Brief Overview - Hardware Security Assessment

The hardware security assessment is a new emerging and evolving technical expertise that requires terribly in the industry. This type of assessment for various products may include Industrial Control Systems (ICS) such as sensors, Programmable Logic Controller (PLC), Point of Sale (PoS) devices, Automobiles (famously called car hacking), embedded appliances deployed standalone or connected with different appliances in a network etc. This short article gives overview regarding what are the factors affecting the hardware security assessment.

Hardware security is critical at every stage of product development. Security of hardware development life cycle may be categorized into the following phases:

• architecture & design
• supply chain
• manufacturing
• repair services

Following are the factors that may be affected if any security parameter breached:

• Availability
• Integrity
• Confidentiality
• Authentication
• Non-repudiation

Following hardware assessment techniques may be employed to secure and help stakeholders to meet the expected security level. The security level may be defined by regulatory compliance or organization policies.

• Security requirements & threat modeling - In this assessment, security auditors gather security requirements for the product to mitigate identified threats.
• Design & architecture assessments - This type of assessment is required to evaluate the product based on design and architecture documentation. Security assessment includes a review of security functionality and inputs such as USB or wireless protocols, analysis of firmware to discover software level vulnerabilities.
• Side-channel analysis - This type of assessment tests the hardware for cache attacks, power analysis, timing attacks, scan chain attacks, etc. It also checks available countermeasures from software, hardware, and algorithm design.
• Reverse engineering - This assessment provides whether the product is secure if the product's physical security is compromised or available readily.
• Supply chain security & secure product manufacturing and repair - This assessment provides security assurance in the supply chain. Click Here for Quick Tutorial to understand Supply Chain Security.
• Common Criteria Certification - This is a product certification for security based on ISO 15408. This certification provides assurance levels 1 to 7. Level 1 corresponds to a basic level of evaluation for security features, while level 7 indicates more rigor and formal verification of security features.