Contact Us

Internet of Things (IoT): Secure Every Device, from the Edge to the Core

The Internet of Things (IoT) is reshaping industries worldwide, embedding intelligence into everything from sensors and medical devices to vehicles, smart homes, and industrial infrastructure. But these connected systems also bring new security risks, particularly physical attacks that can extract keys, alter behavior, or steal valuable intellectual property.

FortifyIQ delivers software and hardware-based cryptography protection that helps secure IoT systems at all levels, while retaining excellent power, performance, and area.

IoT Security-Related Challenges

IoT deployments face a unique combination of security requirements, specific demands for IoT, constraints, and threats:

Physical Accessibility

Devices are often deployed in remote or uncontrolled environments, making them vulnerable to side-channel and fault injection attacks.

Ultra-Low Power Requirements

Many IoT devices must operate with minimal energy usage, limiting the feasibility of traditional protections.

Legacy Devices in the Field

Deployed devices with no hardware upgrade path still need to meet modern security standards.

Moving AI at the Edge

AI models are increasingly deployed locally and are susceptible to theft or manipulation via physical attacks. You must protect your clients’ assets.

Post-Quantum
Readiness

To stay future-proof, IoT systems need quantum-resistant cryptography (PQC) that can be deployed now.

Rising Security Compliance Demands

IoT device makers must meet standards like SESIP, EN 303 645, IEC 62443, CRA, RED, and UN R155/R156, even with limited resources.

Why FortifyIQ ?

FortifyIQ offers complete cryptographic protection for IoT systems (hardware and software implementations), with unmatched resistance to side-channel analysis (SCA) and fault injection attacks (FIA).

What are FIPS 140-3, Common Criteria, and SESIP?

These international standards certify resistance to physical attacks:

  • FIPS 140-3 – U.S. standard for cryptographic modules (used in government, finance, and defense).
  • Common Criteria – Global framework for evaluating IT security (e.g., AVA_VAN testing).
  • SESIP – Modern certification for IoT and embedded systems, aligned with global regulations.

FortifyIQ’s hardened IP meets the highest certification standards, ensuring immunity to advanced physical attacks, even on cost- and power-constrained devices.

High-performance, compliant, and secure software libraries: FortifyIQ’s crypto libraries deliver up to 900 Mbps on standard CPUs (e.g., 3.4 GHz laptop), with validated side-channel and fault injection resistance (TVLA on over 100K traces), cache attack protection, and secure OTA deployment. Designed to support compliance with FIPS 140-3, Common Criteria ( AVA_VAN.5 ), and SESIP, all without requiring hardware changes.

Minimal power, area, and latency overhead in hardware, with power/performance/area (PPA) rivaling non-hardened crypto.

SCA/FIA protection: Security across software, IP cores, and roots of trust, with solutions that integrate into secure subsystems.

AI Model Protection in hardware: Secure IP and on-the-fly-encryption against theft and tampering, powered by a fully hardened root of trust with FortifyIQ’s cryptography.

Technology-, implementation-, and foundry-agnostic: FortifyIQ’s cryptographic protection integrates into any IoT silicon platform, from legacy MCUs to advanced SoCs, with no dependency on process node, toolchain, or architecture.

Proven Security to Physical Attacks: FortifyIQ’s AES and HMAC SHA2 IP cores are based on academic, peer-reviewed articles, where their security is proven. They are also proven effective in practice, delivering strong resistance to side-channel attacks. View hardened AES mathematical proof

Comprehensive Pre- and Post-Silicon Validation: Each design undergoes thorough verification, including simulation with our advanced EDA tools, and FPGA-based evaluation, with in-silicon testing performed as appropriate. After release, when relevant, our IP cores are validated and/or certified by third-party labs, either as standalone blocks or integrated into complete secure chips.

EDA tools that identify vulnerabilities early, before tapeout. They include comprehensive side-channel and fault injection testing.

Full-spectrum cryptography: from traditional to post-quantum cryptography, we offer a wide choice of software and hardware IPs to match any market vertical requirements.

Compliance support: our team can support you through the security certification process with specifications and documentation.

What FortifyIQ Provides:

  • SCA/FIA-Hardened Cryptographic soft macro IP and Software

FortifyIQ delivers AES, HMAC, and public-key cryptography (ECC, RSA, etc.) hardened against side-channel and fault injection attacks validated through AVA_VAN.5 and aligned with FIPS 140-3, including Levels 3 and 4. Available as IP cores for secure hardware integration or as OTA-upgradable software for constrained devices lacking hardware protection.

 

  • Compact Roots of Trust for IoT Platforms

FortifyIQ provides minimal-latency, low-area RoTs that secure boot chains, firmware updates, and telemetry across edge and embedded IoT devices. These RoTs can be deployed as soft macros compatible with modern security enclaves like Caliptra and OpenTitan.

 

  • Certifiability & Security Documentation

All cryptographic implementations come with full documentation supporting certification under ETSI EN 303 645, NIST 8259-series, NIST SP 800-213, and NIST SP 800-82, where applicable. This includes test results from FortifyIQ’s proprietary EDA validation tools, formal mathematical security proofs (e.g., STORM, TI), and third-party lab validations from SGS Brightsight.

