Areas
 

The advent of IoT has brought a number of new security challenges to the forefront. We are continuously involved with performing security reviews of embedded devices and their communications.

From tiny chips to really large ships, Assured has had the pleasure of securing systems with high demands and potentially low resources. Our expertise in embedded security ranges from design and architecture to communication channels, operating systems and protocols. We work with: IoT developers; service providers; hardware manufacturers; automation, energy, automotive and maritime systems; as well as any area where an embedded system is deployed.

Want to rest assured that your embedded systems have been thoroughly assessed and securely designed? Give us a call or send an email to find out more about us and how we can help!

References

CrypTech

CrypTech is an international long-term project with the aim of developing a fully open Hardware Security Module (HSM) with performance and security matching commercial, closed and black box solutions.

Assured has been involved in CrypTech from the start and continues to be part of the project core team. Some of the things Assured has been working with in the CrypTech project are:

  • Development of overall system design and threat model
  • Overall FPGA design and System on Chip solution
  • Development of the state of the art, cryptographically secure random number generator (RNG)
  • Development of tamper reactive FPGA based Master Key Memory (MKM)
  • Development of several FPGA cores used in the CrypTech HSM, for example:
    • Ring oscillator (ROSC) based entropy source used in the RNG
    • ChaCha stream cipher, used as high performance bit generator in the RNG
    • AES block cipher
    • AES KEYWRAP block cipher mode
    • SHA-256, SHA-512 hash function
    • Various timer, interface, I/O cores

Mullvad VPN

Assured is actively working together with Mullvad VPN on projects covering computer architecture, embedded security and hardware.

Fingerprint Cards

Assured has provided long term security knowledge and advisory as resident security specialist for Fingerprint Cards (FPC).

The role has included: development of their vulnerability management process; engagement in customer and third party discussions; security analysis and threat models for numerous products and solutions; code and design review; development of functional models; as well as software and hardware implementations of security and cryptographic functionalities.

Plejd

We are working with Plejd to assess and secure their services and devices for smart lighting and mesh communication

At Plejd they design and build their devices along with the cloud connectivity and mobile application controls, managing the whole ecosystem for their products. As a security partner, we at Assured provide advisory, security testing and assistance in secure design.

Netnod NTS FPGA development

The Network Time Protocol (NTP) is a venerable Internet protocol for synchronising time. It has been with us since at least 1985 as the most commonly used protocol for synchronising the time on computer systems. Over the years some mechanisms for security has been deployed - but nothing really secure and easy to use in a large scale setting. Because of this, a task force at IETF developed a new, comprehensive scalable security solution for NTP called Network Time Security (NTS). NTS was ratified and published by the IETF as RFC 8915 in September 2020.

Netnod has been operating a NTP service for many years. One unique feature of the Netnod NTP service is that it is fully implemented in hardware. The complete processing of NTP packets is done inside FPGA devices, with hardware parsing and handling the network packets as well as performing the NTP time stamping. The result is a NTP service that is very robust, very low jitter and high capacity.

The difference in packet processing between NTP and NTS is substantial. NTP requests can be processed as a stream. NTS on the other hand requires multiple passes to extract, update and reassemble a given request. The security mechanism is based on cookies, and use AES SIV (RFC 5297), a complex authenticated encryption (AE) mode, to protect NTS requests and responses.

Assured supported Netnod by providing a new FPGA architecture based on separate, parallel NTS engines that can be scaled to meet 10+ Gbps NTS traffic performance. Assured developed the new FPGA functionality including packet processing, NTS engines, cookie generation as well as all all cryptographic primitives.

The source code for the hardware based, high performance NTS solution has been released by Netnod and is available on Github

For more information, see: