Services
After years in working with large companies and governemental agencies, TrustnGo would like to share with your company its strong expertise in the field of embedded systems cybersecurity.
Thanks to our wide range of security oriented services, we are willing to let you :
- Focus on your core business
- Limit the risks coming with “homemade” security functions
- Reduce your development cost as you don’t need to hire cybersecurity specialists
- Shorten your time to market.
One to three days trainings aiming at giving you the keys to succeed in developping a secure embedded product.
TrustnGo can help you to define your security problem and optionaly write your security target.
Lets discuss together to define the product assets, the threats, the attacker model (i.e. remote or physical). The assumptions and the expected security functions.
Want to see an examplle of security target ? Take a look at ANSSI website of ARM PSA website.
At TrustnGo we are promoting modern technologies like Zephyr OS, TrustZone, Cortex-M33, Secure Elements and best practices thanks to ARM Platform Security Architecture or IEC 303 645.
For example, we might help you to efficiently (and securely !) use a Secure Element by implementing SE cryptographic bindig to the host.
Even if you have already designed your product without using a Secure Element or a TrustZone enabled MCU, you can already surpass your competitors by leveraging common hardware security features like the ARM Memory Protection Unit and implementing simple but powerful software security mechanisms.
Whether yout need authenticated encryption, public key cryptoraphy, key management or random number generation, we can help you to choose the right cryptographic algorithm for a given use case. In addition, we have a strong background in both performing side-channel attacks and fault injection.
In the same way, if you need to harden your software code against timing attacks, side-channel attacks or fault injection attacks, do not hesitate to contact us. We will help you to select the right countermeasure to protect your assets without impairing performance and incuring excessive additional costs.
At TrustnGo we can perform some penetration testings to assess the actual resistance of your products against remote and physical attackers.
In addition to remote attacks on communication protocols and cryptographic algorithms, we can also perform simple physical attacks like PCB reverse-engineering, power consumption side-channel attacks and fault injection attacks using electrical glitches. We can perform these tests on end-productsd or on a MCU chips alone thank to our side-channel / fault injection testing mother board.
Most of the time it is even not necessary to actually perform these tests! Indeed, most common vulnerabilities can already be detected at documentation level.
We can help you deploy FOTA infrastructures through serial port, USB, Bluetooth, UDP or any TCP/IP enabled communication channel. We are using open source technologies to allow you to keep a full control over the deployed solutions without having the fear to be locked-in a proprietary technology.
Wether your products are connected to internet or not, we can help you to deploy the right FOTA process.
TrustnGo can help you in monitoring any new vulnerability impacting the open source software integrated into your product. In addition, we can conduct a focused technological study on a a given hardware, software or cryptographic technology to give you insight in the future security challenges that may affect you. Finally, TrustnGo can help you in fixing software and hardware vulnerabilities discovered in your products
TrustnGo can help you to prepare a security CSPN, SESIP, CC, etc. certification by writing or reviewing your documentation and product implementation. We can also provide you advises on how to derisk an evaluation process.