My hardware security evaluation projects proposal
I offer four main levels of hardware security evaluation projects
to external companies as a part of my consulting:
feasibility study
initial security evaluation of semiconductor chips based on supplied
information, available documentation and general observations. It is aimed to
determine possible weak places in security. There are two types of evaluations -
passive, based on available documentation, and active, with some simple tests
applied to the device. Some preparation work is usually carried out by third
parties to reduce the cost
security analysis
testing against various attacks proposed during the 'feasibility study'
plus any other attacks which are concerned. The complexity and duration of the
project can vary widely and it is impossible to predict it in many cases,
however, most of projects fit into 2 to 20 weeks gap. When the evaluation
requires special test setup or unique equipment, this can cause some delay and
incur extra costs
working prototype
developing demonstration for reliable reproduction of an attack found
during the 'security analysis' study. Due to highly customised nature of this
level, all the work and outcome must be discussed in each case separately
technology transfer
developing special equipment and teaching on how a particular attack
techniques can be used for solving particular problems or optimisation
of attack techniques. This can be done only in a collaboration with
chip manufacturers or large development companies and involves substantial
investments into hardware security research
Sergei Skorobogatov
<Sergei.Skorobogatov (at) cl.cam.ac.uk>
created 26-09-2008 -- last modified 31-10-2008 -- http://www.cl.cam.ac.uk/~sps32/