IoT Design & Evaluation Services
Security by design for your IoT products
Need expert security guidance during any phase of your IoT journey?
We’ll help you design the security right for your specific business context and/or evaluate the components and devices that will support your connected business.
What is your current IoT Security Need?
Understand cybersecurity threats & impact
IoT is booming. In order to achieve long-term success you need to know what the tangible threats to your IoT ecosystem are. We’re here to help you underwstand those threats and their potential impact on your business.
We will help you understand what your most probable risks and threat scenarios are, along with the likelihood of an event with a successful attack. We will also identify each attack’s potential impact for your product, users or business model.
The deliverable is a report containing a threat classification with :
- Associated cost of attack
- Recommended mitigations
- Security controls
Evaluate the security of your products
Device Security Evaluations
Is your device used in a context where security is crucial – such as critical infrastructures or safety systems ? We can test its resistance to current/emerging hacking techniques.
As a the device developer, confidence in both your hardware and software security implementations are key to protecting your business and end-users.
The Device Security Evaluation aims to highlight the security gaps of your device which could impact its integrity, its availability or its data confidentiality.
The actionable improvement recommendations resulting from the in-depth device analysis will enable to reaching a trusted security level.
- A detailed technical report
- Key strengths and weaknesses of the device
- Root cause of the weaknesses with an estimation of the effort cost and expertise to achieve an attack
- Suggested remediation options to improve and reach the desired security level
Behind the Scenes
Welcome to our IoT Security Lab
Using advanced tools in our state-of-the-art Swiss labs, we carry out a wide variety of tests and attacks on your technology in order to provide you with actionable security insights. Below are just a few of the techniques we use.
Side Channel Analysis refers to the use of information leakage related to an event which is obtained through secondary phenomenon, such as changes in power consumption or magnetic field emission.
When protections such as masking are not sufficiently efficient, it can lead to the recovery of secrets from the operation of an electronic device. Often these secrets are cryptographic keys.
- Power and electromagnetic analysis
- Differential Power Analysis, Correlation Power Analysis, Mutual Information Analysis
- In-house developed trace processing suite
- Deep Machine Learning (multi-layer networks AI)
Fault attacks modify the behavior of a system, by disrupting the code executed by semiconductors.
It may allow access to restricted functionality or information (keys, parameters or code) and can simplify cryptographic attacks compared to brute force attacks. It can also be used as an enabler to perform further attacks such as code dump.
Laser, Electro-magnetic and electrical glitch injection
Multi-location, multi-fault laser and Electro-magnetic capability with fast repetition
Real-time multiple fault synchronization to internal events
Differential fault analysis, key and date extraction
Imaging and IC modification
Invasive techniques are performed with powerful tools for imaging (SEM) and circuit edit (FIB). Reverse engineering allows the identification of specific logic and circuit edit tools can remove (nano-etching) or deposit materials (nano-soldering) with nanometer precision.
These capabilities can be used to cut and connect circuitry within a device, allowing a permanent modification of the behavior of the chip, as well as to create probe points for accessing signals of interest.
Sub-micron imaging and circuit modification
Scanning Electron Microscope (SEM)
Focused Ion Beam (FIB)
Localized circuit reverse engineering
SW attacks & pentest
Flawed functions and exposed network services may lead to the compromise of an entire network or system by allowing an unverified user to steal data or gain further access, elevating privileges to administrator level, tamper with a device or get insights on means to develop targeted attacks.
The extraction and the analysis of a firmware and memory content can highlight maintenance or supervisor accounts, injection flaws, buffer overflows, format strings or firmware update and secure boot vulnerabilities.
White-box security evaluation of source code
Security coding guidelines / best practices
Micro-code extraction, de-obfuscation, decompilation and reverse engineering
Embedded device penetration testing
Software defined radio signal processing
Common Vulnerabilities and Exposures (CVE) detection