The CEACI (Centre of Evaluation and Analysis of Information Technology Components) is an ITSEF evaluation centre belonging to the TSS company. It has been created in 1994 and is located in the CNES buildings in Toulouse. The CEACI shares state of the art equipments for failure analysis (Focused Ion Beam microscope, Atomic force microscope...) and physical/electrical characterisation with the CNES (French Space agency) central laboratory under a private partnership.
The CEACI is a ITSEF (IT security evalutation facility) accredited by the French certification body DCSSI for ITSEC and Common Criteria evaluations (E3 high ITSEC, evaluation of hardware equipment / EAL 4+ Common Criteria) and is COFRAC ISO 17025 accreditated for the evaluation of security products. It is the main French ITSEF with a positioning in the international market place.
The CEACI has a strong experience in evaluations and in the application of ITSEC and Common Criteria, based on various security product evaluations for administration, automotive, banking, computing, defence, telecom, transport, ... CEACI operates in the components and HW/SW area that encompasses a broad range of security products : smart cards, RFID, USB tokens, secured flash cards, secure microcontrollers, ASICs, FPGAs, HSMs, terminals, encryptors ....
CEACI uses attack techniques in attempts to breach security and access confidential information that is believed to be protected.
CEACI is a full partner of WP3 all along the project duration, to contribute to state of the art European secure solutions on FPGA.
CEACI will bring its expertise and further develop it on FPGA and the related possible reverse, such to get insurance that the final product is conformant to the specifications (place & route, fonctional & logical blocks, protection mechanism). The design tools properties will be evaluated (traceability of security requirements inside the tools and the resulting design).
In addition, CEACI is working on hardware security testing since 1999. Most of the techniques used can be applied on FPGA or SoCs products . CEACI will so be able to search for vulnerabilities on demonstrators by applying state of the art penetration tests on both type of platform. Sensibility against side channel analysis and fault injection will be tested on FPGA and SoC prototypes developed during the project.
Based on state of the art techniques in failure analysis and security evaluation, CEACI will make "reverse engineering" on the programming bitstream in order to ensure that the final product fully satisfies the specifications issued by EDA SoC partners. Some research work is already performed in the laboratory in order to apply most advanced techniques such as dynamic light emission on last generation FPGA in order to reverse engineer the implemented code and/or break the security functions implemented (typically extact a secret key during cryptographic computations). Classical side channels attacks (SPA/ DPA) have also been done with on FPGA implementations. Further related research will be developed during EDA SoC program.