Home Blog Security Products Addressing the threat of Fault Injection

Addressing the threat of Fault Injection

Author: Riscure Team

As with any other security challenge, there is no ‘silver bullet’ to remediate Fault Injection attacks once and for all. Fault Injection is a hardware attack, and, if successful, it can completely circumvent critical security mechanisms. However, a comprehensive approach can reduce the number of ‘weak spots’ in your device. In this blog post we will discuss the solutions from Riscure that help our customers make their solutions more robust: our tools, services and security training.

At Riscure we believe a comprehensive approach has to be implemented to address security problem. If you are, for example, an IoT device vendor, you need a security assessment. How well are your devices protected from a hardware attack? Such evaluation can be done by a security lab for you, in a form of a black box or white box testing. You also may decide to implement a regular testing of your devices, and in this case you need tools to evaluate the security yourself. Finally, the most important fact about hardware attacks and Fault Injection in particular, is that the most effective countermeasures against them should be implemented in software. This is achieved via automated code review that is fine-tuned to take hardware attacks into account, and by educating your software development workforce about typical weak spots in software that lead to hardware vulnerabilities.

Riscure – Experts in Fault Injection

With more than 20 years of experience in hardware security and unique expertise in Fault Injection, Riscure offers the complete solution to improve security during all stages of development. With hardware it is important to embed recommended security practices as early as possible, to avoid costly redevelopment, should a serious vulnerability be discovered during the production stage. Our combined offer of tools, services and training for those who would like to defend against Fault Injection consists of the following:

Security Training

Helps software developers, security architects, and business decision makers learn more about the threat and obtain the latest expertise on the topic. While hardware countermeasures against hardware attacks exist, the most impact is achieved by applying protection in software. Check our these training courses from Riscure to get you and your team up to speed:

Fault Injection for Software Developers

Secure Coding Fundamentals

Fault Injection for Embedded Systems

We recommend taking the comprehensive Secure Coding Fundamentals training program that delivers everything you need to know to improve the security of your embedded system. These courses are available online. Customized training, delivered online or on location are also available. Learn more about our entire Training offer.

Tools: Riscure True Code

Static and Dynamic code analysis is a key part in mitigating Fault Injection Threats. We help customers find coding errors and issues after their code has been validated by other code analysis tools or internal manual reviewing. Next to that we  offer the abilities to validate your code running in a simulator. Learn more about True Code on our website.

Tools: Riscure Inspector

Riscure is a leading vendor of tools and software for Hardware Side Channel and Fault Injection testing for more than 15 years. We have helped over 200+ customers to build their own labs to improve the security of their devices against hardware attacks. Learn more about Riscure Inspector Fault Injection and browse our complete hardware catalog.

Services: Security Lab

At Riscure we have been performing Fault Injection attacks on Smart Cards under EMVCo and Common Criteria. The threat has also been acknowledged with Content Protection where as a leading lab we have helped various SoC vendors to pass a variety of certifications. Currently we see a growing interest to adopt the Fault Injection remediation requirements of the payment and premium content industries in other developments, including Automotive and IoT. From a design review, pre-evaluation, general assessment or a full blown certification process, please feel free to contact us to see what our Fault Injection capabilities are. Learn more about Security Services.

In May 2020 we are hosting a special event, the ‘Riscure Fault Injection Crash Course’ aimed at businesses who would like to understand the threat of Fault Injection. If you would like to learn more about potential attacks, their consequences and mitigation steps, register to attend this online event here.

Share This