atsec

The information security provider.
homesitemapblog
  • Services
  • Company
  • News & Events
  • Resources
  • Contact
Deutsch | 汉语

Product Evaluation
and Testing
Common Criteria (ISO/IEC 15408)
FIPS 140-2
Cryptographic Algorithm Testing
SCAP
NPIVP Testing
Biometrics Testing
GSA PIV Evaluation (FIPS 201)

Compliance and Audit
ISO/IEC 27001
SOX and Euro-SOX
FISMA Certification Support
HIPAA and HITECH
NASPO

Consulting and Training
VTDR for GSA FIPS 201
Embedded Systems
Hardware Security Testing and Analysis
Penetration Testing
PCI Consulting
US Export Control for Cryptography
Training

 back to the list of services
 

Embedded Systems

What atsec offers

Embedded systems typically use specialized firmware, hardware, ASIC’s, and FPGA. They are often deployed in a hostile environment such as one that is environmentally challenging, inaccessible, or very accessible to the point of offering attackers greater opportunity to stress or access the devices. The security considerations for these devices are specialized and technical in nature.

Whether your device is a sensor, a control, an instrument, a network appliance, or provides other functionality, it will likely need to meet stringent specifications for physical security.
Many of our customers need to harden their devices to meet the specifications of standards such as FIPS 140-2 or FIPS 201. Others have consulted with us because they know that their devices are destined for inhospitable environments. atsec offers:

  • Penetration testing and physical security assessment
  • Enclosure hardening: e.g. materials recommendations
  • Tamper resistance: e.g. component potting, tamper resistant fasteners
  • Tamper evidence: e.g. tamper evident labels, paints and tamper evident seals
  • Tamper detection: e.g. micro-switches, tamper detecting membranes and sensors
  • Tamper response: e.g. automatic zeroization and physical destruction
  • Mitigation of probe attacks: e.g. passive (oscilloscope); injector; nano, pico or micro probes, and energy probes
  • Mitigation of machining attacks: e.g. manual, mechanical, water, chemical, laser, and sandblasting
  • Expert advice on TEMPEST, clock glitching, etc.

Our hardware engineers have decades of experience and are acclaimed industry leaders on this topic. We have been consulted by several major device manufacturers and researchers including large global blue-chips, small- and medium-sized businesses, and research facilities.

Why our service is important to you

Once embedded systems are field-deployed, they are often disregarded for maintenance since it is very expensive to make field service trips or recall devices. Devices with security flaws provide opportunities for litigation, loss of data confidentiality, device integrity, or loss of service. Public recalls or bad press about security flaws can severely impact your company.

Embedded system designers know that the more attacks that can be mitigated during design and development, the more reliable, secure, and commercially successful the product will be.

To access some markets (for example, government markets), formal certification is often required. Some requirements documents specify formal certification.

For more information

Please refer to our resource pages.

 

(c) 2012 atsec information security | Legal Notice | Data Protection Notice | Environmental Policy | Security Policy |  atsec IT security blog atsec on facebook atsec on twitter atsec on LinkedIn atsec on digg.com