Embedded Security Testing

The GDS embedded security testing methodology is designed to provide a comprehensive evaluation of all facets of an embedded system, ranging from high- level architecture review and firmware analysis to in-depth hardware security testing. These activities are intended to simulate those of a motivated attacker with physical access to the system and access to the required equipment to conduct low-level hardware attacks.

Approach

The following describes the phases of testing typically conducted during a GDS embedded system assessment. Test phases can be custom tailored as needed to meet specific security objectives.

Security Architecture Review

Documentation is reviewed and discussions are held with key system engineers to construct a high-level security overview of the system and to identify areas of specific interest or concern. Current security strategy is reviewed, including existing anti-tampering features, digital rights management (DRM), secure boot and "chain of trust" procedures, and related concepts.

Information Gathering

A detailed listing of all major on-board components and their interfaces is created, through a combination of physical inspection of the PCB(s) and review of available technical documentation. Datasheets are obtained for all major components, and communications protocols such as SPI and I2C used by each component are identified for later investigation. Potential debug or maintenance interfaces and/or test points are identified, such as JTAG, UART, or similar vendor-specific interfaces.

Passive Analysis

On-board and external data buses are monitored during normal system use, typically using a specialized device known as a logic analyzer. This is done to determine whether or not information such as encryption keys or other sensitive data are transmitted between components insecurely. Power usage and timing information is captured during cryptographic and other security-critical operations in an attempt to extract sensitive information via so-called "side channel" attacks.

Active Analysis

Connections are made to identified debug interfaces to uncover any insecure functionality that may be exposed. Non-volatile storage components such as EEPROMs are de-soldered from the PCB, and their contents are extracted for further analysis. Potentially malicious data is injected into identified data buses in an attempt to bypass security controls via unauthorized or unexpected input. If possible, DMA-style attacks are performed using specialized hardware to gain read/write access to physical memory of the running system.

Deliverables

GDS delivers a detailed and comprehensive report at the conclusion of each security assessment. All GDS reports are highly customizable depending on requested reporting requirements and typically include an executive summary, detailed technical findings and recommendations, and illustrative walkthroughs of all exploitation steps performed.

Related Services

If you would like to learn more about having GDS conduct security testing against your embedded systems, please email us for more information, or call your nearest GDS office.