Crypto Quantique, a hardware based cyber security solutions provider for the IoT announced that its CMOS semiconductor IP for second generation, physically unclonable functions (pUFs) has independently verified to be immune to side-channel attacks, when used to create unique, immutable and unforgeable fingerprints for CMOS chips. The findings were the result of a three months study conducted by independent cybersecurity testing house eShard.
“Our security analyst probed near-field electromagnetic emissions over the Crypto Quantique test chip and concluded that with respect to the QDID analog IP, the product shows resistance to high attack potential required for EAL4+ certification”, said eShards CEO, Hugues Thiebeauld in a press statement. Evaluation Assurance Level (EAL) is assigned to a product or system after a Common Criteria security evaluation.
The company’s PUF, called QDID will measure minute quantum tunnelling currents making it robust than other chip security technologies that are susceptible to side-channel attacks.
The company noted side-channel attacks exploit key-dependent variables to extract bit values. For example, if a cell consumes more power when settling at a 1 state than at a 0, measuring the difference can reveal identity and cryptographic key secrets within the semiconductor.
While the existing technologies are expensive to deploy, QDID eliminates the problem, offering semiconductor manufacturers a simpler, lower-cost route to meeting the most demanding IoT device security requirements and enabling them to achieve EAL4+ security for their devices.
QDID fingerprints are random numbers, or seeds, that are used to produce device identities and cryptographic keys on demand. The identities and keys together form a hardware root-of-trust (RoT) for the chip or device in which it is used, which is a cornerstone of IoT device security.
QDID IP produces 64 x 64 arrays of cells, each cell consisting of two transistors. The technology then exploits the quantum tunnelling that occurs through the CMOS oxide layer. Electrons propagate through this layer to varying degrees, depending on its thickness and the atomic structure at particular points. Variations in these physical characteristics are completely random and unavoidable in manufacturing. The currents involved are in the order of femtoamps (10-15 amps), or a few tens of electrons. QDID accurately measures these electron flows to generate random 1s or 0s based on readings of adjacent cells.
Crypto Quantiques CEO, Shahram Mossayebi, said, “Side-channel attacks on device identities and cryptography keys are the biggest threat to the security of IoT edge devices. This evaluation has demonstrated independently that the semiconductors at the heart of IoT devices can be designed to achieve EAL4+ security easily and at low cost by using quantum-driven entropy to generate secure identities and cryptographic keys. All of these truly random numbers are generated on demand and do not need to be stored, eliminating a significant security weakness of key injection.”