Immunity Cryptographic IP
Encrypt, decrypt and authenticate information
Instructions and data stored at rest and in transit are vulnerable to attack, introspection and modification. Idaho Scientific offers a suite of Immunity security / anti-tamper IP cores designed to help engineers protect embedded hardware and firmware.
Immunity IP Cores are offered in a number of security, performance, and interface configurations. The FPGA IP Cores encrypt, decrypt and authenticate information so that it cannot be exposed to anybody but the intended user. Crypto cores provide security for use cases including key generation/ exchange/ storage, digital signature, bulk encryption, packet encryption and message authentication.
Why Use Immunity Cores
- Lower Technical Risk – Simple integration, reference designs, and technical support from cleared U.S. engineers who specialize in Department of War (DOW) systems security
- Proven Performance – NIST certified, Government validated and operating in Programs of Record
- More Flexibility – Features configurable at compile and/or run-time
Used in FPGAs and ASICs on other Defense programs
NIST approved algorithms with proven side channel resistance
Performs encryption and decryption using the AES cipher
Simple to integrate, drag-and-drop design
Immunity-Advanced Encryption Standard (AES) IP Core
The Immunity-Advanced Encryption Standard (AES) IP Core performs encryption and decryption using the Advanced Encryption Standard (AES) cipher. Immunity-AES is compliant with the National Institute of Standards and Technology (NIST), Federal Information Processing Standards (FIPS)-197, Special Publication (SP) 800-38A, and SP 800-38D specifications. A command interface is provided to load keys and to set modes of operation. An AXI streaming interface is provided to give initialization vectors and data into the core. This interface is simple, easy to use, and is compatible with many third-party IP cores.
Immunity Products Side Channel Countermeasures
Immunity-AES configurations are offered with or without side channel countermeasures. Customers concerned with Simple Power Analysis (SPA), Differential Power Analysis (DPA), and other side channel analysis techniques should contact Idaho Scientific for a full product brief and information about SCA testing assessments. The countermeasure technology deployed within Immunity-AES has been licensed from Cryptography Research Incorporation (CRI), a division of Rambus. Customers who purchase Immunity- AES are provided with a sub-license to the relevant CRI technology allowing them to use and distribute Immunity-AES within their products.
Benefits |
Features |
Deliverables |
| Low Risk: Used in FPGAs and ASICs on other Defense programs, NIST approved algorithms with proven side channel resistance
Simple to Integrate: A drag-and-drop design delivered with reference designs and test benches using common interface IP.
Set and Forget, Simple Maintenance: No annual maintenance contracts, implementation of future updates are optional
Developed and supported by a trusted U.S. DOW supplier: Our team in the Mountain Time Zone answer emails, take phone calls and can travel to make sure your integration goes smoothly |
Performs encryption and decryption using the AES cipher
Robust countermeasures for Side Channel Attacks
Compliant with NIST, FIPS-197
Supports AES Key sizes: 128, 192, and 256 bits
Supports AES modes: GCM, CTR, ECB, and CBC
Easy to use command interface for loading keys and changing the mode of operation
Industry standard AMBA AXI4-Stream (AXIS) interfaces for initialization vectors,plaintext/ciphertext, and tag transfer
Includes simulation test bench to exercise supported NIST CAVP test vectors |
Xilinx IP_XACT Package
Product Documentation
Example Designs
Simulation Testbench
Technical Support and Maintenance Updates |
Immunity Chip2Chip
Benefits |
Features |
Deliverables |
| Low Risk: Used in FPGAs and ASICs on other Defense programs, NIST approved algorithms with proven side channel resistance
Simple to Integrate: A drag-and-drop design delivered with reference designs and test benches using common interface IP.
