Contact Us

INSIGHTS

Hardware Security Attacks - A Clear and Present Danger

Discover various challenges in the design and verification of silicon security now! You will learn what FortifyIQ can offer you to resolve these challenges and save you costs in time and security design.

Watch Now
All Explanatory Videos

Conference Papers:

First Full-Fledged Side Channel Attack on HMAC-SHA-2

FortifyIQ presents a novel practical template attack on HMAC-SHA-2 intended primarily against its implementations in hardware.
Start Reading

Redundancy AES Masking Basis for Attack Mitigation (RAMBAM)

FortifyIQ presents RAMBAM - a novel concept of designing countermeasures against side-channel attacks and the Statistical Ineffective Fault Attack (specifically SIFA-1) on AES that employs redundant representations of finite field elements.
Start Reading

STORM— Small Table Oriented Redundancy-based SCA Mitigation for AES

In this study, we introduce a scheme, denoted STORM, that synergizes RAMBAM’s methodology with the utilization of look-up-tables (LUTs) in memory (ROM/RAM) in a redundant domain.

New:

STORM— Small Table Oriented Redundancy-based SCA Mitigation for AES

STORM effectively solves the long-standing challenge of combining high security against SCA with low gate count and high performance for AES implementations by offering a different tradeoff (memory utilization) that may be preferable to RAMBAM in many practical cases. Unlike RAMBAM for which it is experimentally shown that the
leakage rapidly decreases as redundancy grows, but lacks a security proof (though the intuition behind this is explained), STORM has proven security. For applications with limited resources (e.g., IoT devices) STORM can be configured with a relatively small amount of SRAM, starting from 4 KB. For applications that require high performance (e.g., servers with intensive encrypted communications) the SRAM size is typically not a limiting factor, and the various advantages of STORM compared to other solutions are quite significant.

Start Reading

Carry-based Differential Power Analysis (CDPA) and its Application to Attacking HMAC-SHA-2

FortifyIQ provides full mathematical analysis of the method and shows that, under certain assumptions and with a sufficient amount of traces, any key can be revealed. In the experimental part of the paper, FortifyIQ demonstrates a successful application of the attack both in software simulation and on an FPGA board using power consumption measurements.

Presented at the CHES 2023 conference

Carry-based Differential Power Analysis (CDPA) and its Application to Attacking HMAC-SHA-2

In this paper, FortifyIQ introduces Carry-based Differential Power Analysis (CDPA), a novel methodology that allows for attacking schemes involving arithmetical addition. This methodology is applied to what is believed to be the first published full-fledged attack on HMAC-SHA-2 which does not require a profiling stage.

Start Reading

Whitepapers:

All FortiCrypt products (including the FortiCrypt SW library) are based on RAMBAM — the next-generation purely algorithmic, implementation-agnostic protection scheme of AES. They provide ultra-high level protection against side-channel attacks (SCA) and fault injection attacks (FIA), including SIFA. Uniquely in the market, this is done without compromising high performance, low latency, and low gate count.

Of the various kinds of side-channel attacks, Differential Power Analysis (DPA) is the cheapest to deploy with potentially the highest amount of damage to the manufacturer.

What can be done to protect IoT devices from such attacks?
Discover a new approach to developing protection for smart cards against Differential Power Analysis (DPA) attacks, allowing manufacturers to cut protection costs and save time during development.
Discover a new approach to developing protection for smart cards against DEMA attacks, allowing manufacturers to cut protection costs and save time during development.
FortifyIQ offers a complete suite of solutions for DPA, SPA and FI detection, analysis, and recommendations for protecting your microchips and products from successful DPA and FI attacks.

© 2025 FortifyIQ, Inc.