Inspector FI - Fault Injection - offers all features to perform fault injection testing on smart card technology. Our hardware components cover accurate, reliable and thus predictable, clock and voltage glitching, and advanced optical attacks with purpose-built laser equipment. Fault injection attacks - also known as perturbation attacks - change the normal behaviour of a chip by inducing an exploitable fault. With Inspector FI, a user can test if a key can be extracted by inducing faults in a chip’s cryptographic operations, bypass a check such as an authentication or a lifecycle state, or change the program flow of code on the chip.
Used by organisations worldwide, the integrated modular platform of Inspector combines analysis and fault injection test modules. Pushing the boundaries for off-the-shelf Fault Injection testing hardware, Riscure Inspector is valued by analysts for the flexibility and top end specifications. Custom designed hardware and software enable government institutions, security evaluation laboratories and chip manufacturers around the globe to perform time efficient, reproducible, cutting edge security research.
Contact us directly at firstname.lastname@example.org for more information.
The all-in-one solution for detailed control over the entire side channel testing process.
"Inspector has revolutionized the way we evaluate our products' DPA resistance"
One solution for voltage, clock and optical laser perturbation testing and Differential Fault Analysis (DFA) of chip technology.
A powerful instruction set to program any fault injection attack scenario. Scenarios can be developed from the user interface or the IDE if more control is desired.
Multi-in-time and multi-location laser equipment custom-designed for fault injection testing together with our renowned partner, Opto.
DFA modules for implementations of popular encryption algorithms, including RSA, AES and 3DES
Our hardware provides high power glitches in the nanosecond range and accurate control without losing flexibility.
Stable platform which enables performing fault attacks using a multitude of parameters, either fixed, random or ordered.
Accurately trigger a fault injection attack using the icWaves. Rather than time, icWaves allows triggering on the actual waveform.
Bi-yearly updates for Inspector, dedicated help desk, extensive documentation and training from security professionals.
Optimized for outstanding FI results, our hardware is designed with the requirements of the user and business in mind without losing flexibility. Ease of use, effortless configuration and seamless integration with Inspector SCA software or extend your own platform using the SDK on selected devices.
Advanced pattern-based triggering device for generating time independent pulses to avoid jitter and time-related countermeasures in SCA or FI testing.
Reduce complexity in Side Channel Analysis (SCA) and Fault Injection (FI) by creating a single control point for communication and glitch pattern generation
Out-of-the-box solution for high power targets up to 10A
High speed pulsed EM fault injection probe for localized glitches.
Fast, accurate and predictable multi-in-time optical glitching for front side and back side laser attacks.
Add-on to the VC Glitcher to amplify the power glitches for an embedded processor
Upgrade to the Diode Laser Station to support multiple spots
Generates accurate and repeatable two (2) nanosecond voltage or clock glitches with fully programmable pattern and control logic.
The Inspector FI software comes pre-installed on an included workstation and three software licenses
Inspector FI software contains advanced hardware control options from the Inspector FI software, perturbation modules to configure the VC Glitcher and Diode Laser Station to test a specific fault injection scenario on a target and cryptanalytic modules to perform DFA after the faults have been injected.
Reach optimal performance with a system configuration ideal for Inspector. The workstation matches best with our software and hardware products and is updated regularly.
Your device under test is as important as the measurement and fault injection equipment you use in the set-up. Having accurate control of the device and being able to generate a reliable trigger can be daunting. Tight hardware integration, software flexibility and extendability make the task less challenging while creating a stable but flexible set-up.
Inspector FI supports calculating keys based on faulty outputs using Differential Fault Analysis (DFA) techniques. DFA relies on comparing the correct and faulty outputs, using Fault Injection hardware. Algorithms supported out of the box are AES, DES and RSA. As Inspector features an open development platform it is possible to implement new DFA modules to fit your target better.
Riscure allows you to stay up-to-date on these developments and up-to-speed with the tool. We provide regular software updates, host the annual Inspector User Workshop and take care of your support question and hardware repairs.
Introducing faults in hardware during cryptographic operations or decision points can lead to undesired behavior in the device under test and compromise security functions. Commonly used situations are skipping or modifying conditional statements for hash checking, authentication or bypassing secure boot implementations. The perturbation modules can be configured from both the user interface and code for all Inspector FI or custom hardware.
Inspector user training
The training that is supplied with Inspector is modular of structure to tailor to the demands and knowledge of the trainees. Knowledge on side channel analysis and Java is useful, but not required. All training components use training cards that are supplied with inspector. When the trainees return back home after the training, they can practice their new skills on these cards along with extensive tutorials. Depending on your needs, we can provide a training that meets your requirements.
Bookings can be made via email@example.com or your local reseller. Attendees are free to move their training 2 weeks in advance of the original starting date to another slot, when seats are still available. The full amount needs to be paid in advance of the training, no guarantees can be made regarding your booking if the amount is not received on time. Cancellation fees apply.
We provide regular updates to our users to improve side channel and fault injection testing efficiency, user experience and introduce fixes.
Inspector 4.11 SCA and FI (December 2016):
Inspector 4.10 SCA and FI (July 2016):
Inspector 4.9.1 SCA and FI (April 2016):
Inspector 4.9 SCA and FI (February 2016):
The world keeps moving: every year new attacks and methods are introduced. To keep you up-to-date we select practical attacks and make these available to our users.
For optimal performance of the software read the latest specifications of the PC workstation that we supply.
Tutorials, manuals, FAQ, release notes, software updates, issue tracking and much more can be found on our support portal. Please sign up and login at: https://support.riscure.com/
For Service Contract customers we organize two-day User Workshop where we will present the latest developments in side channel analysis and fault injection testing and provide practical tips.
We have a full-time support engineer to help with any issues you might face while doing your work. Our skilled people will try to get you back on track as fast as possible.
When purchasing Inspector, customers receive a permanent license to use the platform. We deliver Inspector to organisations in line with our Inspector Sales Policy. Under the service contract, the software of the tool is kept up-to-date and users are invited to the annual Inspector User Workshop.
Inspector SCA is a powerful tool that is are designed to determine the security strength of technology. However, it could potentially also be used to retrieve secrets for malicious or fraudulent purposes. Riscure only sells and distributes Inspector to organisations that can prove to have a legitimate business reason for using it.
The customer can demonstrate that it manufactures, integrates or issues technology which is not intended to illegally circumvent a security mechanism in another product.
Most of our customers are large and well-known international organisations. However, if we do not know of the customer's organisation, we first perform a background check and verify their location, scope and type of business that they are in.