Security Evaluation

IT systems are nowadays part of our daily lives and part of many common devices. They perform various sophisticated, and sometimes safety-critical tasks. Security has a direct impact on safety. Lack of security can cause loss of reputation, loss of revenue, and even liability claims.

Many security holes are caused by design or implementation faults. Often developers are not aware of the whole bandwidth of possible attacks on their system. An analysis and evaluation of the system's security aspects is often never done. In addition, security rivals with other goals as costs, duration of the development process, and functionality.

A security evaluation is a crucial part of a high-quality system development. With a security evaluation during the development process, threats can be detected and corrected early. But also after the end of a project, a security evaluation can be useful to know existing threats and potential vulnerabilities of your system, e.g., to avoid them in future systems.

Expertise

Fraunhofer AISEC offers comprehensive and independent tests for the security evaluation of distributed and embedded systems, hardware and software products, or web-based and cloud services. For this purpose, Fraunhofer AISEC can resort to its modern test labs to conduct security tests, compliance tests, and interoperability tests.

Skills and services at a glance

  • analysis of vulnerabilities of products and solutions
  • technical pre-auditing
  • side channel analysis and fault-attacks on embedded systems
  • fault-detection and fault-tolerance in digital circuits
  • embedded system security evaluation
  • tamper-resistant design strategies
  • development and improvement of countermeasures
  • penetration tests
  • analysis of systems and applications
  • development of test cases
  • security evaluation of cloud services and platforms, also in compliance with the minimal requirements of the BSI
  • verification of privacy issues of cloud services, web servers, etc.

Publications

  • F. Unterstein, J. Heyszl, F. De Santis, R. Specht and G. Sigl. “One Final Improvement Prevents HighResolution EM Attacks against LeakageResilient PRFs Even for FPGAs”. In: Cryptographers Track RSA Conference (CTRSA 2018). Springer, to be published 2018.
  • V. Immler, R. Specht and F. Unterstein. “Your Rails Cannot Hide From Localized EM: How Dual-Rail Logic Fails on FPGAs”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017.
  • J. Obermaier, R. Specht and G. Sigl. “FuzzyGlitch: A Practical Ring Oscillator Based Clock Glitch Attack”. In: 22nd International Conference on Applied Electronics. To appear. IEEE, Sept. 2017.
  • F. Unterstein, J. Heyszl, F. De Santis and R. Specht. “Dissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks A Practical Security Evaluation on FPGA”. In: Proceedings of 8th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2017). Springer. 2017.
  • A. Zankl, J. Heyszl and G. Sigl. “Automated Detection of Instruction Cache Leaks in Modular Exponentiation Software”. In: Smart Card Research and Advanced Applications: 15th International Conference, CARDIS 2016, Cannes, France, November 7–9, 2016, Revised Selected Papers. Ed. by K. Lemke-Rust and M. Tunstall. Cham: Springer International Publishing, 2017, pp. 228–244.
  • F. Kilic, H. Laner and C. Eckert. “Interactive Function Identification Decreasing the Effort of Reverse Engineering”. In Proceedings of the 11th International Conference on Information Security and Cryptology (Inscrypt 2015), pages 468–487, Springer International Publishing, 2016.