Hardware security covers a large spectrum of attacks from PCB level to Integrated Circuit. When dealing with Integrated Security, three main categories of attacks are to be considered : Non-, Semi- and Fully-Invasive Attacks.

The name of the different categories has a double meaning. It tells where the attacks will occur but it also contains information about the attacker profile and the used equipments.

In that sense, Invasive Attacks require the more skills and equipments but also are the most powerful. The most common types of attacks are Non-Invasive as they require less equipments and can be performed by the most people.

Texplained conducts risk assessments considering the IC as a whole: from non- to fully- and semi-invasive attacks, the chip security is evaluated considering the complete threat to its secrets.
Thanks to our unique expertise on IC reverse engineering and invasive attacks, we realize high-end technical projects, starting with the deep exploration of the device, a crucial first step that provides essential indications on weaknesses of the component facing all types of hardware attacks.

Indeed, after the chip has been imaged in our lab, the electronic pictures of its internal are converted into a Netlist & GDSII thanks to our software ChipJuice.

Then, we explore the chip and look for its weaknesses in:

         1. The netlist: the core can be analyzed to strategize attacks

  • Invasive Attacks evaluation
  • Memory dump and/or debug chain unlocking
  • Embedded Code review and/or scan chain analysis
  • Identification of potential weaknesses / Non- and Semi- Invasive Attacks strategy creation
  • Non- and Semi- Invasive Attacks evaluation

         2. The layout: the level of difficulty to perform the attack is assessed as this one is deeply linked to the physical architecture of the core. Texplained security assessments aim at finding potential weaknesses but also rank those regarding their potential exploitation and their feasibility level.

This approach ensures that the entire digital core is actually examined at different levels.

         3. Then, if applicable, the attack can be tested in real life which gives some more elements regarding the difficulty of the circuit edit, the associated micro-probing or the potential processing of the acquired signals.

This type of evaluation can be performed by seeing the IC as a black box. Such a methodology brings a considerable benefit: by repeating a real world attack scenario we optimize the coverage of the full threat landscape to the chip.

Our methodology is described in downloadable document “Texplained Security Analysis Methodology”.