Security Laboratory Equipment
OSR is one of the leading company for testing and design of secure embedded solutions. As such, we are equipped with state of the art tools allowing us to visualize and challenge the security of our partner products or our own design.
Side-Channel Analysis (SCA) is a generic term grouping different attacks methods such as SPA, DPA or else. All non-invasive type of attacks, they are designed to passively ‘spy’ on the product during cryptographic process to extract assets using pre-defined models and statistical methods. Where these attacks were defined quite some time ago, they remain one of the preferred method to attack products.
OSR can perform: SPA, DPA, DEMA attacks.
Fault Injection (FI) applies a different methodology to compromise a device. Using invasive methods, such as power or laser glitching, the attacker will try to modify the behavior of the product by ‘shooting’ memory space or power and clock lines. For example, one common intended modification is to provoke code instruction bypass (skip a pin verification for example) by shooting at the instruction memory space right during its execution.
OSR can perform: Laser, Voltage, Clocck glitching.
As an attacker, we should not only consider attacking hardware related features but also work on embedded software of these products (firmware, applications). Our methodology is usually to reverse engineer the software we can get access to. We will for example analyze how a firmware operates to then target the exact functions handling security assets. Such analysis sometimes includes reversing more complex security features such as code obfuscation or anti-tampering mechanisms.
OSR is constantly expanding its laboratory capabilities. We work with our supplier to develop new ways to test products and to bring this knowledge to you. You can always contact us to discuss new attack methods.