Solutions 
Blog
Contact us
eShard
/
esfirmware

Firmware Security Analysis

Firmware is a piece of software binary embedded in devices, such as IoT. The devices are potentially subject to physical attacks, targeting the cryptography algorithms or security sensitive operations. It is therefore necessary to analyze the corresponding risks and assess whether the security protections are strong enough to withstand attacks. This may turn out to be a complex task since physical attacks implies hardware equipment testing the device. And particularly for organizations keen to implement efficient software development practices.
Contact our experts
Download the Datasheet

An analysis framework

esFirmware’s framework offers the opportunity to analyze in depth a firmware against physical attacks. Designed for developers or security evaluators, esFirmware leverages an emulation engine and interferes into the runtime execution for simulating observations or disruptions close to the physical reality.

The framework already supports many types of binary compiled for multiple architectures such as ARM (arm32, arm64), Intel (x86) or Risc-V. It is possible to emulate complex SoC devices, at least partially, to extend the analysis capabilities.

esFirmware leverages esDynamic platform

Firmware analysis may be complex and requires different expertises. This explains why esFirmware leverages esDynamic, a data science platform designed for collaboration and expertise work. The emulation engine is fully integrated into the framework. It is then possible to set the computing capabilities in line with the needs, since emulation quickly requires the handling of big dataset. With the unique collaboration feature, multiple experts can effectively work together on the same framework.

esFirmware provides know-how material for physical observation or fault injection

Physical observation, or code lifting, gives an overview of the internal execution variable over the execution. A special care was taken to filter the information and avoid any overwhelming data to process. The material elaborates use cases targeting whitebox cryptography.

Physical fault injection provides the ability to fault a firmware code during its execution. This simulates faults using glitch, laser or near field electromagnetic attacks. Automation leads to set up intensive test campaigns covering large ranges of fault parameters. The expertise material helps to identify the weak points and to point out where security protections should be implemented.

Take ownership of your security test process

Efficient validation

De-risk your business by automating testing in intensive validation campaign

No hardware equipment

No need for expensive and hard to use hardware (laser or EM fault injection set-up) to run attacks on the firmware

Systematic

Manage non regression in your development cycle. Security protections are considered like software features

Blog Articles

Integrated Circuit Security

esDynamic + Conda : The stability and reliability to achieve your data-scientist dream

12 min read
Edit by Bernardini Mickael Jun 10, 2020
© eShard 2021. All rights reserved
Privacy policy | Legal Notice
Bâtiment GIENAH
11 avenue de Canteranne
33600 Pessac
France
eShard Nudge
7 rue Gaston de Flotte
13012 Marseille
France
eShard GmbH
Beethovenallee 21
53173 Bonn
Germany
Paya Lebar Quarter
#04-01 Paya Lebar Link
408533
Singapore