SideChannel Studio and FaultInjection Studio allow chip designers to address security vulnerabilities before manufacturing
NEWTON, MA – September 30, 2021 – There is a lot of secret data around us, some less valuable and some more valuable. The most valuable secrets, such as cryptographic keys, should be given the best possible protection – and that protection starts in hardware, rather than in software. This is where FortifyIQ, the leader in pre-silicon security verification solutions, comes in. With FortifyIQ solutions, the entire security verification cycle is performed at the pre-silicon stage, avoiding the expensive and time-consuming process of analyzing and correcting security vulnerabilities with a manufactured device, as well as potential re-spins and schedule delays.
“We see that addressing hardware security vulnerabilities is now a major challenge for our customers,” stated Alexander Kesler, CEO, FortifyIQ. “Financial losses from security breaches can be staggering. FortifyIQ is delivering unique and innovative solutions that enable security verification in the pre-silicon stage, enabling design teams to build in security countermeasures as part of their design process.”
There are two main forms of attacks that are targeting hardware: Side-channel attacks (SCA) and fault injection attacks (FIA). With SCAs, the cybercriminal measures some physical characteristics (power consumption, electromagnetic emission, etc.) when an operation involving the secret key is performed by the chip. Then, the attacker analyzes the acquired measurements in order to determine the secret key value, while leaving no trace of the information being stolen. FIAs are cheap, practical, and very dangerous. Here, the attacker causes faults in chip operation (e.g. by increasing power supply voltage) and then analyzes and compares the faulty behavior with the normal behavior to determine the value of the secret key.
Awareness of these attacks is growing. Two widely used certification standards – National Institute of Standards and Technology, or NIST (USA) and Common Criteria (Europe) require robust security countermeasures against these attacks. In order to protect secrets in hardware and avoid financial losses caused by security breaches, it is essential to plan and implement defenses against both side-channel and fault injection attacks at the very early design stages, well before chip manufacturing. FortifyIQ’s SideChannel Studio and FaultInjection Studio make it possible to perform security verification during the chip design process, in the same way as functional verification.
SideChannel Studio and FaultInjection Studio support industry-standard design data formats and can be readily integrated into an existing design flow. SideChannel Studio simulates side-channel leakage and produces simulated traces in the same formats real scopes use for traces, while FaultInjection Studio performs a special-purpose fault simulation. Using the simulation output, SideChannel Studio and FaultInjection Studio then perform the same tests that certification labs perform, mount the same attacks that certification labs mount, and check whether there are any signs of leakage. Furthermore, for U.S. government projects as well as many private organization projects, compliance with the NIST cryptography certification FIPS 140-3 is required. Using SideChannel Studio in the pre-silicon stage, designers can be certain the device will pass the Test Vector Leakage Assessment (TVLA) tests necessary for the NIST certification.
FortifyIQ’s mission is to enable maximum protection of hardware against side-channel and fault-injection attacks. FortifyIQ has developed a pre-silicon security verification toolset built to test hardware designs against Differential Power Analysis and Fault Injection attacks, as well as side-channel attack-resistant IP Cores. Founded in Newton, MA in 2019, FortifyIQ is privately funded. For more information visit https://www.fortifyiq.com/