This content is archived.


CEA-LETI, France

Advanced Technology:

ICT prototype security assessment


Guillaume HERVÉ


Security assessment for an ICT product prototype

CEA Leti operates an ITSEF (Information Technology Security Evaluation Facility). This ISO 17025 accredited laboratory has been performing security evaluation of hardware and embedded firmware for more than 20 years. Leti ITSEF is accredited by ANSSI, France’s national agency for information system security, for conducting Common Criteria security evaluations up to the highest level (EAL7). Leti ITSEF is widely recognised for its technical know-how and professionalism, in particular by major players in the banking industry including Visa, Mastercard, American Express… In the recent years, Leti ITSEF pioneered new attacks on devices through the use of artificial intelligence and ultra focused X-rays that underlined its technological and scientific excellence.

For DIGIFED, Leti ITSEF proposes a first security assessment for innovative prototype devices so as to foster a “secure by design” approach. This outside look, provided at early stage in the development process, will provide feedback to developers who will be able to enhance their security features.

Test benches used for penetration testing on an IC


  • Analysis of the device to identify potential vulnerabilities
  • Draw up a test plan
  • Perform penetration testing that may include:
  • Attacks on interfaces
  • Physical tampering
  • Side channel analysis
  • Fault injection
  • Reverse engineering

Typical use cases

This service is proposed for innovating designs in hardware, embedded software, or prototypes of ICT products that are aimed at applications where confidentiality, integrity, availability, privacy shall be implemented.

The evaluation may also focus on a new specific HW or SW security functionality in order to verify its efficiency.

Further information can be found at

Further contacts