Essential Fault Injection Training

This course is intended for developers, security evaluators and researchers focused on hardware security testing, government organizations seeking to analyze threats posed by state-of-the-art side channel attacks, and Riscure Inspector customers. The course does not require any specific existing experience. Having general knowledge about embedded systems architecture is welcome.

Fault injection attacks influence the intended behavior of a device by changing critical values or program flow. Faults can be used to exploit or bypass robust security features found in secure embedded systems or dump the memory content.

Examples of such attacks include differential fault analysis (DFA) and bypassing authentication mechanisms. Faults can be injected in several ways: clock manipulation (for targets with an external clock), voltage where faults are injected in the target’s power domain and may cause wrong values to be read from the memory, electromagnetic fault injection by driving a high current through a coil or optical fault injection where a laser beam is used to achieve very specifi c change of data values or behavior.

During this course you learn how to inject faults for the purpose of security testing and you will apply these techniques in practice on real-world targets. You will also learn how to recognize when and where to inject a fault, what parameters are relevant, and how to use statistics to analyze faults.

Learning goals:

• The workflow for performing fault injection testing.
• Voltage- and clock glitching a smart card PIN verification.
• Performing Differential Fault Analysis on a DES / AES operation.
• Optical glitching using a multi pulse laser on an RSA operation.

At the end of this course you will have a thorough understanding of fault injection. You can test the resilience of smart cards and embedded systems to fault injection with none up to basic countermeasures in a simple to moderate environment complexity.

Overall, an excellent value and a course that galvanized the students to learn and go further. Excellent job of the trainers and Riscure to explain a difficult topic in a straightforward way!

It’s a comprehensive course for those who want to have an overview of Fault Injection and sufficient hands-on practice.

While the concepts we teach are generic and can be replicated using different equipment, during the training we use our Riscure Inspector tools and software. With Inspector we can effectively demonstrate a wide range of concepts; it is an all-in-one solution, is constantly updated and offers state of the art methods of security evaluation and analysis.

Please click here to access our e-learning platform where you will be able to view the upcoming dates for this training. Once you have your plans defined, there you can also register and purchase your seat right away. If you have questions or would like to discuss a special training program for your company, please contact us at trainingacademy@riscure.com.