Embedded Systems and IoT

Cyber security assessments and tests

We conduct cyber security assessments for embedded systems from all sectors and support you from concept design to the final test in the development of an all-round safe product.

 In our laboratory we can conduct practical tests on a wide range of technologies. This includes common interfaces such as CAN, I2C, SPI or JTAG as well as industry-specific interfaces such as for smart meters or medical devices. Research on security aspects of newly developed IoT protocols such as Bluetooth Low Engergy (BLE) Mesh and LoRaWAN is a special focus.

When implementing cryptographic procedures and protocols for embedded systems, it is not only their resource limitations that pose a challenge, but also secure key exchange, long-term security and protection against physical access and side channel analysis. Our experts for hardware-related cryptography, trusted computing, post-quantum cryptography and side channel analysis help you to identify weak points and find an optimal solution.

Individual and customer-specific

 Although there are numerous security standards, none of them can capture the full complexity of cyber security. In order to gain an advantage over attackers, an individual perspective is required. We therefore follow a flexible approach that can be adapted to your specific requirements.

We discuss your objectives, requirements, general conditions and the test object with you and on this basis prepare an individual offer for you at a fixed price.

Comprehensive cyber security assessments

We don't limit ourselves to highlighting individual vulnerabilities. Our goal is to provide you with the best possible support to secure your system. We systematically examine security properties from all angles. In this way, we arrive at a comprehensive and meaningful assessment of the security level:

  • Requirements and threat analysis: Security is relative. There are no generic functions and features that a system must have in order to be secure. For this reason, our security assessments always begin with a requirements and threat analysis. What needs to be protected, against whom and against what potential threats?

  • Concept review: Security is not created by itself, but by well-planned security measures. We check whether your security concept corresponds to the state of the art, whether all security measures are appropriate, complement each other meaningfully and fit the deployment scenario.

  • Verification of implementation: Good security measures only work if they have been implemented correctly. We therefore use practical tests to check every security measure for its correct function and typical errors. This step is particularly important for cryptographic functions and protocols, where even small unnoticed bugs often have devastating effects.

  • Penetration testing: We put ourselves in the role of an attacker and look for creative ways to circumvent security measures. Our goal is to discover all possible vulnerabilities and give you recommendations on how to fix them

Comprhensive reports

After completion of the analysis, you will receive an individually formulated detailed result report from us, which deals specifically with the test object and its environment. We put special emphasis on the explanation of all identified weaknesses and practical suggestions for their elimination.

Fraunhofer SIT Certificate

After successful completion of a comprehensive security analysis, we can issue a public certificate as independent proof of quality of the security for your product.

Information on the Fraunhofer SIT Certificate