Tools protect with pre-silicon security verification

Committed to cyber-protection starting in hardware, FortifyIQ offers SideChannel Studio and FaultInjection Studio to protect data and cryptographic keys at the pre-silicon design stage.  

“We see that addressing hardware security vulnerabilities is now a major challenge for our customers. Financial losses from security breaches can be staggering," says Alexander Kesler, CEO, FortifyIQ. Enabling security verification at the pre-silicon stage enables design teams to build in security countermeasures as part of their design process, avoiding the expensive and time-consuming process of analyzing and correcting security vulnerabilities with a manufactured device, as well as potential re-spins and schedule delays, he adds. 

There are two main forms of attacks that target hardware: side-channel attacks (SCA) and fault injection attacks (FIA). With SCAs, the cybercriminal measures some physical characteristics (e.g., power consumption or electromagnetic emission) when an operation involving the secret key is performed by the chip. Then, the attacker analyses the acquired measurements to determine the secret key value. This attack leaves no trace of the information being stolen. In FIAs, the attacker causes faults in chip operation (e.g., by increasing power supply voltage) and then analyses and compares the faulty and normal behaviours to determine the value of the secret key.  

It is essential to plan and implement defences against both forms of atttack early, well before chip manufacturing, the company advises. SideChannel Studio and FaultInjection Studio make it possible to perform security verification during the chip design process, in the same way as functional verification.

Both support industry-standard design data formats and can be integrated into an existing design flow. SideChannel Studio simulates side-channel leakage and produces simulated traces in the same formats real scopes use for traces. FaultInjection Studio performs a special-purpose fault simulation. Using the simulation output, SideChannel Studio and FaultInjection Studio perform the same tests and mount the same attacks that certification labs would and check whether there are any signs of leakage. Using SideChannel Studio in the pre-silicon stage, designers can be certain the device will pass the Test Vector Leakage Assessment (TVLA) tests necessary for the NIST certification.