Silicon cybersecurity technology developed by Crypto Quantique in London has been verified for security by a French consultancy.
e-shard, based in Bordeaux, assessed the second generation of the quantum-tunnelling CMOS design for producing physically unclonable functions (PUFs). The analysis showed the design is immune to side-channel attacks when used to create unforgeable fingerprints for CMOS chips usind in the Internet of Things (IoT).
“Our security analyst probed near-field electromagnetic emissions over the Crypto Quantique test chip and concluded that with respect to the QDID analogue IP, the product shows resistance to high attack potential required for EAL4+ certification”, said Hugues Thiebeauld, CEO of eShard. Evaluation Assurance Level (EAL) is assigned to a product or system after a Common Criteria security evaluation.
The company’s PUF, called QDID, measures minute quantum tunnelling currents making it more robust than other chip security technologies, many of which are susceptible to side-channel attacks that measure the minute differences in power consumption between 1s and 0s.
- CEO interview: Quantum security for the real world
- First full side channel attack on encryption engine
- Intel chips vulnerable to power side channel attack
“Side-channel attacks on device identities and cryptography keys are the biggest threat to the security of IoT edge devices,” said Shahram Mossayebi, CEO of Crypto Quantique. “This evaluation has demonstrated independently that the semiconductors at the heart of IoT devices can be designed to achieve EAL4+ security easily and at low cost by using quantum-driven entropy to generate secure identities and cryptographic keys. All of these truly random numbers are generated on demand and do not need to be stored, eliminating a significant security weakness of key injection.”
Technologies exist to mitigate this problem, but they can be expensive to deploy. The QDID design eliminates the problem, offering semiconductor manufacturers a simpler, lower-cost route to meeting the most demanding IoT device security requirements and enabling them to achieve EAL4+ security for their devices without expensive additional measures.
The QDID fingerprints are random numbers, or seeds, that are used to produce device identities and cryptographic keys on demand. The identities and keys together form a hardware root-of-trust (RoT) for the chip.
QDID IP produces 64 x 64 arrays of cells, each cell consisting of two transistors. The technology then exploits the quantum tunnelling that occurs through the CMOS oxide layer. Electrons propagate through this layer to varying degrees, depending on its thickness and the atomic structure at particular points. Variations in these physical characteristics are completely random and unavoidable in manufacturing. The currents involved are in the order of femtoamps (10-15 amps), or a few tens of electrons. QDID accurately measures these electron flows to generate random 1s or 0s based on readings of adjacent cells.
eShard has 30 security consultants and works with around forty major companies such as STMicroelectronics, Thales, V-Key and Visa.
- Crypto Quantique raises $8M to address IoT security
- Renesas adds quantum security to IoT microcontrollers
- Quantum security for semiconductor manufacturing
- Team attacks ARM TrustZone via power management software
Other articles on eeNews Europe