About Riscure
About us
News
Events
Innovation @ Riscure
Testing Solutions
All Test Solutions
Inspector FI
Inspector Pre-Silicon
Inspector SCA
True Code
Inspector Open Training
Security Services
All Security Services
Security Certification
Riscure Academy
Security Evaluation
Secure Development Support
Industries
Defense & Aerospace
Automotive
Payments
Internet of Things (IoT)
Semiconductor
All industries
Knowledge base
Publications
Blog
Webinars
Support portal
Github
Join Us
Get in touch
Home
test
Title here
Device Security Quiz
Part 1
Component identification
Name the components and identify whether they are relevant to hardware attacks.
Question 1.1: Name the component:
(Required)
SPI NOR flash
Capacitor
Resistor
CPU
VCC
DC/DC converter
Empty connector
Coil
Question 1.2: Is this component likely to be relevant for an attack?
(Required)
Yes
No
Question 2.1: Name the component:
(Required)
SPI NOR flash
Capacitor
Resistor
CPU
VCC
DC/DC converter
Empty connector
Coil
Question 2.2: Is this component likely to be relevant for the attack?
(Required)
Yes
No
Question 3.1: Name the component:
(Required)
SPI NOR flash
Capacitor
Resistor
CPU
VCC
DC/DC converter
Empty connector
Coil
Question 3.2: Is this component likely to be relevant for the attack?
(Required)
Yes
No
Question 4.1: Name the component:
(Required)
SPI NOR flash
Capacitor
Resistor
CPU
VCC
DC/DC converter
Empty connector
Coil
Question 4.2: Is this component likely to be relevant for the attack:
(Required)
Yes
No
Question 5.1: Name the component:
(Required)
SPI NOR flash
Capacitor
Resistor
CPU
VCC
DC/DC converter
Empty connector
Coil
Question 5.2: Is this component likely to be relevant for the attack?
(Required)
Yes
No
Part 2
Memory and attack techniques
Question 6: For a successful attack, which memory type does one need to tamper with, and why?
(Required)
Volatile memory, because it holds runtime information
Volatile memory, because it’s likely to contain secret information
Non-volatile memory, because it holds information event when the system is not powered
Non-volatile memory, because changing this memory can’t cause the system to crash
Neither, because memory is not an interesting target
Question 7: Which of the following defines a successful buffer overflow attack?
(Required)
Reprogram the FPGA bitstream
Fill all memory positions in a buffer, so that the system runs out of memory and crashes
Write more data in a buffer than allowed, overwriting the return address of a function call and jumping to attacker code
Send malformed data to a buffer, so that the system interprets the data incorrectly, causing an attacker to gain runtime control or a leak of system information
Question 8: Which of the following defines a successful string formatting attack?
(Required)
Fill all the memory positions in a buffer, so that the system runs out of memory and crashes
Send malformed data to a buffer, so that the system interprets the data incorrectly, causing an attacker to gain runtime control or a leak of system information
Write more data in a buffer than allowed, overwriting the return address of a function call and jumping to attacker code
Send a string in an unsupported language, so that the runtime control of the system crashes
Part 3
Attack and defense mechanisms
Question 9: You are certain that your code is bug-free. However, with Fault Injection (FI), it is still possible to make your code exhibit wrong behavior (e.g., validate a wrong password). Please select all statements that apply.
(Required)
With FI attacks the password check can be skipped
It is usually required to have the firmware image of the system in order to perform an FI attack
It is not possible to detect FI attacks
To perform FI attacks you always need specialized equipment
It is not possible to perform a successful FI attack if we use an ASIL-D protected chip in our system, because it is tolerant to faults
Question 9: You are certain that your code is bug-free. However, with Fault Injection (FI), it is still possible to make your code exhibit wrong behavior (e.g., validate a wrong password). Please select all statements that apply. (5 points)
With FI attacks the password check can be skipped
It is usually required to have the firmware image of the system in order to perform an FI attack
It is not possible to detect FI attacks
To perform FI attacks you always need specialized equipment
It is not possible to perform a successful FI attack if we use an ASIL-D protected chip in our system, because it is tolerant to faults
Question 10: You are certain that your code is bug-free. However, with Side Channel Analysis (SCA) attacks it is still possible to learn the correct password. Please select all statements that apply.
(Required)
SCA attacks can cause the system to print out the password in some I/O line
For a successful SCA attack it is usually required to connect to some I/O line of the attacked system
It is typically not possible to detect SCA attacks
It is not possible to defend against SCA attacks because side channels always exist
It is not possible to perform SCA if we use an ASIL-D protected chip in our system, because of the system redundancy
Question 10: You are certain that your code is bug-free. However, with Side Channel Analysis (SCA) attacks it is still possible to learn the correct password. Please select all statements that apply. (5 points)
SCA attacks can cause the system to print out the password in some I/O line
For a successful SCA attack it is usually required to connect to some I/O line of the attacked system
It is typically not possible to detect SCA attacks
It is not possible to defend against SCA attacks because side channels always exist
It is not possible to perform SCA if we use an ASIL-D protected chip in our system, because of the system redundancy
Question 11: You are concerned about physical attacks such as PCB reverse engineering or replacing memory chips. Which of the below are countermeasures against physical attacks?
(Required)
Intrusion sensors
Scramble memory
PUFs (Physical Unclonable Functions)
Secure boot
Question 11: You are concerned about physical attacks such as PCB reverse engineering or replacing memory chips. Which of the below are countermeasures against physical attacks? (5 points)
Intrusion sensors
Scramble memory
PUFs (Physical Unclonable Functions)
Secure boot
Question 12: You are concerned about implementation attacks such as buffer overflows or Fault Injection. Which of the below are countermeasures against implementation attacks?
(Required)
Shielding/filtering
TEE (Trusted Execution Environment)
Cryptography: encryption, signatures, hashing, MACs
Add noise to power line (SCA)
Question 12: You are concerned about implementation attacks such as buffer overflows or Fault Injection. Which of the below are countermeasures against implementation attacks? (5 points)
Shielding/filtering
TEE (Trusted Execution Environment)
Cryptography: encryption, signatures, hashing, MACs
Add noise to power line (SCA)