This is the ideal tool for developers or analysts to explore the security of a binary performing a cryptographic operation, as well as performing security checks. Whether you are checking a third party’s application or your own implementation, the esDynamic framework will provide you with the ability to emulate the binary, script your analysis and perform your signal processing and statistical analyses on the data generated. Having this tool in hands will allow you to perform the latest attacks in the field and manage their complexity in an efficient way. You will find it very easy to start your own analyses by exploiting our notebooks and tweaking them without limitation.
THE WHITEBOX CRYPTO MODULE
- All in one: the user can run dynamic analyses end-to-end. You can instrument the binary, generate the data, filter the data, analyse the data and process the data. Our notebooks will help make this extremely easy for you.
- Mobile platforms supported: a large majority of mobile platforms are supported by the tool (ARM32, ARM64, I386) and the same process applies regardless of the nature of the platform.
- Technology integration: the latest emulation frameworks are integrated or can be integrated (Qemu, Unicorn, PIN, Walgrind).
- Exchange and share: the notebook and iPython technologies offer a new way of working by facilitating exchanges and sharing information.
- Generate traces: the framework allows you to generate data traces representative of the binary execution with options to filter the targeted operations or instructions. The noise issue of classical side-channel observations is circumvented by direct value monitoring.
- Inject faults: the framework allows you to create dynamic faulting campaigns with high performance.
- Create tutorials and scripts: create your tutorial and set of reference scripts with the comprehensive notebooks. Enrich eshard’s material with your own.
- Maintain the highest flexibility: esDynamic becomes your R&D platform, where you can customise the attacks, the way the results are displayed and all your scripts or data processing algorithms. You can facilitate your analyses with a convenient way to observe data traces, make use of notebook tutorials as a source of knowledge showing how to implement attacks as well as generate sophisticated technical reports with the notebook technology.
VIEW THE NOTEBOOKS
WHAT IS IT
- This powerful framework allows you to trace extensive and complicated binary code as well as inject faults in a very efficient and user-friendly way.
- Gather experts and offer them the opportunity to share and work together and efficiently. Notebooks can be shared over the platform and helps everyone to use reference scripts, to implement coaching or educational program, and simple to combine different expertise involved in the same analysis.
- A framework for your researches and developments in the side-channel area. It is designed to provide you with the full freedom of creating and customising your own scripts, the way the results are displayed, etc. and even import your previous work.
- Different installation models are possible to fit your requirements and work model. The installation is smooth and allows you to build an evolutive computational capability.
- Combine with other esDynamic modules and utilise one single platform to execute multiple analyses and gather all your work on the same platform.
WHO IS IT FOR
This tool can be used by:
- Crypto experts to complement static analysis and physical attacks (SCA and FIA).
It is the ideal tool for developers of any mobile applications that rely on cryptography to protect assets can take advantage of the tool and perform security checks. Whether you are checking a third party’s application, your own implementation or require a tool to perform certifications with, esDynamic is the most user-friendly and efficient tool available on the market today.
- To achieve a strong security level, cryptography must be implemented in a resilient way to withstand sophisticated attacks aiming to exhibit the secret keys. In this white paper we focus on a specific range of techniques.
- The increasing sophistication of attacks requires that cryptography implementations must be resilient if the assets are to be protected. This white paper describes a specific range of techniques: fault injection attacks. They have the potential to compromise virtually all implementations including whitebox and traditional cryptographic implementations if they are not specifically protected. We highlight the importance of exploring in depth the security of cryptographic implementations.