Founded in 2018 at the University of Cambridge Computer Lab, not-for-profit company lowRISC has acquired NewAE Technology, Inc., a privately-held designer and manufacturer of broadly accessible silicon security analysis tools.
Image by copyright Shutterstock
The acquisition brings added momentum to lowRISC, whose OpenTitan project – a collaboration between lowRISC, Google, Western Digital, Seagate and other commercial and academic partners – has created the first transparent, high-quality reference design and integration guidelines for silicon root of trust (RoT) chips. As an open source project, OpenTitan enables the larger community to proactively audit, evaluate and dramatically improve the security properties of the chip design. With the addition of NewAE Technology's advanced hardware security analysis tools, OpenTitan's community of partners will now be able to conduct side-channel power analysis and fault injection attacks to uncover vulnerabilities in physical security implementations of their own silicon.
"NewAE's groundbreaking and accessible tools have the potential to be central to security testing of embedded silicon throughout the ecosystem," said Gavin Ferris, CEO of lowRISC. "With its open-design approach to hardware and its commitment to transparency and security, NewAE strategically complements our own open source silicon design focus, helping create transparent silicon worthy of being trusted. We look forward to continuing to support and expand upon NewAE's current product offerings, bolstering evaluation of OpenTitan's own security, and ensuring that open source hardware can be hardened against the most serious attacks."
Founded in 2014, NewAE Technology built the first commercially supported open source toolchain for advanced hardware security evaluation, including side-channel analysis and fault injection. Its signature product, ChipWhisperer, is an open source toolchain that provides a standardized capture tool for testing new analysis algorithms in real time along with countermeasures to expose weaknesses that exist in embedded systems. As such, this acquisition will enable lowRISC to develop and evaluate digital countermeasures in the open source, disrupting the market of traditionally niche security analysis tools with an approachable, accessible hardware security tool.
"LowRISC's acquisition of NewAE brings together two philosophically-aligned organisations committed to secure, open source silicon development and adoption, bringing transparency to what has traditionally been a very locked down ecosystem," said Dominic Rizzo, OpenTitan's Project Director. "NewAE's offerings will fundamentally change the nature of OpenTitan silicon development by enabling engineers and designers in our community to be more aware of side-channel and fault-injection attacks, allowing us all to build more secure systems."
Side-channel and fault-injection attacks enable attackers to break into and extract information from a secure device. Because these attacks are often non-invasive, they are difficult to detect and some of the most challenging to mitigate. With a side-channel attack, bad actors can obtain cryptographic keys by observing a device's power consumption to extract critical secrets. Fault-injection attacks occur when an attacker injects a fault into a device to disrupt its intended behavior and access information.
"NewAE and lowRISC's shared belief in open source hardware made lowRISC a natural home for ChipWhisperer and related projects," said Colin O'Flynn, CEO, NewAE Technology, Inc. "This alignment brings to the OpenTitan project expertise in precise analysis tools that visualize weaknesses in silicon that would be vulnerable to side-channel and fault-injection attacks. This lets us focus not just on security tooling, but also on an entire stack of embedded security solutions."