Advanced DPA- and FIA-resistant FortiMac HMAC SHA2 IP core

Overview

The HMAC-SHA2-DPA-FIA IP core belongs to the FortiMac product family. Like all the FortiMac product family members, this IP provides ultra-strong protection against SCA and FIA using a very low number of standard digital gates.

The underlying protection is purely algorithmic and implementation-agnostic. Resistance to attacks was validated analytically and on a physical device. The protection is based on the Threshold Implementation (TI) approach, the security of which has been proven.

Key Features

Configurable number of protected rounds
Passes the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces
Protected against fault injection attacks, including SIFA
Optional embedded internal PRNG for random masking
NIST FIPS 180-4 compliant
Supports SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 schemes
Auxiliary key port hidden from software
Configurable choice of interfaces

Bare cryptographic core
AMBA AXI or APB

Optional input data FIFO
External DMA support
Fully synthesizable

Benefits

Ultra-strong side-channel attack protection (at least 1B traces)
Protected against fault injection attacks including SIFA
Highest-level security verified both by FortifyIQ and by a third-party Common Criteria lab.
A purely digital solution, agnostic to the specific implementation (ASIC/FPGA, etc.)

Applications

IoT devices
Communications
Automotive
Secure internet protocols (SSL/TLS, IPSec)
Content protection (Set-Top Boxes, SoCs)
Virtual Private Networks (VPN)

Deliverables

Synthesizable Verilog RTL source code
Documentation
Testbench
SDC constraints for synthesis
Technical support and assistance

Technical Specifications

Availability

Now

Request Info