Towards a Black-Box Security Evaluation Framework

Injection of faults has been studied in various research works since last decades. Several hardware targets have been studied with respect to the efficiency of fault injections. In this paper we address the security evaluation of embedded systems in constrained environments called black-box analyses. This is not considered by standards of evaluation as they require conducting the analysis in the most relaxed conditions, often called white-box analysis which focuses on specific security modules provided that the finer details are available. However, black-box analysis has a much larger view by focusing on all the system as potential target. It is closer to a real world attacker. This allows measuring the impact of real attack scenarios, and therefore thinking and building the most adequate protections. We put forward a six steps evaluation methodology along with a practical use-case on a real end-user device. This shall give a better understanding and also an evaluation framework of black-box analysis.