Technology

The ultra-secure CryptoArchitecture^TM technology is based on the fine control of all software and hardware processes involved in the secure computation of critical algorithms or in the storage of sensitive information. Thanks to the tight integration of traditional software tools with new ones developed by Forware, every single bit, instruction or logic gate is automatically checked and adapted to prevent a growing list of integrity threats.

Crypto-architecture^TM

CryptoArchitecture

CryptoArchitecture^TM technology extends and automates regular co-development processes for CPU and FPGA based environments. Those typically consist of the following stages:

Development with CPUs: compile, link and program (or execute).
Development with FPGAs: compile, synthesize, layout and program.
Co-Development: allocation of tasks and resources, inter-communication.

At every stage, CryptoArchitecture^TM libraries and tools extensions take care of security issues that might pose a risk to the integrity of the algorithms and data. Once they are protected and programmed in a CryptoArchitecture^TM device, the security is propagated to the untrusted platforms where the device is embedded or attached.

The Challenge

The industry knows many ways to protect all types of digital contents and processes. Techniques might be divided into 2 categories: those that rely on software security procedures running on generic CPUs, and those that place those procedures in more or less secure hardware devices like smart cards with encryption engines.

Thanks to those methods we can reliably establish point-to-point communications using SSL, sign documents with a unique digital signature, or hide important data inside encrypted folders or flash units.

However, current techniques were not effective in those cases where the integrity of the system is compromised. If someone gains access to a compromised computer, he can install a keylogger and record all typed passwords, or steal all digital certificates and use them to impersonate the victim. Even when hardware encryption engines are in place, there is a number of well known attacks which are not necessarily expensive or time consuming. Some of them are: time and power analysis, fault injection via the manipulation of input signals and power, data remanence exploits on volatile and non-volatile memories (where encryption keys are stored), optical analysis and microprobing with FIB microscopy or induced electro-magnetical interference.

In general, any security procedure running on a generic CPU is more exposed to attacks than those running on specialized hardware platforms. Generic CPUs are well known, and there are plenty of tools that developers legally use to debug or somehow enhance their programs: dissasemblers, debuggers, re-factoring tools, data and control flow analyzers, parsers, loggers, watermarkers, etc. Unfortunately, those tools are also used by hackers to reverse engineer and tamper the security procedures for their own benefit.

In contrast, reverse engineering the hardware requires some tools that are not widely available: oscilloscopes, power supply stations, logic analyzers, probes, spectrum analyzers, FIB microscopes, chemicals, etc. Those tools are easily accesible in most electronics labs, as they are legally used by designers, OEMs and manufacturers of semiconductor products. Some companies offer reverse engineering services, including advice, tuition, rental of equipment or turn-key projects.

Even when specialized security hardware adds some tamper-proof measures, like glitch, power and UV sensors, the design and layout of the circuitry remains as the most important factor in order to build a truly reliable device, capable of addressing the main challenge: assurance of the integrity of platforms running hardware or software procedures for the use or treatment of information.

Crypto-architecture^TM solution

CryptoArchitecture^TM aids engineers in charge of the implementation of security in software and hardware platforms:

Pre-built libraries provide proven and reliable means to perform common security tasks, such as encryption/decryption, random number generation, hashing or real-time measurements.

Compiler extensions allow designers to input their security procedures using high-level programming languages like C. The code is automatically translated, analyzed and optimized into a hardware representation. During the analysis phase, care is taken on algorithm-specific security issues such as asymetric control-flow timing or predictable power consumption. Algorithm-specific security flaws are corrected or warned at this level.

Synthesizer extensions allow the automation of the complex and error prone operations at the synthesis stage of a hardware design. The extension controls the options passed to the synthetizer, the constraints that may impact the security such as multi-cycle or false paths, the insertion of hardware cores that sense and affect the timing and power consumption, the back-annotation of results and other features that make the whole process straightforward.

Layout extensions automate the integration of compilers and synthesizers with FPGA vendor's toolchain. At this stage, the extensions take care of the placement of logic primitives in the FPGA and the fine tuning of timing and power consumption. Those factors, when controlled from the perspective of security, have the ability to prevent threats like differential power analysis, microscopy or fault injection.

Programming extensions encrypt the programming files (executable files and bitstreams) and store the encryption keys in the CPUs and FPGAs. This is useful in those cases where the programming files must be transferred via insecure channels, or when they must temporarily reside in an untrusted host, which is a common scenario in most devices requiring firmware or run-time updates. Programming extensions also automate the management of encryption groups: dividing the demography of devices into small groups with different keys, thus reducing the potential effectivity of brute-force attacks against encryption algorithms.

LICENSING POLICIES

CryptoArchitecture^TM technology is licensed to Forware partners in a project basis. Partners will get support and all needed resources to successfully integrate the technology in their products.

As an alternative, you can always use Token Scout products that already include the CryptoArchitecture^TM technology inside. Token Scout hardware is delivered as a standard USB peripheral. It shortens the development cycle of products that need security and do not have restrictive requirements in terms of communication interfaces, capacity or performance.

QUICKS SPECS

Security enhancement for devices, applications documents.
Integrity assurance for procedures and sensitive data.
Automation of developement and management tasks.