Contact Us

FortifyIQ Revolutionizes Hardware Security Analysis with Pre-silicon Security Verification

SideChannel Studio and FaultInjection Studio allow chip designers to address security vulnerabilities before manufacturing

NEWTON, MA – September 29, 2021 – There is a lot of secret data around us, some less valuable and some more valuable. The most valuable secrets, such as cryptographic keys, should be given the best possible protection – and that protection starts in hardware, rather than in software. This is where FortifyIQ, the leader in pre-silicon security verification solutions, comes in. With FortifyIQ solutions, the entire security verification cycle is performed at the pre-silicon stage, avoiding the expensive and time-consuming process of analyzing and correcting security vulnerabilities with a manufactured device, as well as potential re-spins and schedule delays.

“We see that addressing hardware security vulnerabilities is now a major challenge for our customers,” stated Alexander Kesler, CEO, FortifyIQ. “Financial losses from security breaches can be staggering. FortifyIQ is delivering unique and innovative solutions that enable security verification in the pre-silicon stage, enabling design teams to build in security countermeasures as part of their design process.”

There are two main forms of attacks that are targeting hardware: Side-channel attacks (SCA) and fault injection attacks (FIA). With SCAs, the cybercriminal measures some physical characteristics (power consumption, electromagnetic emission, etc.) when an operation involving the secret key is performed by the chip. Then, the attacker analyzes the acquired measurements in order to determine the secret key value, while leaving no trace of the information being stolen. FIAs are cheap, practical, and very dangerous. Here, the attacker causes faults in chip operation (e.g. by increasing power supply voltage) and then analyzes and compares the faulty behavior with the normal behavior to determine the value of the secret key.

Awareness of these attacks is growing. Two widely used certification standards – National Institute of Standards and Technology, or NIST (USA) and Common Criteria (Europe) require robust security countermeasures against these attacks. In order to protect secrets in hardware and avoid financial losses caused by security breaches, it is essential to plan and implement defenses against both side-channel and fault injection attacks at the very early design stages, well before chip manufacturing. FortifyIQ’s SideChannel Studio and FaultInjection Studio make it possible to perform security verification during the chip design process, in the same way as functional verification.

SideChannel Studio and FaultInjection Studio support industry-standard design data formats and can be readily integrated into an existing design flow. SideChannel Studio simulates side-channel leakage and produces simulated traces in the same formats real scopes use for traces, while FaultInjection Studio performs a special-purpose fault simulation. Using the simulation output, SideChannel Studio and FaultInjection Studio then perform the same tests that certification labs perform, mount the same attacks that certification labs mount, and check whether there are any signs of leakage. Furthermore, for U.S. government projects as well as many private organization projects, compliance with the NIST cryptography certification FIPS 140-3 is required. Using SideChannel Studio in the pre-silicon stage, designers can be certain the device will pass the Test Vector Leakage Assessment (TVLA) tests necessary for the NIST certification.

About FortifyIQ

FortifyIQ’s mission is to enable maximum protection of hardware against side-channel and fault-injection attacks. FortifyIQ has developed a pre-silicon security verification toolset built to test hardware designs against Differential Power Analysis and Fault Injection attacks, as well as side-channel attack-resistant IP Cores. Founded in Newton, MA in 2019, FortifyIQ is privately funded. For more information visit https://fortifyiq.com/

All references to FortifyIQ trademarks are the property of FortifyIQ. All other trademarks mentioned herein are the property of their respective owners.

Media Contact for FortifyIQ:

Michelle Clancy, Cayenne Global, +1.503.702.4732

michelle.clancy@cayennecom.com

FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details