FortifyIQ Security Solutions for IoT

Pre- & Post-Silicon
Validation Tools

For chip designers, FortifyIQ offers powerful EDA tools to test SCA and FIA resistance before and after manufacturing:

  • SideChannel Studio and FaultInjection Studio simulate real-world physical attacks at the RTL level
  • The makefile and testbench are configured automatically.
  • Pinpoint side-channel leakage at the module or gate level, helping resolve issues early in the design phase
  • Save cost and time by eliminating vulnerabilities pre-silicon
  • Assess the final security of the physical chip with the same integrated suite

Hardware Crypto IP Cores:
Ultra-Efficient and Secure

When silicon-level performance and efficiency are critical:

  • SCA and FIA-hardened crypto IP cores (AES, HMAC, SHA2, PKA, and PQC).
  • Rivaling the Power/Performance/Area (PPA) of non-hardened (vanilla) crypto implementations in many scenarios.
  • Drop-in compatible with SoCs, MCUs, MPUs, and embedded devices.

Software Crypto Libraries for Deployed, Legacy, and Cost-sensitive Devices

FortifyIQ software crypto for devices where hardware protection is not an option:

  • Hardened AES-256 and HMAC-SHA-512 implementations with resistance to side-channel and fault injection attacks, even on constrained MCUs and MPUs.
  • Supports secure boot, firmware validation, message authentication, data encryption/decryption, and integrity checks for software updates and communication sessions.
  • Performance up to 100 Mbps on a low-end legacy mobile CPU (ARM A64 @ 1.2 GHz), and up to 900 Mbps on a standard 3.4 GHz laptop. Suitable for in-vehicle applications requiring real-time cryptography without dedicated hardware.
  • Inherently post-quantum safe with AES-256 and HMAC-SHA-512.
  • Regulatory compliance supported (e.g., FIPS 140-3 all levels, Common Criteria including AVA_VAN.5, SESIP Level 3) via OTA updates. No hardware modification needed.
  • Successfully deployed at scale, including real-time UHD video decryption on legacy processors.
  • Covers core cryptographic operations in devices lacking secure hardware accelerators.
  • Hardened Public Key (ECC, RSA, etc.) PK-SW: Public key operations in software for secure boot, signatures, key exchange, and license validation on devices without PKA hardware. Side-channel and fault injection resistant.
  • Post-quantum secure cryptographic library for secure boot and key exchange on hardware-limited devices. PQC ML-KEM (Kyber) and ML-DSA (Dilithium)

FortifyIQ’s hardened software libraries for asymmetric and post-quantum cryptography are purpose-built for scenarios where security is critical but hardware support is lacking (AES-256 and HMAC-SHA-512 already provide strong post-quantum resistance). This is a practical upgrade path for legacy, cost-sensitive, and already-deployed IoT platforms that require certifiable cryptographic protection, without adding hardware.

Root of Trust & Cryptobox IPs with PQC Support

When your design requires full lifecycle trust:

  • FortifyIQ offers complete Roots of Trust, compatible with OpenTitan and Caliptra, featuring Cryptobox IPs with exceptional power, performance, and area (PPA) efficiency.
  • Includes AES, HMAC, PKA, and Post-Quantum Cryptography (PQC), all protected against SCA and FIA.
  • Built for extremely low power, minimal area, and fast performance; Ideal for IoT nodes and gateways.
  • Protects AI models, cryptographic assets, and OTA updates at the system level.

Use Cases:
Securing Demanding
IoT Deployments

FortifyIQ protects everything from simple sensors to AI-enabled systems:

Medical Devices

Secure patient data and protect clinical device integrity.

Smart Homes & Cities

Safeguard user data and edge intelligence from tampering.

Connected Vehicles

Prevent unauthorized modification of ECUs and ADAS systems; protect data and assets in Software Defined Vehicles (SDV).

Industrial & Utility Systems

Protect smart meters, grid controllers, and remote sensors.

Consumer Electronics

Offer robust Digital Rights Management (DRM), even on low-end devices.

Edge AI

Prevent AI model theft and tampering, ensure IP integrity, safe inference, and monetization potential.

Validated, Future-Proofed, Silicon Proven

FortifyIQ is your unique security partner to help you:

  • Meet security standards: FIPS 140-3 at all levels, Common Criteria at all levels, including AVA_VAN.5, and industry-specific regulations
  • Secure AI and post-quantum workloads with full-featured roots of trust
  • Maintain performance and battery life with significantly lower power consumption than unhardened AES in many IoT scenarios
  • Protect both new designs and legacy deployments

Simply and Efficiently Solve Your
 IoT Security and Compliance

Whether you’re building a secure SoC or updating deployed systems via software, FortifyIQ gives you the tools to protect against real-world physical threats, without added complexity or overhead.

Contact Our
Experts
Fortify’s AES security evaluation by SGS

“Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”

” The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own.”

Request Technical Details