IoT: Secure Every Device, from the Edge to the Core
The Internet of Things (IoT) is reshaping industries worldwide, embedding intelligence into everything from sensors and medical devices to vehicles, smart homes, and industrial infrastructure. But these connected systems also bring new security risks, particularly physical attacks that can extract keys, alter behavior, or steal valuable intellectual property.
FortifyIQ delivers software and hardware-based cryptography protection that helps secure IoT systems at all levels, while retaining excellent power, performance, and area.
IoT Security-Related Challenges
IoT deployments face a unique combination of security requirements, specific demands for IoT, constraints, and threats:
Physical Accessibility
Devices are often deployed in remote or uncontrolled environments, making them vulnerable to side-channel and fault injection attacks.
Ultra-Low Power Requirements
Many IoT devices must operate with minimal energy usage, limiting the feasibility of traditional protections.
Legacy Devices in the Field
Deployed devices with no hardware upgrade path still need to meet modern security standards.
Moving AI at the Edge
AI models are increasingly deployed locally and are susceptible to theft or manipulation via physical attacks. You must protect your clients’ assets.
Post-Quantum
Readiness
To stay future-proof, IoT systems need quantum-resistant cryptography (PQC) that can be deployed now.
Rising Security Compliance Demands
IoT device makers must meet standards like SESIP, EN 303 645, IEC 62443, CRA, RED, and UN R155/R156, even with limited resources.
Why FortifyIQ ?
FortifyIQ offers complete cryptographic protection for IoT systems (hardware and software implementations), with unmatched resistance to side-channel analysis (SCA) and fault injection attacks (FIA).
FIPS 140-3 and SESIP at all levels, and Common Criteria AVA_VAN.1-5 compliant
These international standards certify resistance to physical attacks:
- FIPS 140-3 – U.S. standard for cryptographic modules (used in government, finance, and defense).
- Common Criteria – Global framework for evaluating IT security (e.g., AVA_VAN testing).
- SESIP – Modern certification for IoT and embedded systems, aligned with global regulations.
FortifyIQ’s hardened IP meets the highest certification standards, ensuring immunity to advanced physical attacks—even on cost- and power-constrained devices.
High-performance, compliant, and secure software libraries: FortifyIQ’s crypto libraries deliver up to 900 Mbps on standard CPUs (e.g., 3.4 GHz laptop), with validated side-channel and fault injection resistance (TVLA on over 100K traces), cache attack protection, and secure OTA deployment. Designed to support compliance with FIPS 140-3, Common Criteria (AVA_VAN.5), and SESIP, all without requiring hardware changes.
Minimal power, area, and latency overhead in hardware, with power/performance/area (PPA) rivaling non-hardened crypto
SCA/FIA protection: Security across software, IP cores, and roots of trust, with solutions that integrate into secure subsystems.
AI Model Protection in hardware: Secure IP and on-the-fly-encryption against theft and tampering, powered by a fully hardened root of trust with FortifyIQ’s cryptography.
Technology-, implementation-, and foundry-agnostic: FortifyIQ’s cryptographic protection integrates into any IoT silicon platform, from legacy MCUs to advanced SoCs, with no dependency on process node, toolchain, or architecture.
Proven Security to Physical Attacks: FortifyIQ’s AES and HMAC SHA2 IP cores are based on academic, peer-reviewed articles, in which their security is proven. They are also proven effective in practice, delivering strong resistance to side-channel attacks. View hardened AES mathematical proof→
Comprehensive Pre- and Post-Silicon Validation: Each design undergoes thorough verification, including simulation with our advanced EDA tools, and FPGA-based evaluation, with in-silicon testing performed as appropriate. After release, when relevant, our IP cores are validated and/or certified by third-party labs, either as standalone blocks or integrated into complete secure chips.
EDA tools that identify vulnerabilities early. Before tape-out. They include comprehensive side-channel and fault injection testing.
Compliance support: our team can support you through the security certification process with specifications and documentation.
FortifyIQ helps IoT manufacturers meet cybersecurity standards for connected devices.
Full-spectrum cryptography: from traditional to post-quantum cryptography, we offer a wide choice of software and hardware IPs to match any market vertical requirements.
What FortifyIQ Provides
- SCA/FIA-Hardened Cryptographic soft macro IP and Software
FortifyIQ delivers AES, HMAC, and public-key cryptography (ECC, RSA, etc.) hardened against side-channel and fault injection attacks — validated through AVA_VAN.5 and aligned with FIPS 140-3 including Levels 3 and 4. Available as IP cores for secure hardware integration or as OTA-upgradable software for constrained devices lacking hardware protection. - Compact Roots of Trust for IoT Platforms
FortifyIQ provides minimal-latency, low-area RoTs that secure boot chains, firmware updates, and telemetry across edge and embedded IoT devices. These RoTs can be deployed as soft macros compatible with modern security enclaves like Caliptra and OpenTitan. - Certifiability & Security Documentation
All cryptographic implementations come with full documentation supporting certification under ETSI EN 303 645, NIST 8259-series, NIST SP 800-213, and NIST SP 800-82 where applicable. This includes test results from FortifyIQ’s proprietary EDA validation tools, formal mathematical security proofs (e.g., STORM, TI), and third-party lab validations from SGS Brightsight.
