Secure IoT’s production utilizes Multi-Project Wafer (MPW) technology, which allows for cost-effective prototyping and low-volume production, reducing the cost of a full wafer run to as low as 5-10% of the initial price. The company also plans to introduce a prototype for its Vision SoC within the next 18 months. Trust is fundamental when manufacturing chips abroad, but it is also a major vulnerability in the supply chain.
While foundries like TSMC assure clients that they will not misuse or replicate designs, the risk can never be completely eliminated. Two main risks arise from outsourcing semiconductor manufacturing: design theft and malicious tampering. Although design theft typically requires significant state-level resources, tampering might involve subtle issues, such as inserting backdoors or vulnerabilities into the chip design.
Shashwath pointed out that stealing chip designs is challenging and usually involves state actors due to the high level of expertise required. Despite guarantees from foundries like TSMC, the risk of tampering remains. This concern is addressed through rigorous verification processes, including non-functional verification, silicon validation, and extensive testing. A more nuanced risk is unauthorized modifications during the manufacturing process.
“Someone in the supply chain could potentially alter the design, compromising its security,” Shashwath noted. To counter this, companies must implement stringent verification processes, such as functional and non-functional tests, to ensure that the final product matches the original design and is free from tampering. “We can simulate power outputs and compare them with real-life measurements,” Shashwath emphasized, showcasing the detailed checks to ensure chip integrity.
Although no proven attacks at the silicon level have been reported, the possibility remains. “There are usually a few research papers each year discussing these potential vulnerabilities,” Shashwath highlighted, referring to ongoing research into theoretical risks.
Once a chip is manufactured, its One-Time Programmable (OTP) memory, which holds critical cryptographic keys, is not programmed until the packaging stage, introducing another layer of vulnerability. “If compromised, it could make the entire chip insecure,” Shashwath explained.
To address this, companies like Mindgrove Technologies employ strategies such as the ability to disable compromised keys through updates. “We have space for four root keys on the chip. If any key is known to be compromised, we can issue an OT update to disable that key,” Shashwath shared, demonstrating a proactive approach to managing potential threats.
In this complex environment, government regulations and industry standards play a crucial role. Indian agencies like the RBI, Ministry of External Affairs, or Ministry of Defense often set specific security requirements for chips used in sensitive applications. These measures aim to protect both the chip itself and the entire supply chain.
“The process of determining necessary regulations involves extensive consultation,” Shashwath said, acknowledging the collaborative effort needed across the industry. While companies like Mindgrove Technologies are at the forefront of securing their products, Shashwath recognizes that a broader industry consensus is essential. “The ecosystem needs to agree on security measures,” he said, reflecting the shared responsibility of all stakeholders in the semiconductor supply chain.
“All companies involved in chip design, whether they are Netrasemi, Sima, AMD, Intel, or Qualcomm, are concerned about these issues,” Shashwath noted. “When it arrives, it will be a great development. We hope to rely on a fully indigenous supply chain,” Shashwath remarked, expressing optimism about a more secure and self-sufficient semiconductor industry in India.”
However, he remains realistic about India’s current capabilities in the field. “We need to learn to walk before we can run and eventually fly,” Shashwath observed, emphasizing the importance of focusing on consumer electronics and smart devices before tackling more complex areas like supercomputing.
