FortifyIQ

USA

Side-channel attacks are a major threat for hardware devices, including but not limited to:

 

  • Automotive
  • Medical devices
  • IoT processors and SoCs
  • Payment (POS Terminals, Smart Cards, ATMs)

 

Protection against these attacks is a major challenge. Even if a defense is designed, it is necessary to produce silicon and verify that it is indeed robust – and in many cases it is not. If that happens, after finding and fixing the program an additional production cycle is necessary, costing significant amounts of money and product delay time.

 

FortifyIQ is an award-winning startup perfecting the breakthrough methods of fighting vulnerabilities to side-channel attacks in hardware at the microchip design stage, pre-silicon. These attacks include Differential Power Analysis (DPA), Simple Power Analysis (SPA), Electromagnetic Emissions Analysis (EMEA), and Fault Injection Analysis (FIA).

 

For its comprehensive next-generation portfolio of tools, FortifyIQ received the Cybersecurity 1st place winner award from Milipol 2019.

 

FortifyIQ offers:

  • a novel software suite that makes it possible to assess and increase resistance to side-channel attacks at the pre-silicon stage, saving money and time;
  • IP Cores protected against side-channel attacks, designed using FortifyIQ patent-pending technology

Services

PowerIQ - Accurate Pre-Silicon Microchip Power Consumption Simulation

By checking resistance of your device to side-channel attacks at the pre-silicon stage, you can potentially save — in tapeout, masks, and fab run — millions of dollars and several months in your product development process.

 

PowerIQ is a proprietary revolutionary software suite with built-in patented mathematical modeling for power consumption simulation that replaces the need to physically measure the actual device’s power consumption. PowerIQ simulates power consumption traces from a cryptographic hardware device based on a standard textual representation of the device’s circuitry. The traces are subsequently used by the TraceIQ tool to assess resistance to side-channel attacks.

 

It is much faster and less expensive to use PowerIQ in the pre-silicon stage than to use an oscilloscope to obtain power consumption traces from the actual physical device after it is built.

TraceIQ - Side-Channel Attack Resistance Testing

In order to find out whether your device is vulnerable to side-channel attacks, we analyze its power consumption traces, and (in the case the device is vulnerable) we find the source of the information leakage, so you can fix it at the pre-silicon stage and repeat this development cycle until the design is not vulnerable anymore.

 

TraceIQ analyzes traces (either simulated traces produced by PowerIQ or traces measured on the actual device) and attempts to extract the secret key using various mathematical methods of trace analysis. In the case that TraceIQ succeeds to extract the key (which means that the device is vulnerable), it is possible to receive information about the leakage source, e.g. types and specific instances of leaky cells, exact timing of the leakage etc. In particular, TraceIQ can detect leakage caused by transient state transitions of gates in the middle of clock cycles (“glitches”).

IP Cores

Side-Channel Attack Protected AES Cores: AES-128, 192, and/or 256 Standards

FortifyIQ offers a set of secure, patented, proprietary IP cores that are already protected from side-channel attacks like DPA, SPA, and FI. These can be integrated into your SOCs (systems-on-chip).

 

FortifyIQ IP Core Advantages

Our IP Cores have unparalleled capabilities and functionality for FPGA, IC, ASIC, and SoC designers.

 

  • 4 times smaller than the leading industry solutions
  • Twice as fast as the leading industry solutions
  • Resistance to side-channel attacks is not affected by place-and-route
  • A single integrated approach replacing the combining of multiple protection methods
  • Similar protection level for hardware and software

 

Operation Modes and Architectures

Operation modes and architectures are listed below. Customers can order the Core with any combination of features and modes according to their needs, with FortifyIQ staff’s guidance.

 

  • Encoding and/or decoding modes
  • AES-128, 192 and/or 256 standards
  • ECB, CBC, CFB, CTR, GCM, CMAC, GMAC, XTS cipher modes
  • Pipelined or multi-cycle architecture
  • Choice of the number of S-boxes for multi-cycle architecture allowing adjustment of size/performance ratio of the Core
  • Single and burst (key-preserving) modes

 

AMBA Interfaces adopted for integration into SoCs

  • AXI
  • AHB
  • APB

 

Regardless of the interface, the Core has wide entropy input for effective key masking. The exact width is dependent on the configuration.

 

FortifyIQ is a U.S.-based company, and our products are based on the following NIST (National Institute of Standards and Technology, U.S. Department of Commerce, https://www.nist.gov) standards:

 

  1. FIPS 140-3, Security Requirements for Cryptographic Modules (https://csrc.nist.gov/publications/detail/fips/140/3/final)
  2. FIPS 198-1, The Keyed-Hash Message Authentication Code (HMAC) (https://csrc.nist.gov/publications/detail/fips/198/1/final)
  3. FIPS 197, Advanced Encryption Standard (AES) (https://csrc.nist.gov/publications/detail/fips/197/final)
  4. FIPS 180-4, Secure Hash Standard (SHS) (https://csrc.nist.gov/publications/detail/fips/180/4/final)