Staffed with a team of security and systems analysts, as well as cryptography, hardware and software engineers, the Security Centre of Excellence will address the most critical security issues across multiple vertical markets. Contrasting the new venture with its pre-existing offerings, a spokesman characterised it as being less product-centric and more a “capability to help” with difficult security issues. Specific areas of detailed expertise offered include automatic code analysis (for vulnerabilitiesEO); and reverse-engineering/hacking of Ics/SoCs b differential power analysis (DPA). The company has experience in a variety of industry sectors, including military/defence, oil & gas, and commercial products. Microsemi adds that it sees client engagements where the initial contact is from a wide range of starting points; from those new to the security problem, who know only that they have (for example) IP that needs to be secured but have no experience of doing so; to those who are already “security-aware” but need to ensure that a new design is proof against current threats – and can be certified as being so.
“Our comprehensive security product portfolio coupled with our security team’s capabilities in system analysis, threat vulnerability identification and analysis, and ability to create highly tailored solutions have enabled Microsemi to expand our security presence in multiple markets,” said Paul Pickle, president and chief operating officer (COO) at Microsemi. “In today’s cyber hacking world, it is essential for every public and private organisation to proactively address security issues.”
Microsemi activities in this space draw on long-term efforts in providing high-grade security solutions for defence-based applications, with a focus on cryptography and security firmware, software and hardware solutions for the most challenging information assurance and anti-tamper needs. The company’s capabilities have expanded significantly over time to also include the most secure field programmable gate arrays (FPGAs) with differential power analysis (DPA)-certified countermeasures and layered cryptographic controls, allowing for true supply chain assurance and system authentication. Microsemi’s security solutions include cryptography and the company’s enhanced WhiteboxCRYPTO software providing even greater security, anti-tamper and key management IP (the DPA expertise is deployed to prevent attackers determining key values), secure and rugged solid state drives (SSDs) protecting data at rest, secure synchronous time-generating solutions to protect critical communications infrastructure, and Ethernet security products to protect data in motion. The company maintains independent laboratories that can assess side-channel/DPA threats in the US, in Europe and in Japan.
Among other approaches, Microsemi can deploy a Red team/Blue team strategy; that is, it can set up two completely separate teams to work on a given project. The “red” team acts as an outside hacking threat, working to expose any vulnerabilities in a system, while the “blue” team works to build and reinforce product security with insight into its architecture. The Centre can work on projects are are, or are not, intended to be Internet-connected, adopting what Microsemi terms a threat-driven approach over software, firmware and hardware.
Next page; Microsemi lists several of its specific areas of expertise in the field...