Inspector FI

Detailed control in your testing process

Inspector FI

Detailed control

Inspector FI - Fault Injection - offers all features to perform fault injection testing on smart card technology. Our hardware components cover accurate, reliable and thus predictable, clock and voltage glitching, and advanced optical attacks with purpose-built laser equipment. Fault injection attacks - also known as perturbation attacks - change the normal behaviour of a chip by inducing an exploitable fault. With Inspector FI, a user can test if a key can be extracted by inducing faults in a chip’s cryptographic operations, bypass a check such as an authentication or a lifecycle state, or change the program flow of code on the chip.

Worldwide standard

Used by organisations worldwide, the integrated modular platform of Inspector combines analysis and fault injection test modules. Pushing the boundaries for off-the-shelf Fault Injection testing hardware, Riscure Inspector is valued by analysts for the flexibility and top end specifications. Custom designed hardware and software enable government institutions, security evaluation laboratories and chip manufacturers around the globe to perform time efficient, reproducible, cutting edge security research.

Contact us directly at security-tools@riscure.com for more information.

The all-in-one solution for detailed control over the entire side channel testing process.

0f29a22_original

"Inspector has revolutionized the way we evaluate our products' DPA resistance"

— John Connor, Principal Security Engineer from INSIDE Secure

Key features

One solution

One solution for voltage, clock and optical laser perturbation testing and Differential Fault Analysis (DFA) of chip technology.

Flexible hardware

A powerful instruction set to program any fault injection attack scenario. Scenarios can be developed from the user interface or the IDE if more control is desired.

Multi-glitching laser

Multi-in-time and multi-location laser equipment custom-designed for fault injection testing together with our renowned partner, Opto.

Differential Fault Analysis

DFA modules for implementations of popular encryption algorithms, including RSA, AES and 3DES

Cutting edge hardware

Our hardware provides high power glitches in the nanosecond range and accurate control without losing flexibility.

Stable platform

Stable platform which enables performing fault attacks using a multitude of parameters, either fixed, random or ordered.

Time-independent triggering

Accurately trigger a fault injection attack using the icWaves. Rather than time, icWaves allows triggering on the actual waveform.

Professional support

Bi-yearly updates for Inspector, dedicated help desk, extensive documentation and training from security professionals.

software

The Inspector FI software comes pre-installed on an included workstation and three software licenses

Inspector FI software contains advanced hardware control options from the Inspector FI software, perturbation modules to configure the VC Glitcher and Diode Laser Station to test a specific fault injection scenario on a target and cryptanalytic modules to perform DFA after the faults have been injected.

customworkstation

Custom workstation

Reach optimal performance with a system configuration ideal for Inspector. The workstation matches best with our software and hardware products and is updated regularly.

vcglitcher

Device control

Your device under test is as important as the measurement and fault injection equipment you use in the set-up. Having accurate control of the device and being able to generate a reliable trigger can be daunting. Tight hardware integration, software flexibility and extendability make the task less challenging while creating a stable but flexible set-up.

furtherinfo03

DFA analysis modules

Inspector FI supports calculating keys based on faulty outputs using Differential Fault Analysis (DFA) techniques. DFA relies on comparing the correct and faulty outputs, using Fault Injection hardware. Algorithms supported out of the box are AES, DES and RSA. As Inspector features an open development platform it is possible to implement new DFA modules to fit your target better.

4ff6cbf3f6ba553b7100000d

Service Contract

Riscure allows you to stay up-to-date on these developments and up-to-speed with the tool. We provide regular software updates, host the annual Inspector User Workshop and take care of your support question and hardware repairs.

training02

Perturbation modules

Introducing faults in hardware during cryptographic operations or decision points can lead to undesired behavior in the device under test and compromise security functions. Commonly used situations are skipping or modifying conditional statements for hash checking, authentication or bypassing secure boot implementations. The perturbation modules can be configured from both the user interface and code for all Inspector FI or custom hardware.

Inspector user training

Inspector user training

Tailored to the demand

The training that is supplied with Inspector is modular of structure to tailor to the demands and knowledge of the trainees. Knowledge on side channel analysis and Java is useful, but not required. All training components use training cards that are supplied with inspector. When the trainees return back home after the training, they can practice their new skills on these cards along with extensive tutorials. Depending on your needs, we can provide a training that meets your requirements.

Enquiries

Bookings can be made via inforequest@riscure.com or your local reseller. Attendees are free to move their training 2 weeks in advance of the original starting date to another slot, when seats are still available. The full amount needs to be paid in advance of the training, no guarantees can be made regarding your booking if the amount is not received on time. Cancellation fees apply.

learn more

support

Software updates

We provide regular updates to our users to improve side channel and fault injection testing efficiency, user experience and introduce fixes.

Inspector 4.11 SCA and FI (December 2016):

Inspector 4.10 SCA and FI (July 2016):

Inspector 4.9.1 SCA and FI (April 2016):

Inspector 4.9 SCA and FI (February 2016):

Updates on new developments

The world keeps moving: every year new attacks and methods are introduced. To keep you up-to-date we select practical attacks and make these available to our users.

For optimal performance of the software read the latest specifications of the PC workstation that we supply.

Support Portal

Tutorials, manuals, FAQ, release notes, software updates, issue tracking and much more can be found on our support portal. Please sign up and login at: https://support.riscure.com/

An annual user workshop

For Service Contract customers we organize two-day User Workshop where we will present the latest developments in side channel analysis and fault injection testing and provide practical tips.

Dedicated support

We have a full-time support engineer to help with any issues you might face while doing your work. Our skilled people will try to get you back on track as fast as possible.

For technical assistance call +31 (0) 15251 4090 or visit our support portal

service contract

When purchasing Inspector, customers receive a permanent license to use the platform. We deliver Inspector to organisations in line with our Inspector Sales Policy. Under the service contract, the software of the tool is kept up-to-date and users are invited to the annual Inspector User Workshop.

  • Access to a dedicated technical support desk.
  • Keep your Inspector setup up-to-date with software and hardware improvements.
  • Extended warranty.
  • Attend the annual Inspector User Workshop.
  • Three contract tiers available to meet your specific needs and priorities.
  • Attend the annual Inspector User Workshop.
  • Twice a year, an update of the Inspector software core is released with new features, bug fixes and documentation. Updates of user-programmable hardware components and drivers.

Sales policy

Legitimate business only

Inspector SCA is a powerful tool that is are designed to determine the security strength of technology. However, it could potentially also be used to retrieve secrets for malicious or fraudulent purposes. Riscure only sells and distributes Inspector to organisations that can prove to have a legitimate business reason for using it.

Demonstrated use

The customer can demonstrate that it manufactures, integrates or issues technology which is not intended to illegally circumvent a security mechanism in another product.

We do background checks

Most of our customers are large and well-known international organisations. However, if we do not know of the customer's organisation, we first perform a background check and verify their location, scope and type of business that they are in.