Quantum semiconductor IP verified against IoT attacks

June 29, 2021 // By Nick Flaherty
Quantum semiconductor IP verified against IoT attacks
A quantum-tunnelling cybersecurity CMOS design from Crypto Quantique has been verified to EAL4+ against IoT attacks.

Silicon cybersecurity technology developed by Crypto Quantique in London has been verified for security by a French consultancy.

e-shard, based in Bordeaux, assessed the second generation of the quantum-tunnelling CMOS design for producing physically unclonable functions (PUFs). The analysis showed the design is immune to side-channel attacks when used to create unforgeable fingerprints for CMOS chips usind in the Internet of Things (IoT).

“Our security analyst probed near-field electromagnetic emissions over the Crypto Quantique test chip and concluded that with respect to the QDID analogue IP, the product shows resistance to high attack potential required for EAL4+ certification”, said Hugues Thiebeauld, CEO of eShard. Evaluation Assurance Level (EAL) is assigned to a product or system after a Common Criteria security evaluation.

The company’s PUF, called QDID, measures minute quantum tunnelling currents making it more robust than other chip security technologies, many of which are susceptible to side-channel attacks that measure the minute differences in power consumption between 1s and 0s.

“Side-channel attacks on device identities and cryptography keys are the biggest threat to the security of IoT edge devices,” said Shahram Mossayebi, CEO of Crypto Quantique. “This evaluation has demonstrated independently that the semiconductors at the heart of IoT devices can be designed to achieve EAL4+ security easily and at low cost by using quantum-driven entropy to generate secure identities and cryptographic keys. All of these truly random numbers are generated on demand and do not need to be stored, eliminating a significant security weakness of key injection.”

Technologies exist to mitigate this problem, but they can be expensive to deploy. The QDID design  eliminates the problem, offering semiconductor manufacturers a simpler, lower-cost route to meeting the most demanding IoT device security requirements and enabling them to achieve EAL4+ security for their devices without expensive additional measures.

The QDID fingerprints are random numbers, or seeds, that are used to produce device identities and cryptographic keys on demand. The identities and keys together form a hardware root-of-trust (RoT) for the chip.

QDID IP produces 64 x 64 arrays of cells, each cell consisting of two transistors. The technology then exploits the quantum tunnelling that occurs through the CMOS oxide layer. Electrons propagate through this layer to varying degrees, depending on its thickness and the atomic structure at particular points. Variations in these physical characteristics are completely random and unavoidable in manufacturing. The currents involved are in the order of femtoamps (10-15 amps), or a few tens of electrons. QDID accurately measures these electron flows to generate random 1s or 0s based on readings of adjacent cells.

eShard has 30 security consultants and works with around forty major companies such as STMicroelectronics, Thales, V-Key and Visa.

www.cryptoquantique.com; www.eshard.com

Related articles

Other articles on eeNews Europe


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.