|
Embedded security testing
Many embedded devices have a function or asset that requires
protection. We test the resistance of an embedded device against
low-cost and high-cost attacks. Please click
here for
typical examples of embedded devices that we test.
Background
Embedded device security testing is new. Previously, an embedded device did not
have strong security requirements, and if it did, the manufacturer
relied on "security by obscurity". However, this assumption does not
hold anymore with present reverse
engineering efforts by the general public combined with publication
on the internet.
Security testing methodology
Riscure developed a methodology for testing the security of an
embedded device. It consists of five structured phases which ensures
that the client receives ample feedback on all different attack
paths that apply to the product under test.
Attack techniques
A security test project consists of thorough analysis followed by
executing a mix of hardware and logical attacks. Each attack
technique is supported by a specific set of tools.
Download a presentation on the methodology and examples of our
attack techniques
here [3MB].
|
