FortifyIQ delivers security IP with measurable, verifiable, and repeatable assurance.
The tools can both generate traces in simulation and analyze traces captured from a physical oscilloscope. This enables us to identify leakage at the gate level, confirm resilience against active attacks, and provide assurance long before deployment, whether in silicon or in software-only environments.
Massive trace acquisition at exceptional speed, scaling from single-core to multi-core and multi-machine setups, supports security validation with traces well beyond the amount required for FIPS 140-3 and Common Criteria.
Our validation covers all known categories of physical attacks, actively testing resilience besides checking for leakage:
These ensure resilience against both overt and stealthy fault attacks, which could otherwise compromise keys or intermediate secrets without triggering detectable errors.
FortifyIQ backs its claims with measurable results:
validated with 100 million measurements, tested against the known HMAC hardware attacks with no information leakage.
validated in silicon with both side-channel and fault-injection testing.
These results exceed the requirements of Common Criteria AVA_VAN.5, SESIP (level 5) and FIPS 140-3 Levels 3 and 4.
Features a formal security proof of side-channel security. Validated against 15 million measurements with no leakage, and silicon tested.
Uses a patented variant of the Threshold Implementation paradigm, mathematically proven to resist all known side-channel attacks on HMAC in hardware. Validated with 100 million traces.
FortifyIQ delivers hardware IPs as soft macros and software IPs with hundreds of configuration options for fine-tuning of performance, power, area, and redundancy (security parameter level). Because no single certification can represent every configuration, we certified AES RAMBAM, our core algorithmic protection, (which is the most difficult element to validate), to the highest level (AVA_VAN.5). Our products all meet this security level.
Quoting from SGS Brightsight Laboratory’s AVA_VAN.5 validation of our core algorithm:
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own.”
Our protections are purely algorithmic, thus implementation-agnostic, avoiding the pitfalls of manual countermeasure integration. As long as our simple integration guidelines are followed, there will be consistent, high-assurance protection across all configurations.
FortifyIQ aligns its validation methods with FIPS 140-3 and Common Criteria, and supports customers with:
Documentation packages
including validation data and academic references.
Independent validation reports, such as SGS Brightsight’s AES certification.
Security foundations
based on mathematical articles and security proofs, providing a unique basis for high-assurance certification.
Support
from design to certification, as a security partner, to help customers achieve their targeted certification.
This combination streamlines the customer’s certification process, reducing risk, cost, and time to market.
FortifyIQ provides transparent and thorough security assurance
This approach ensures that FortifyIQ IP delivers high-assurance protection across all devices, from legacy embedded systems to advanced cloud platforms.
