Hardware Security Testing and Evaluation for FIPS 140-2
What atsec Offers
For many devices located in hostile environments, perhaps in very accessible places offering attackers greater opportunity to access the devices or in inaccessible places restricting the ability for patches and updates, the close-coupling of hardware and software present a challenge to the engineers and architects responsible for ensuring security and providing assurance to customers through evaluation and testing of the devices or systems.
These include devices such as:
- integrated circuits,
- personal devices (cell phones, tablets),
- credit cards;
- embedded systems such as card readers,
- digital tachographs,
- alarm systems, and
- network devices or devices using ASICs, FPGAs or on-chip cryptographic functions
The security considerations for these devices include the logistical difficulties in performing updates or applying patches and the often critical nature of these devices in larger systems.
Whatever the device is, it will likely need to be both dependable, and reliable as well as secure. Techniques such as the specification of tamper resistance, a hardened operating system, or a Trusted Computing Base are often employed by designers when high reliability and dependability are requirements.
Our services for hardware security include:
- Enclosure hardening
- Tamper evidence, tamper detection, tamper response testing and consulting
- Embedded software architecture security design review and source code review
- Consulting on Monolithic kernels such as Embedded Linux and Microsoft CE
- Protocol Analysis including proprietary network protocols and their network interfaces
- Cryptographic testing for ASICs and software implementations of algorithms
- Low Tech/Environmental Physical Tests
- Disruption (vary parms to attempt to make device act in error)
- Temperature (including low temp imprinting)
- RF/EM/X-Ray bombardment
- Clock (Frequency and glitching) – both random and synched.
- Electro Static Discharge
- Visible/UV/IR light (disruption and/or writing/erasing)
- Moderate Tech/Passive and Probe Tests
- Simple Power Analysis/Differential Power Analysis
- Probing, Remove passivation and probe critical points passively and actively (injection)
- Ultra Violet light to write/reset locks and switches (only on some EE type devices)
- Add/Remove links (wirebond, vacuum metal deposition, etc)
- High Tech/Energy Tests
- SEM Read/Write
- LEM/PEM Read
- CSAM (for analysis and location determination)
- Laser Read/Write
- X-Ray imprinting
Our accredited laboratories can also assist with testing for certification according to Common Criteria.