CIO Influence
CIO Influence News Security

FortifyIQ Revolutionizes Hardware Security Analysis with Pre-silicon Security Verification

There is a lot of secret data around us, some less valuable and some more valuable. The most valuable secrets, such as cryptographic keys, should be given the best possible protection – and that protection starts in hardware, rather than in software. This is where FortifyIQ, the leader in pre-silicon security verification solutions, comes in. With FortifyIQ solutions, the entire security verification cycle is performed at the pre-silicon stage, avoiding the expensive and time-consuming process of analyzing and correcting security vulnerabilities with a manufactured device, as well as potential re-spins and schedule delays.

“We see that addressing hardware security vulnerabilities is now a major challenge for our customers,” stated Alexander Kesler, CEO, FortifyIQ. “Financial losses from security breaches can be staggering. FortifyIQ is delivering unique and innovative solutions that enable security verification in the pre-silicon stage, enabling design teams to build in security countermeasures as part of their design process.”

Top iTechnology Netwroking News: FireMon Extends Network Security Policy Management Leadership for Hybrid Cloud Environments

There are two main forms of attacks that are targeting hardware: Side-channel attacks (SCA) and fault injection attacks (FIA). With SCAs, the cybercriminal measures some physical characteristics (power consumption, electromagnetic emission, etc.) when an operation involving the secret key is performed by the chip. Then, the attacker analyzes the acquired measurements to determine the secret key value, while leaving no trace of the information being stolen. FIAs are c****, practical, and very dangerous. Here, the attacker causes faults in chip operation (e.g. by increasing power supply voltage) and then analyzes and compares the faulty behavior with the normal behavior to determine the value of the secret key.

Top Security News: Cloudflare Announces R2 Storage Rapid and Reliable S3-Compatible Object Storage Designed for the Edge

Awareness of these attacks is growing. Two widely used certification standards – National Institute of Standards and Technology, or NIST (USA) and Common Criteria (Europe) require robust security countermeasures against these attacks. In order to protect secrets in hardware and avoid financial losses caused by security breaches, it is essential to plan and implement defenses against both side-channel and fault injection attacks at the very early design stages, well before chip manufacturing. FortifyIQ’s SideChannel Studio and FaultInjection Studio make it possible to perform security verification during the chip design process, in the same way as functional verification.

SideChannel Studio and FaultInjection Studio support industry-standard design data formats and can be readily integrated into an existing design flow. SideChannel Studio simulates side-channel leakage and produces simulated traces in the same formats real scopes use for traces, while FaultInjection Studio performs a special-purpose fault simulation. Using the simulation output, SideChannel Studio and FaultInjection Studio then perform the same tests that certification labs perform, mount the same attacks that certification labs mount, and check whether there are any signs of leakage. Furthermore, for U.S. government projects as well as many private organization projects, compliance with the NIST cryptography certification FIPS 140-3 is required. Using SideChannel Studio in the pre-silicon stage, designers can be certain the device will pass the Test Vector Leakage Assessment (TVLA) tests necessary for the NIST certification.

Top IT and DevOps News: DevOps Institute Opens Upskilling IT 2022 Survey

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Leading Streaming Technology Vendors Join Forces to Offer Pre-Integration of Streaming Workflow with Edgio Managed Services

Business Wire

Alithya Partners with Zscaler to Bolster its Network Protection Offering

CIO Influence News Desk

mabl Expands Machine Learning Capabilities with Intelligent Wait

Leave a Comment