My hardware security evaluation projects proposal

I offer four main levels of hardware security evaluation projects to external companies as a part of my consulting:

feasibility study

initial security evaluation of semiconductor chips based on supplied information, available documentation and general observations. It is aimed to determine possible weak places in security. There are two types of evaluations - passive, based on available documentation, and active, with some simple tests applied to the device. Some preparation work is usually carried out by third parties to reduce the cost

security analysis

testing against various attacks proposed during the 'feasibility study' plus any other attacks which are concerned. The complexity and duration of the project can vary widely and it is impossible to predict it in many cases, however, most of projects fit into 2 to 20 weeks gap. When the evaluation requires special test setup or unique equipment, this can cause some delay and incur extra costs

working prototype

developing demonstration for reliable reproduction of an attack found during the 'security analysis' study. Due to highly customised nature of this level, all the work and outcome must be discussed in each case separately

technology transfer

developing special equipment and teaching on how a particular attack techniques can be used for solving particular problems or optimisation of attack techniques. This can be done only in a collaboration with chip manufacturers or large development companies and involves substantial investments into hardware security research

Sergei Skorobogatov <Sergei.Skorobogatov (at)>
created 26-09-2008 -- last modified 31-10-2008 --