Last week, we explained that managing collaboration on side-channel analysis can be done with our esDynamic platform. Indeed, this platform is ideal when different people with different expertise need to share their knowledge and their results. But esDynamic actually has a lot more features that can be beneficial for developers or analysts wanting to assess or challenge the security of cryptographic algorithms implementations. Today, we want to introduce our specific/dedicated modules which can be plugged into esDynamic core platform, thus expanding collaborative capabilities to technical analysis:
Side-channel attack module
Successfully achieving a side-channel attack first requires mastering the trace processing. With this module, we offer a set of resynchronization and filtering techniques assisting the security analyst in the first phase of his attacks. We also provide optimized implementations of most common statistical attacks, including correlation-based attacks (CPA), differential attacks (DPA) as well as mutual information attacks (MIA). This module offers a comprehensive set of tools allowing users to attack any sensitive part of the cryptographic algorithms (such as Triple DES or AES) either by having a quick run thanks to a user-friendly interface or via a notebook using our dedicated functions. At your convenience, it is possible to integrate all your custom features to better suit your requirements and focus on your expertise development.
WhiteBox Cryptography module
The Whitebox cryptography (WBC) module provides a methodology and tools to extract and instrument native libraries and binaries of mobile platforms. This module is particularly useful when assessing a secure mobile application lying upon software-hardened cryptographic algorithm. Because code instrumentation is a crucial step in the security assessment of a WBC implementation, the WBC module extends the esDynamic platform providing software tracing and faulting capabilities. Supporting most commonly used platforms (ARM, ARM64, i386, x86_64), you will be able to point out weaknesses of your implementation prior to their potential exploitation. Thanks to a specific options’ set in the module, you will also be able to circumvent particular software countermeasures such as anti-tamper, junk code or anti-debug mechanisms and bring your analysis at the state-of-the-art.
The enhanced release of esDynamic is now available – try it! Request a demo today and email us: firstname.lastname@example.org