Set and Forget, Simple Maintenance: No annual maintenance contracts, implementation of future updates are optional
Developed and supported by a trusted U.S. DOW supplier: Our team in the Mountain Time Zone answer emails, take phone calls and can travel to make sure your integration goes smoothly |
Performs authenticated encryption and decryption using the AES-GCM cipher to secure Xilinx Chip2Chip links
Performance Optimizations including a pipelined design to minimize bandwidth impacts and cipher buffers to minimize latency impacts
Complies with NIST, FIPS-197 for encryption/decryption
Complies with NIST-SP800-38D for GCM authentication
Provides AXI4-Lite Configuration interface to configure and enable operation
Delivered in IP-XACT package for easy block design integration and configuration in Xilinx Vivado block designs |
1 CD containing the following:
|
Immunity Inline Memory Encryption (IME) IP Core
Immunity-IME is an inline memory encryption Intellectual Property (IP) Core that protects the confidentiality and integrity of instructions and data stored in external memory. Customers can use Immunity-IME by inserting the Core between a processor and memory controller. As an intermediary between the processor and memory, Immunity-IME performs just-in-time encryption, decryption, and authentication for all memory read and write requests. The Core accepts unencrypted (“Red”) read and write requests from a processor on its slave AXI interface and transforms each request into encrypted (“Black”) requests on a master AXI interface. The IP Core stores authentication tags (“Metadata”) along with the encrypted data in external memory.
Benefits |
Features |
Deliverables |
|
Low Risk: Used in FPGAs and ASICs on other Defense programs, NIST approved algorithms with proven side channel resistance
Simple to Integrate: A drag-and-drop design delivered with reference designs and test benches using common interface IP.
Set and Forget, Simple Maintenance: No annual maintenance contracts, implementation of future updates are optional
Developed and supported by a trusted U.S. DOW supplier: Our team in the Mountain Time Zone answer emails, take phone calls and can travel to make sure your integration goes smoothly |
Performs encryption, decryption, and authentication using the Counter Mode (CTR) or Galios/Counter Mode (GCM) Cipher, NIST SP 800-38A, SP 800-38D
Compliant with NIST, FIPS-197
Supports AES key sizes: 128 or 256 bits
Complete internal Key Management with NIST 800-133 compliant key generation
Compatible with AMBA AXI4 interface
Supports use of hard or soft memory controllers in XIlinx FPGA and SoC devices Optional robust countermeasure for Side Channel Attacks |
Xilinx IP_XACT Package
Product Documentation
Example Designs
Simulation Testbench
Technical Support and Maintenance Updates |
Immunity Hardware Security Module (HSM) IP Core
Key management is a headache. Immunity-HSM is a hardware security module Intellectual Property (IP) that provides crypto processing and management for embedded solutions. Immunity-HSM safeguards and manages digital keys for strong authenticator functions. The IP Core accepts commands from the processor for supported cryptography functions. Stream data can be provided to the core using a Stream DMA or similar device. The core then returns status and results to the processor via the core register map.
Benefits |
Features |
Deliverables |
|
Low Risk: Used in FPGAs and ASICs on other Defense programs, NIST approved algorithms with proven side channel resistance
Simple to Integrate: A drag-and-drop design delivered with reference designs and test benches using common interface IP.
Set and Forget, Simple Maintenance: No annual maintenance contracts, implementation of future updates are optional
Developed and supported by a trusted U.S. DOW supplier: Our team in the Mountain Time Zone answer emails, take phone calls and can travel to make sure your integration goes smoothly |
PKCS#11 v2.40 Compliant Driver
Internal Key Management
DPA Resistant Cryptography Functions
AES encrypt/decrypt for ECB, CTR, CBC, and GCM modes, and key sizes of 128 and 256 |
Xilinx IP_XACT Package
Product Documentation
Example Designs
Simulation Testbench
Technical Support and Maintenance Updates |
Idaho Scientific, now part of General Dynamics Mission Systems, specializes in embedded security with a proven track record of solving the hardest cybersecurity, supply chain integrity and anti-tamper problems with novel and scalable solutions.
