Information theoretical metrics
Secure design is a non-trivial task. Therefore, a validation of the security level achieved in the final version (after place-and-route) is mandatory. However, it is not always obvious in standard evaluation schemes to relate a vulnerability to a design mistake. Using information theoretic metrics, Secure-IC has developed a systematic characterization methodology that pinpoints the problem to the designer directly in his source code language. Furthermore, the methodology uses comparable metrics, so that "security non-regression" tests can be conducted: a new release should have its information theoretic metrics lower than the previous one.
Whatever the final technological target of a cryptographic design (embedded software, FPGA, ASIC), a professional evaluation should use hardware validation. FPGAs are known to be extremely leaky; they thus constitute worst cases for the security of product. They are thus adequate platforms to challenge a design. Secure-IC provides a commercial-off-the-shelf prototyping board that allows for a rapid emulation. The specificity of the board is to simulate operations conditions, meaning that the board is not overly simplified. Therefore, real-world compromizing emanation tests and perturbation attacks can be conducted as in an operational scenario.