ALL-IN-ONE PLATFORM
esDynamic
Manage your attack workflows in a powerful and collaborative platform.
Expertise Modules
Executable catalog of attacks and techniques.
Infrastructure
Integrate your lab equipment and remotely manage your bench.
Lab equipments
Upgrade your lab with the latest hardware technologies.
PHYSICAL ATTACKS
Side Channel Attacks
Evaluate cryptography algorithms from data acquitition to result visualisation.
Fault Injection Attacks
Laser, Electromagnetic or Glitch to exploit a physical disruption.
Security Failure Analysis
Explore photoemission and thermal laser stimulation techniques.
EXPERTISE SERVICES
Evaluation Lab
Our team is ready to provide expert analysis of your hardware.
Starter Kits
Build know-how via built-in use cases developed on modern chips.
Cybersecurity Training
Grow expertise with hands-on training modules guided by a coach.
ALL-IN-ONE PLATFORM
esReverse
Static, dynamic and stress testing in a powerful and collaborative platform.
Extension: Intel x86, x64
Dynamic analyses for x86/x64 binaries with dedicated emulation frameworks.
Extension: ARM 32, 64
Dynamic analyses for ARM binaries with dedicated emulation frameworks.
DIFFERENT USAGES
Penetration Testing
Identify and exploit system vulnerabilities in a single platform.
Vulnerability Research
Uncover and address security gaps faster and more efficiently.
Malevolent Code Analysis
Effectively detect and neutralise harmful software.
Digital Forensics
Collaboratively analyse data to ensure thorough investigation.
EXPERTISE SERVICES
Software Assessment
Our team is ready to provide expert analysis of your binary code.
Cybersecurity training
Grow expertise with hands-on training modules guided by a coach.
INDUSTRIES
Semiconductor
Security Labs
Governmental agencies
Academics
ABOUT US
Why eShard?
Our team
Careers
FOLLOW US
Linkedin
Twitter
Youtube
Gitlab
Github
Behind the release of esDynamic 2024.01
The new version of esDynamic represents a significant leap in eShard's efforts to advance chip security testing.
Over the years, we've developed a platform capable of executing a broad spectrum of physical attacks on chips β ranging from side-channel and hardware fault injection to advanced failure analysis techniques, like photoemission and thermal laser stimulation.
Our goal is to equip experts with the tools necessary to assess the trustworthiness or vulnerabilities of digital systems, able to manage both blackbox testing of unfamiliar technologies and internal evaluations of product protections in post-silicon validation.
Drawing from my extensive experience in both specialised labs and secure product manufacturing, I've observed the critical role of tooling in collaborative expert environments.
And I've learned a few things:
1. DIY-ing solutions
Experts often believe crafting their tools is essential for control and mastering their analyses. However, the necessity to constantly update and troubleshoot self-made tools not only consumes valuable time but also requires a skill set that may not align with their primary capabilities.
Β
2. Isolation of expert work
The preference for working individually among experts can lead to significant underutilization of potential. While individual work allows for deep focus, it often isolates experts from the broader benefits of teamwork, such as shared insights and collaborative problem-solving. In my experience, experts can do so much more when they work together. But this could be challenging, especially if the team is spread out across different countries.
Β
3. βGatekeepingβ expertise
The field of cybersecurity has a niche nature that makes finding individuals skilled in physical attacks exceedingly difficult. The departure of an expert from a team signifies not just the loss of a valuable team member but also the departure of unique knowledge and the tools they've developed. This situation poses a continuous challenge for team leaders.
Β
Β
Facing these challenges and drawing on extensive hands-on experience in cybersecurity, we understood the need for a new approach. How could we address a market where existing tools are so lacking that experts feel compelled to build their own? How could we bring together the varied skills and complex tasks of team members to streamline workflows? And how could we promote a culture where knowledge is shared freely with the team, rather than hoarded by individuals?
These questions motivated us to innovate and enhance our methods for chip security testing.
In response, we developed esDynamic, marking a strategic pivot towards a more inclusive, adaptable, and collaborative platform tailored for the industry and governmental agencies.
esDynamic shifts away from conventional and restrictive tools towards a more dynamic and open ecosystem, to address the core challenges faced by security experts.
Β
Open and customizable platform
We designed esDynamic to be a sandbox for experts, free from proprietary constraints, supporting endless customization and integration of new tools. It's a platform that grows with its users, continually adapting to the ever-changing cybersecurity landscape.
Contrary to my previous strong advocacy for Matlab, I now recognize that it may not be the best fit in the current scenario. While Matlab can meet basic needs, it doesn't quite match up with the modern requirements necessary for effectively cultivating expertise.
Instead, we have chosen Python as our go-to language. Python's flexibility, ease of reading, and comprehensive library ecosystem render it perfectly suited for the intricate and diverse challenges of security analysis.
Β
JupyterLab integration
Integrating JupyterLab as the cornerstone of our technological framework has set a new standard in the field, particularly for conducting side-channel analysis. We identified JupyterLab's exceptional compatibility with data science, an essential aspect of side-channel analysis, thanks to its rich functionalities designed to handle complex datasets and perform sophisticated analyses.
Additionally, it allows for seamless integration and interaction of various components such as notebooks, code, and data. This creates an environment where ideas and discoveries can be exchanged, discussed, and expanded upon. It boosts collaborative problem-solving and speeds up the innovation process, proving to be an essential asset for teams aiming to collaborate more productively and successfully.
Notably, the use of notebooks for documentation not only allows new team members to rapidly familiarise themselves with ongoing research, but also enables them to replicate previous analyses with precision. Thus bridging knowledge gaps among team members, ensuring that insights and methodologies are not confined to individual experts but are shared widely within the team.
Β
Performance oriented
Given the intensive computational demands of conducting physical attacks, esDynamic harnesses advancements in data science to enhance processing power and adapt to diverse IT infrastructures, ensuring no expert is left behind due to technical limitations.
Β
Β
Building on these principles, the latest esDynamic release introduces significant enhancements to further support and streamline the work of security experts.
Β
π Integrated Workflow
The new bench manager feature seamlessly incorporates hardware equipment for physical attacks, allowing experts to manage and remotely control bench configurations. This component intends to facilitate long runs of side-channel acquisitions gathering millions of traces, but also days-long scans of hardware parameters to manage laser, electromagnetic or glitch fault injection campaigns.
Β
Β
π Knowledge Centre
Recognizing the overwhelming amount of material that experts must navigate, the introduction of the Knowledge Centre is a game-changer. It functions as a search engine providing a centralised and easily accessible repository, enabling team members to find the specific notebooks, scripts, or datasets they need without the hassle of sifting through disorganised piles of documents.
Β
Β
Evidence-based Decision Making
The conclusions of the expertise work in physical attacks is quickly turned into decisions. Can I trust this device? Is this countermeasure enough? How serious is the weakness? These decisions are inherently strategic, making the ability to present testing evidence and replay tests essential.
However, this necessity often faces practical challenges, such as managing large data sets, requiring a specific software environment for analysis replay, and capturing the expert's reasoningβ¦ ask an expert to replay an attack performed 6 months ago, and youβll see how challenging it is.
esDynamic addresses these issues head-on, ensuring test replays are straightforward and accessible. The platform's bench manager feature allows for easy retrieval of bench configurations, while the logical flow of analyses is neatly structured in notebooks. Additionally, the software environment can be preserved and reactivated for future use, eliminating any barriers to test replication. There is no excuse anymore :-)
With the latest updates to esDynamic, we are striving to empower organisations to refine their expertise in physical attacks, enhancing efficiency and ensuring that their invaluable experts can concentrate on what they do best.
By fostering collaboration among experts and prioritising the retention of expertise, we are committed to enhancing both the effectiveness and the sustainability of security efforts in the industry.
Β
