LAUNCHING ESDYNAMIC: YOU MAY NEVER WANT TO PERFORM EMBEDDED SECURITY ANALYSIS THE WAY YOU DID BEFORE.
On September 25th during the annual CHES conference, which was held in Taipei this year, eshard launched the new esDynamic platform. esDynamic offers a new way to perform in-depth security analyses in the field of embedded device and mobile applications. Based on an innovative technology and already adopted by teams of experts in side-channel cryptography, we observe that eshard’s analysis software has raised interest amongst established manufacturers and embedded security specialists.
eshard comes with a new approach to perform side-channel and White-Box cryptography analyses. Working on such projects for our customers, we noticed that attack/analysis success rate depends on criteria such as:
- The computation power – latest attacks require more computation power, such as higher order analyses.
- The challenge to keep pace with the latest attack techniques – there are a growing number of attacks available in the field and they become more and more sophisticated, maintaining one’s knowledge up-to-date is necessary but challenging.
- The efficient collaboration amongst different expertise – for example, the expert in signal-processing need to closely work with the crypto analyst.
In addition, different types of analyses such as White-Box cryptography are now needed: these projects aim at challenging the security of binaries or White-Box cryptography implementations using the principles of side-channel. For two years now challenges requiring to break White-Box cryptographic implementations have attracted the side-channel community of experts. Several publications appears on this subject and eshard is contributing to these technology improvements through esDynamic.
In this highly complex and expertise-related environment, we are proud to offer an efficient analysis software which would not only be performant from a technical point of view, but also solve recurrent issues that embedded security experts face in their day-to-day job, such as:
- spending energy and resources in maintaining a set of attack software,
- struggling to collaborate with outdated and spread software tools,
- having difficulties to manage the company knowledge,
- fearing to lose track record of all the results of an analysis campaign,
- spending a night to process a 2nd order attack over millions of traces.
Collaboration of such data between different areas of expertise has proven to be extremely tedious, time-consuming and difficult. These issues are gone with esDynamic. Testing White-Box cryptography embedded implementations and performing side-channel analyses can now be done using an all-in-one platform. A new and modern way of working is now possible.
NOTEBOOK TECHNOLOGY, A NEW AND MODERN WAY TO PERFORM SIDE-CHANNEL AND BINARY ANALYSIS
esDynamic integrates a key differentiator compared to other platforms: the Notebook technology. Already adopted by scientists for their academic work, this technology helps demonstrating a scientific thread easier than ever before. Thanks to Notebooks, you are now able to perform your security analysis from A to Z:
- from the traces visualisation,
- all the way through demonstrating your point with the help of writing theoretical explanations and LaTex formulas,
- coding your attack script, executing your script and keeping track of the result of this execution,
- till the extraction of the key and the conclusion of your report.
esDynamic Notebooks are an innovative way to create coaching and educational program for senior analysts to ramp up their less-expert colleagues, for academics to teach their students about side-channel analysis, for any external organisation involved in embedded security trainings. This dynamic sheet appears to be the ideal support for trainings, as the trainer can develop the theoretical and practical content of the course into one interface. Then the trainees do the exercises right into the Notebook, and the trainer is able to offer them custom support, knowing instantly their difficulties and success and being able to interact with the trainees in a very effective way.
Enhanced with collaboration features, Notebooks can be shared over the platform. Security analysts will easily share and use reference scripts or reference analysis, they will as well combine different expertise involved in the same analysis. The Notebook is the project, the report and the tutorial.
HOW DOES ESDYNAMIC ENHANCE YOUR WORK IN A BENEFICIAL WAY ?
- Use it in your preferred configuration: from a stand-alone computer to a server setup to installation in a computational demanding environment.
- Build a scalable computational capability, make the best use of your existing available computation or extend it on the fly.
- Import your measurements, such as EM or power traces.
- Generate you reference scripts and tutorials to manage, protect and keep track of your knowledge.
- Efficiently collaborate and share your traces, attack scripts and results amongst different teams of experts, whatever their location.
- Perform your analysis project from one single platform, enhanced with esDynamic’s advanced visualization tool, allowing high-volume side-channel traces management.
- Customize your instance of esDynamic, upload your already-developed attack scripts, develop or import any library into the open platform.
- Use and tweak esDynamic’s API, develop your own library: esDynamic is open to give you full control over your knowledge.
- Perform faster and efficient analyses thanks to esDynamic high performing features, implemented for second order attack, correlation attack or WBC traces resynchronisation.
esDynamic is an enjoyable and innovative way for performing security analyses in the field of embedded devices and mobile applications. You may want to try it (free trial here), it’s the best way to experience how ergonomic and work-changing it is. Designed to free security analysts from closed and divided work environment, you may as well find new application cases for using esDynamic. That is the best we can hope for this tool.
We are continuously striving to further develop additional features with having in mind to offer improved and innovative security tools to the community. Any feedback is appreciated: linkedin, twitter or email us at email@example.com.