REASSURE · Project

Testing Tools That Prove Your Chips and IoT Devices Can't Be Hacked Through Power Leaks

digitalTestedTRL 6

Imagine someone could figure out your password just by listening to how much electricity your device uses while typing it. That's essentially what side-channel attacks do — they spy on the physical signals your chip emits (power use, timing, electromagnetic waves) to steal secret keys. REASSURE built simulation tools that let manufacturers test whether their chips leak secrets, without needing an expensive physical testing lab. Think of it as a virtual crash-test for cryptographic security — you run the software, it simulates attacks, and tells you where your device is vulnerable before a real attacker finds out.

By the numbers

consortium partners across 6 countries

industry partners including NXP, IDEMIA, and Riscure

total project deliverables produced

simulation tools delivered (prototype and final release)

50%

industry ratio in consortium

The business problem

What needed solving

Every connected device — from payment terminals to IoT sensors — runs cryptographic operations that can be spied on through power consumption, timing, or electromagnetic emissions. Getting security certification (Common Criteria, EMVCo, FIPS) is slow, expensive, and requires physical access to specialized testing labs. Worse, recent incidents like the Taiwanese citizen card vulnerability showed that even certified products can be insecure, eroding trust in the entire evaluation process.

The solution

What was built

The project delivered a leakage simulator that takes high-level cryptographic descriptions (e.g., AES) and produces simulated side-channel leakage traces based on instruction-level processor profiles — plus a fault simulation tool. Both went through prototype and final release stages across 23 deliverables, with reference datasets and a structured detect-map-exploit testing methodology.

Audience

Who needs this

IoT device manufacturers needing security certification without expensive lab accessPayment terminal and smart card companies facing EMVCo compliance requirementsSemiconductor companies wanting pre-silicon side-channel vulnerability testingSecurity testing laboratories looking to standardize and automate evaluationsGovernment agencies and certification bodies updating evaluation standards

Business applications

Who can put this to work

IoT Device Manufacturing

SME

Target: IoT hardware makers building connected sensors, smart home devices, or industrial controllers

If you are an IoT device maker struggling to get security certification for your embedded products — this project developed an open-source leakage simulator that profiles processor-level vulnerabilities. Instead of sending every prototype to an expensive testing lab, you can run automated resistance assessments in-house, catching flaws earlier in your design cycle across your product line.

Payment and Banking Technology

enterprise

Target: Companies manufacturing payment terminals, smart cards, or banking hardware

If you are a payment hardware company facing EMVCo or Common Criteria certification requirements — this project created a structured detect-map-exploit methodology that improves the quality and comparability of security evaluations. With 2 major circuit manufacturers (NXP, IDEMIA) in the consortium, the tools were designed for real-world payment chip security testing.

Semiconductor and Chip Design

mid-size

Target: Chip designers and fabless semiconductor companies needing pre-silicon security validation

If you are a semiconductor company that needs to verify side-channel resistance before tape-out — this project delivered a final leakage and fault simulation tool that takes high-level cryptographic descriptions (like AES) and produces simulated leakage traces. This means you can test security at the design stage rather than discovering vulnerabilities after manufacturing.

Frequently asked

Quick answers

What would it cost to use these simulation tools?

The project delivered an open-source leakage simulator, meaning core tools are freely available. However, integration, customization, and consulting from consortium partners like Riscure (a professional side-channel testing lab) would involve commercial fees. Based on available project data, specific pricing is not disclosed.

Can these tools work at industrial scale for product lines with many chip variants?

Yes — the tools were specifically designed to automate leakage assessment so manufacturers don't need immediate access to a physical testing lab for every variant. The simulator takes high-level cryptographic descriptions and produces leakage traces, which scales across product families. The consortium included 4 industry partners validating this approach.

What is the IP and licensing situation?

The project explicitly mentions an open-source leakage simulator as a deliverable. However, with 8 partners across 6 countries and commercial players like NXP and IDEMIA involved, some tools or extensions may carry commercial licenses. Contact the coordinator at UCL Belgium for specific licensing terms.

Does this meet current certification standards like Common Criteria or EMVCo?

REASSURE was designed to directly improve certification methods including Common Criteria, EMVCo, and FIPS evaluations. The consortium included ANSSI (the French governmental cybersecurity agency) specifically to push results into standardization bodies. The tools aim to make evaluations more comparable and reliable.

How mature are the simulation tools — are they production-ready?

The project delivered both a Prototype Simulator and a Final Simulator across its 23 deliverables. The final release covers both leakage simulation and fault simulation. With testing by partners like Riscure and chip manufacturers NXP and IDEMIA, the tools have been validated in industry-relevant contexts.

Can these tools integrate with our existing chip design workflow?

The simulator accepts high-level descriptions of cryptographic implementations (e.g., AES) and produces leakage traces based on instruction-level processor profiles. Based on available project data, the tools target processors relevant for IoT. Integration specifics would depend on your design environment and target platform.

Consortium

Who built it

This is a strong industry-backed consortium with 8 partners across 6 countries and a 50% industry ratio — well above average for research projects. The lineup reads like a who's-who of hardware security: NXP and IDEMIA are two of the world's largest chip and smart card manufacturers, Riscure is a globally recognized side-channel testing laboratory, and ANSSI is the French national cybersecurity authority. With 3 universities (including UCL and University of Bristol, both top-tier in cryptographic research), the project bridges cutting-edge research with real commercial needs. For a business buyer, this means the tools were built by people who actually make and test chips, not just academics theorizing about them.

UNIVERSITE CATHOLIQUE DE LOUVAINCoordinator · BE
IN SMART IDENTITY FRANCEparticipant · FR
IDEMIA FRANCEparticipant · FR
NXP SEMICONDUCTORS GERMANY GMBHparticipant · DE
KEYSIGHT TECHNOLOGY NETHERLANDS RISCURE BVparticipant · NL
UNIVERSITY OF BRISTOLparticipant · UK
UNIVERSITAET KLAGENFURTparticipant · AT

How to reach the team

Coordinator is at Université Catholique de Louvain (UCL), Belgium — a leading cryptography research institution. Use SciTransfer matchmaking to get a warm introduction to the right team member.

Order a report on this consortium See UNIVERSITE CATHOLIQUE DE LOUVAIN profile →

Next steps

Talk to the team behind this work.

Want to test your IoT devices or chips for side-channel vulnerabilities using REASSURE's simulation tools? SciTransfer can connect you directly with the consortium team and help you evaluate fit for your product line.

Order a report on this topic More in Digital & ICT