atsec

Deutsch | 汉语

 back to the list of services

Hardware Security Testing and Evaluation

What atsec offers

Information security is not purely a function of software or hardware. For many devices located in hostile environments, such as Integrated circuits, smartcards, personal devices (cell phones, PDAs), e-passports, credit cards; embedded systems such as card readers, digital tachographs, alarm systems, and network devices or devices using ASICs, FPGAs or on-chip cryptographic functions, the close-coupling of hardware and software present a challenge to the engineers and architects responsible for ensuring security and providing assurance to customers through evaluation and testing of the devices or systems.

These devices are often deployed in environmentally hostile areas, perhaps in very accessible places offering attackers greater opportunity to access the devices or in inaccessible places restricting the ability for patches and updates. The security considerations for these devices include the logistical difficulties in performing updates or applying patches and the often critical nature of these devices in larger systems.

Whether your device is an I.C., a sensor, a control device, an instrument, a network appliance, or provides other functionality, it will likely need to be very reliable. Techniques such as the specification of tamper resistance, a hardened operating system, or a Trusted Computing Base are often employed by designers when high reliability is a requirement.

atsec is the world leader in assessing system security, with acknowledged world experts in operating system security, software security, and physical security testing. atsec has an unrivalled combination of expertise. Our services for hardware security testing include:

• Low Tech/Environmental Tests
  • Disruption (vary parms to attempt to make device act in error)
  • Voltage
  • Temperature (including low temp imprinting)
  • RF/EM/X-Ray bombardment
  • Clock (Frequency and glitching) – both random and synched.
  • Electro Static Discharge
  • Visible/UV/IR light (disruption and/or writing/erasing)
• Moderate Tech/Passive and Probe Tests
  • Simple Power Analysis/Differential Power Analysis
  • EMA
  • Probing , Remove passivation and probe critical points passively and actively (injection)
  • Ultra Violet light to write/reset locks and switches (only on some EE type devices)
  • Add/Remove links (wirebond, vacuum metal deposition, etc)
• High Tech/Energy Tests
  • SEM Read/Write
  • LEM/PEM Read
  • CSAM (for analysis and location determination)
  • Laser Read/Write
  • X-Ray imprinting
  • Focused Ion Beam ( Add/Remove links, Add Contacts for probing)

In addition we offer

• Enclosure hardening
• Tamper evidence, tamper detection, tamper response testing and consulting
• Embedded software architecture security design review and source code review
• Consulting on Monolithic kernels such as Embedded Linux and Microsoft CE
• Protocol Analysis including proprietary network protocols and their network interfaces
• Cryptographic testing for ASICs and software implementations of algorithms

Our accredited laboratories can also offer certification services for SCAP, FIPS 140-2, FIPS 201 and Common Criteria.

Why our service is important to you

Once embedded systems are field deployed they are often disregarded for maintenance. It is very expensive to make field service trips or recall devices. Devices with security flaws open opportunities for litigation, loss of data confidentiality or integrity, or loss of service. Public recalls or bad press about security flaws can severely impact your company.

Embedded system and I.C. designers know that the more flaws that are addressed during design and development the more reliable and commercially successful the product will be.

To access some markets, for example government markets, formal certification is often required. Some requirements documents specify formal certification.