OUR METHODOLOGY

Hardware security covers a large spectrum of attacks from PCB level to Integrated Circuit. When dealing with Integrated Security, three main categories of attacks are to be considered : Non-, Semi- and Fully-Invasive Attacks. The name of the different categories has a double meaning. It tells where the attacks will occur but it also contains information about the attacker profile and the used equipments. In that sense, Invasive Attacks require the more skills and equipments but also are the most powerful. The most common types of attacks are Non-Invasive as they require less equipments and can be performed by the most people.

Texplained conducts risk assessments considering the IC as a whole: from non- to fully- and semi-invasive attacks, the chip security is evaluated considering the complete threat to its secrets. Thanks to its unique expertise on IC reverse engineering and invasive attacks, Texplained realizes high-end technical projects, starting with the deep exploration of the device, a crucial first step that provides essential indications on weaknesses of the component facing all types of hardware attacks. Indeed, after the chip has been imaged in the lab, the electronic pictures of its internal are converted into a Netlist & GDSII thanks to our software ChipJuice. Then, the exploration of the chip and a search for its weaknesses start, by looking at:          

1. The netlist: the core can be analyzed to strategize attacks

2. The layout: the level of difficulty to perform the attack is assessed as this one is deeply linked to the physical architecture of the core. Texplained security assessments aim at finding potential weaknesses but also rank those regarding their potential exploitation and their feasibility level. This approach ensures that the entire digital core is actually examined at different levels.

3. Then, if applicable, the attack can be tested in real life which gives some more elements regarding the difficulty of the circuit edit, the associated micro-probing or the potential processing of the acquired signals. This type of evaluation can be performed by seeing the IC as a black box. Such a methodology brings a considerable benefit: by repeating a real world attack scenario we optimize the coverage of the full threat landscape to the chip. Our methodology is described in downloadable document “Texplained Security Analysis Methodology”.