Quantum-driven device fingerprinting beats all attempted side-channel attacks at independent test house
LONDON -- June 29, 2021 — Crypto Quantique, a specialist in quantum-driven cybersecurity for the internet of things (IoT), has announced independent verification that its CMOS semiconductor IP for second-generation, physically unclonable functions (PUFs) is immune to side-channel attacks when used to create unique, immutable and unforgeable fingerprints for CMOS chips. A 3-month study was conducted by eShard, an independent cybersecurity testing house. “Our security analyst probed near-field electromagnetic emissions over the Crypto Quantique test chip and concluded that with respect to the QDID analog IP, the product shows resistance to high attack potential required for EAL4+ certification”, eShard’s CEO, Hugues Thiebeauld, stated. Evaluation Assurance Level (EAL) is assigned to a product or system after a Common Criteria security evaluation.
The company’s PUF, called QDID, measures minute quantum tunnelling currents making it more robust than other chip security technologies, many of which are susceptible to side-channel attacks.
Side-channel attacks exploit key-dependent variables to extract bit values. For example, if a cell consumes more power when settling at a 1 state than at a 0, measuring the difference can reveal identity and cryptographic key secrets within the semiconductor. Technologies exist to mitigate this problem, but they can be prohibitively expensive to deploy. QDID eliminates the problem, offering semiconductor manufacturers a simpler, lower-cost route to meeting the most demanding IoT device security requirements and enabling them to achieve EAL4+ security for their devices without expensive additional measures.
QDID fingerprints are random numbers, or seeds, that are used to produce device identities and cryptographic keys on demand. The identities and keys together form a hardware root-of-trust (RoT) for the chip or device in which it is used, which is a cornerstone of IoT device security.
QDID IP produces 64 x 64 arrays of cells, each cell consisting of two transistors. The technology then exploits the quantum tunnelling that occurs through the CMOS oxide layer. Electrons propagate through this layer to varying degrees, depending on its thickness and the atomic structure at particular points. Variations in these physical characteristics are completely random and unavoidable in manufacturing. The currents involved are in the order of femtoamps (10-15 amps), or a few tens of electrons. QDID accurately measures these electron flows to generate random 1s or 0s based on readings of adjacent cells.
Crypto Quantique’s CEO, Shahram Mossayebi, said, “Side-channel attacks on device identities and cryptography keys are the biggest threat to the security of IoT edge devices. This evaluation has demonstrated independently that the semiconductors at the heart of IoT devices can be designed to achieve EAL4+ security easily and at low cost by using quantum-driven entropy to generate secure identities and cryptographic keys. All of these truly random numbers are generated on demand and do not need to be stored, eliminating a significant security weakness of key injection.”
About Crypto Quantique
Crypto Quantique has created the world’s most secure end-to-end IoT security platform. At its heart is the world’s first quantum-driven semiconductor hardware IP, called QDID, that generates multiple, unique, unforgeable cryptographic keys for devices manufactured using standard CMOS processes. The keys do not need to be stored and can be used independently by multiple applications on demand. When combined with cryptographic APIs from the company’s universal IoT security platform, QuarkLink, the solution creates a secure bridge between silicon, device, software, and solutions provider.
The company, which is based in London, UK, was co-founded by Dr Shahram Mossayebi (CEO), an expert in cryptosystems, and Dr Patrick Camilleri (VP Research & Innovation), a semiconductor designer with significant experience in complex parallel computer systems.
For more information visit: www.cryptoquantique.com.
eShard is an ambitious company, expert in chips and embedded software security. Since 2015, the company has developed internationally in Europe, North America and Asia, supporting around forty major companies such as STMicroelectronics, Thales, V-Key Visa, etc. Working for the defense and aerospace, finance, high-tech, health and semiconductor industries, the company helps its customers to face complex challenges related to cybersecurity (protection of data, transactions, intellectual property), thanks to cutting edge software suites. These are turnkey solutions to test the resistance of chips, embedded software and mobile applications against intrusions, during their lifecycle.
Their main office is in Bordeaux, France, and has offices in Marseille and Singapore and counts around 30 experts.
For more information visit: www.eshard.com.