IoT Design & Evaluation Services

Security by design for your IoT products

Need expert security guidance during any phase of your IoT journey?

We’ll help you design the security right for your specific business context and/or evaluate the components and devices that will support your connected business.

Understand cybersecurity threats & impact

IoT Threat Assessments

IoT  is booming. In order to achieve long-term success you need to know what the tangible threats to your IoT ecosystem are. We’re here to help you understand those threats and their potential impact on your business. 

We will help you understand what your most probable risks and threat scenarios are, along with the likelihood of an event with a successful attack. We will also identify each attack’s potential impact for your product, users or business model.

Deliverables

The deliverable is a report containing a threat classification with :

  • Associated cost of attack
  • Recommended mitigations
  • Security controls

Design a secure IoT Product

IoT Solution Architecture

We help you design and validate secure IoT devices and ecosystems. We begin wherever you currently are, whether you’re still in the idea phase or are near launch. Working with our experts can help protect your IoT project today and  help you avoid costly mistakes in the future.

Enterprises who design an IoT device or a connected solution realize the importance to select the right components and implement the right configuration to ensure the desired security level is reached and maintained over time.

The security architecture of an IoT system must provide appropriate measures to protect the most critical assets to reach the business objectives while accepting risk where appropriate.

Deliverables

Kudelski IoT Security has developed unique expertise that supports companies in designing the security of their IoT products.  By incorporating hardware and software security from the start, your IoT ecosystem will:

  • Embed the right features to protect data and communications
  • Ensure the integrity the device
  • Address its security lifecycle to hold control over time

Evaluate the security of your IoT products

IoT Device Security Evaluations

Is your device used in a context where security is crucial – such as critical infrastructures or safety systems? We can test its resistance to current/emerging hacking techniques.

As a the device developer, confidence in both your hardware and software security implementations are key to protecting your business and end-users.

The Device Security Evaluation aims to highlight the security gaps of your device which could impact its integrity, its availability or its data confidentiality.

Deliverables

The actionable improvement recommendations resulting from the in-depth device analysis will enable to reaching a trusted security level.

  • A detailed technical report
  • Key  strengths  and  weaknesses  of  the  device
  • Root  cause  of  the  weaknesses  with  an estimation of the effort cost and expertise  to  achieve  an  attack
  • Suggested  remediation  options  to  improve  and  reach  the desired security level
FREE DOWNLOAD

IoT Labs FACT SHEET

Discover how we can help you design, prototype, test, operate and sustain your IoT devices and ecosystem to ensure your success.

Behind the Scenes

Welcome to our IoT Security Lab

Using advanced tools in our state-of-the-art Swiss labs, we carry out a wide variety of tests and attacks on your technology in order to provide you with actionable security insights. Below are just a few of the techniques we use.

Side channel

Side Channel Analysis refers to the use of information leakage related to an event which is obtained through secondary phenomenon, such as changes in power consumption or magnetic field emission.

When protections such as masking are not sufficiently efficient, it can lead to the recovery of secrets from the operation of an electronic device. Often these secrets are cryptographic keys.

  • Power and electromagnetic analysis
  • Differential Power Analysis, Correlation Power Analysis, Mutual Information Analysis
  • In-house developed trace processing suite
  • Deep Machine Learning (multi-layer networks AI)

Fault injection

Fault attacks modify the behavior of a system, by disrupting the code executed by semiconductors.

It may allow access to restricted functionality or information (keys, parameters or code) and can simplify cryptographic attacks compared to brute force attacks. It can also be used as an enabler to perform further attacks such as code dump.

  • Laser, Electro-magnetic and electrical glitch injection

  • Multi-location, multi-fault laser and Electro-magnetic capability with fast repetition

  • Real-time multiple fault synchronization to internal events

  • Differential fault analysis, key and date extraction

Imaging and IC modification

Invasive techniques are performed with powerful tools for imaging (SEM) and circuit edit (FIB). Reverse engineering allows the identification of specific logic and circuit edit tools can remove (nano-etching) or deposit materials (nano-soldering) with nanometer precision.

These capabilities can be used to cut and connect circuitry within a device, allowing a permanent modification of the behavior of the chip, as well as to create probe points for accessing signals of interest.

  • Device teardown

  • Sub-micron imaging and circuit modification

  • Scanning Electron Microscope (SEM)

  • Focused Ion Beam (FIB)

  • Localized circuit reverse engineering

SW attacks & pentest

Flawed functions and exposed network services may lead to the compromise of an entire network or system by allowing an unverified user to steal data or gain further access, elevating privileges to administrator level, tamper with a device or get insights on means to develop targeted attacks.

The extraction and the analysis of a firmware and memory content can highlight maintenance or supervisor accounts, injection flaws, buffer overflows, format strings or firmware update and secure boot vulnerabilities.

  • White-box security evaluation of source code

  • Security coding guidelines / best practices

  • Micro-code extraction, de-obfuscation, decompilation and reverse engineering

  • Embedded device penetration testing

  • Software defined radio signal processing

  • Common Vulnerabilities and Exposures (CVE) detection

Let's get in contact

Our team will be in touch shortly

New Field

New Field

This site's forms are protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

$100 B/yr

Revenue Protected

32

Offices worldwide

400 M +

Devices secured

$200 M/yr

R&D investment

11'000

Clients

$827 M

Revenues (2019)