Independent Testing Shows Quantum Tunneling Protects Against All Known IoT Attacks

July 02, 2021

Blog

Quantum-driven device fingerprinting beats all attempted side-channel attacks at independent test house

Einstein studied the beginnings of quantum physics and at the time, in 1935, thought, “no reasonable notion of reality could be expected to permit this.” Almost a century later, and quantum physics has led us to the super speed of quantum computing and to be more specific, quantum tunneling.

Quantum tunneling is the ability of quantum particles to cross a barrier without seeming to have passed through it. Quantum tunneling enables quantum computers to complete tasks simpler computers just cannot.

Why is this important? Heisenberg’s Uncertainty Principle states that when one is dealing with quantum particles, the particles appear to be non-existent or in multiple spaces at the same time. And that can have a direct impact on the security of today’s IoT devices – and in particular, IoT device identities.

Stopping Side-Channel Attacks with Physics

Shahram Mossayebi, Crypto Quantique’s CEO, believes, “Side-channel attacks on device identities and cryptography keys are the biggest threat to the security of IoT edge devices.

When dealing with computers and security, quantum tunneling means there is no identified pattern of where the particles will be, giving hackers no side channel to attack. Crypto Quantique uses quantum-driven identities (QDIDs) in their physically unclonable functions (PUFs) – pieces of semiconductor IP that leverage quantum tunneling to produce unique device identities and cryptographic keys. Together, these unique identities and keys form a hardware root-of-trust (hRoT) that has been verified secure up to Common Criteria Evaluation Assurance Level (EAL) 4+.

In other words, the quantum-based true random number generator provides a “digital fingerprint” that essentially cannot be replicated or hacked. As Mossayebi stated, “All of these truly random numbers are generated on demand and do not need to be stored, eliminating a significant security weakness of key injection.”

The Cellular Composition of Quantum Security

Crytpo Quantique’s QDID IP consists of a 64 x 64 array of cells, with each cell containing two transistors. The technology then uses quantum tunneling through the CMOS oxide layer. Electrons circulate through this layer to varying degrees.

Figure 1. Compared to traditional methods, quantum tunneling allows electrons to pass through CMOS oxide to limit the effectiveness of attacks like differential power analysis (DPA). (Source: Sifted)

The currents involved are in the order of femtoamps (10-15 amps), or a few tens of electrons, which the QDID measures these electron flows to generate random 1s or 0s based on the readings of adjacent cells.

To prove its security attained the aforementioned EAL 4+, Crypto Quantique contracted eShard, an independent security consulting agency and penetration testing firm, who verified that the QDID CMOS semiconductor IP is impervious to side-channel attacks. The three-month eShard study attempted to hack it, looking for ways to explore “sensitive assets that an adversary may look for and the related attack scenarios.”

According to eShard’s CEO, “Our security analyst probed near-field electromagnetic emissions over the Crypto Quantique test chip and concluded that with respect to the QDID analog IP, the product shows resistance to high attack potential required for EAL4+ certification”.Beyond individual device identity safeguards and hack protection, the Crypto Quantique technology can be deployed as the basis of secure IoT supply chains.

Figure 2. When paired with Crypto Quantique’s QuarkLink technology, QDID can be used to secure entire IoT supply chains from manufacture through deployment and EOL.

For more information, visit Crypto Quantique online at https://www.cryptoquantique.com/products/qdid/, while more on eShard’s security testing efforts can be read about in their blog.