What You (the Customer) Must Address
Device Onboarding and Lifecycle Governance
You must define and enforce secure onboarding flows, identity provisioning, revocation, and lifecycle updates — including certificate handling and recovery procedures.Network & Platform-Level Security Integration
FortifyIQ covers cryptographic protections at the device level. Cloud, mesh, and gateway security integration — including end-to-end session management, telemetry filtering, and user data handling — remain your responsibility.Organizational Compliance & Monitoring
You are responsible for implementing policy frameworks and audit mechanisms aligned with ETSI EN 303 645, ISO 27001, and sector-specific data handling regulations. FortifyIQ provides the cryptographic foundation and validation evidence but does not cover organizational governance or incident response planning.
FortifyIQ Security Solutions for IoT
Pre- & Post-Silicon Validation Tools
For chip designers, FortifyIQ offers powerful EDA tools to test SCA and FIA resistance before and after manufacturing:
- SideChannel Studio and FaultInjection Studio simulate real-world physical attacks at the RTL level
- Pinpoint leakage at the gate level and resolve issues early in the design phase
- Save cost and time by eliminating vulnerabilities pre-silicon
- Assess the final security of the physical chip with the same integrated suite
Hardware Crypto IP Cores: Ultra-Efficient and Secure
When silicon-level performance and efficiency are critical:
- SCA and FIA-hardened crypto IP cores (AES, HMAC, SHA2, PKA, and PQC).
- Rivaling the Power/Performance/Area (PPA) of non-hardened (vanilla) crypto implementations in many scenarios.
- Drop-in compatible with SoCs, MCUs, MPUs, and embedded devices.
Software Crypto Libraries for Deployed, Legacy, and Cost-sensitive Devices
FortifyIQ software crypto for devices where hardware protection is not an option:
Hardened AES-256 and HMAC-SHA-512 implementations with resistance to side-channel and fault injection attacks, even on constrained MCUs and MPUs.
- Supports secure boot, firmware validation, message authentication, data encryption/decryption, and integrity checks for software updates and communication sessions.
- Performance: Up to 100 Mbps on a low-end legacy mobile CPU (ARM A64 @ 1.2 GHz), and up to 900 Mbps on a standard 3.4 GHz laptop — suitable for in-vehicle applications requiring real-time cryptography without dedicated hardware.
- Inherently post-quantum safe with AES-256 and HMAC-SHA-512.
- Regulatory compliance supported (e.g., FIPS 140-3 all levels, Common Criteria including AVA_VAN.5, SESIP Level 3) via OTA updates. No hardware modification needed.
- Successfully deployed at scale, including real-time UHD video decryption on legacy processors.
- Covers core cryptographic operations in devices lacking secure hardware accelerators.
Hardened Public Key (ECC, RSA, etc.) PK-SW: Public key operations in software for secure boot, signatures, key exchange, and license validation on devices without PKA hardware. Side-channel and fault injection resistant.
Where Asymmetric (ECC, RSA, etc.) and PQC Software Crypto Make Sense in IoT: FortifyIQ’s hardened software libraries for asymmetric and post-quantum cryptography are purpose-built for scenarios where security is critical but hardware support is lacking. (AES-256 and HMAC-SHA-512 already provide strong post-quantum resistance.). This is a practical upgrade path for legacy, cost-sensitive, and already-deployed IoT platforms that require certifiable cryptographic protection, without adding hardware.
Coming Soon: PQC Software, FortifyIQ’s Software-Based Post Quantum Cryptography for IoT
Post-quantum secure cryptographic library for secure boot and key exchange on hardware-limited devices. PQC ML-KEM (Kyber) and ML-DSA (Dilithium). Contact us for early access →
Root of Trust & Cryptobox IPs with PQC Support
When your design requires full lifecycle trust:
- FortifyIQ offers complete Roots of Trust, compatible with OpenTitan and Caliptra, featuring Cryptobox IPs with exceptional power, performance, and area (PPA) efficiency.
- Includes AES, HMAC, PKA, and Post-Quantum Cryptography (PQC), all protected against SCA and FIA.
- Built for extremely low power, minimal area, and fast performance; Ideal for IoT nodes and gateways.
- Protects AI models, cryptographic assets, and OTA updates at the system level.
Use Cases:
Securing Demanding IoT Deployments
FortifyIQ protects everything from simple sensors to AI-enabled systems:
Medical Devices
Secure patient data and protect clinical device integrity.
Smart Homes & Cities
Safeguard user data and edge intelligence from tampering.
Connected Vehicles
Prevent unauthorized modification of ECUs and ADAS systems; protect data and assets in Software Defined Vehicles (SDV).
Industrial & Utility Systems
Protect smart meters, grid controllers, and remote sensors.
Consumer Electronics
Offer robust Digital Rights Management (DRM), even on low-end devices.
Edge AI
Prevent AI model theft and tampering, ensure IP integrity, safe inference, and monetization potential.
Validated, Future-Proofed,
Silicon Proven
FortifyIQ is your unique security partner to help you:
Meet security standards: FIPS 140-3 at all levels, Common Criteria at all levels, including AVA_VAN.5, and industry-specific regulations
Secure AI and post-quantum workloads with full-featured roots of trust
Maintain performance and battery life with significantly lower power consumption than unhardened AES in many IoT scenarios
Protect both new designs and legacy deployments
Simply and Efficiently Solve Your IoT Security and Compliance
Whether you’re building a secure SoC or updating deployed systems via software, FortifyIQ gives you the tools to protect against real-world physical threats, without added complexity or overhead.