AUTHORIZED SECURITY LAB

Get the IoT security certification you need to succeed

We are one of the world’s most trusted IoT security labs, and a certification report from us will not only prove you’ve met requirements from Amazon, AT&T or ANSSI (CSPN), but also give you valuable insights on how to make your product more secure.

AMAZON-AUTHORIZED LAB

Alexa Built-in IoT security certification

As an Amazon-Authorized Security Lab, we offer independent security assessments to prove you meet the security requirements for Alexa Built-in devices using Amazon Voice Service (AVS), as well as improve the long-term security of your product.

AT&T-AUTHORIZED LAB

AT&T IoT security certification

As an AT&T-Authorized Security Lab for the AT&T and FirstNet® networks, our independent security assessments will allow you to provide AT&T with the report necessary to gain official certification, as well as highlight any opportunities to improve your security posture and protect your product.

ANSSI-AUTHORIZED LAB

CSPN IoT security certification

As an ANSSI-Authorized Security Lab, we offer independent security assessments to provide evidence that you meet the security requirements for ANSSI’s Certification de Securité de Premier Niveau. We can also give you advice on how to protect your product throughout its entire lifecycle.

Labs Fact Sheet

Free Download

Kudelski IoT Security Labs Fact Sheet

For IoT Device & Component Manufacturers

WHAT WE DELIVER

We go deeper to help you succeed

As an Authorized Security Lab, we understand what it takes to help you successfully pass the most demanding security certification processes. Our advanced labs have already helped hundreds of clients across many industries secure their connected products.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

BEHIND THE SCENES

Our IoT Security Labs ensure you stay one step ahead of hackers

Using advanced tools in our state-of-the-art Swiss labs, we carry out a wide variety of tests and attacks on your technology in order to provide you with actionable security insights. Below are just a few of the techniques we use.

Side Channel Analysis

Side Channel Analysis refers to the use of information leakage related to an event which is obtained through secondary phenomenon, such as changes in power consumption or magnetic field emission.

When protections such as masking are not sufficiently efficient, it can lead to the recovery of secrets from the operation of an electronic device. Often these secrets are cryptographic keys.

  • Power and electromagnetic analysis
  • Differential Power Analysis, Correlation Power Analysis, Mutual Information Analysis
  • In-house developed trace processing suite

Fault Injection

Fault attacks modify the behavior of a system, by disrupting the code executed by semiconductors.

It may allow access to restricted functionality or information (keys, parameters or code) and can simplify cryptographic attacks compared to brute force attacks. It can also be used as an enabler to perform further attacks such as code dump.

  • Laser, Electro-magnetic and electrical glitch injection
  • Multi-location, multi-fault laser and Electro-magnetic capability with fast repetition
  • Real-time multiple fault synchronization to internal events
  • Differential fault analysis, key and date extraction

Imaging & IC Modification

Invasive techniques are performed with powerful tools for imaging (SEM) and circuit edit (FIB).

Reverse engineering allows the identification of specific logic and circuit edit tools can remove (nano-etching) or deposit materials (nano-soldering) with nanometer precision. These capabilities can be used to cut and connect circuitry within a device, allowing a permanent modification of the behavior of the chip, as well as to create probe points for accessing signals of interest.

  • Device teardown
  • Sub-micron imaging and circuit modification
  • Scanning Electron Microscope (SEM)
  • Focused Ion Beam (FIB)
  • Localized circuit reverse engineering

SW Attacks & Pentest

Flawed functions and exposed network services may lead to the compromise of an entire network or system.

They allow an unverified user to steal data or gain further access, elevating privileges to administrator level, tamper with a device or get insights on means to develop targeted attacks. The extraction and the analysis of a firmware and memory content can highlight maintenance or supervisor accounts, injection flaws, buffer overflows, format strings or firmware update and secure boot vulnerabilities.

  • White-box security evaluation of source code
  • Security coding guidelines / best practices
  • Micro-code extraction, de-obfuscation, decompilation and reverse engineering
  • Embedded device penetration testing
  • Software defined radio signal processing
  • Common Vulnerabilities and Exposures (CVE) detection
$100B/yr
Revenue Protected
400M +
Devices secured
11,000
Clients
32
Offices worldwide
$200M/yr
R&D investment
$742M
Revenues (2020)