Who is this training for?
This course is intended for developers, security evaluators and researchers focused on hardware security testing, government organizations seeking to analyze threats posed by state-of-the-art side channel attacks, and Riscure Inspector customers. The course does not require any specific existing experience. Having general knowledge about embedded systems architecture is welcome.
Fault injection attacks influence the intended behavior of a device by changing critical values or program flow. Faults can be used to exploit or bypass robust security features found in secure embedded systems or dump the memory content.
Examples of such attacks include differential fault analysis (DFA) and bypassing authentication mechanisms. Faults can be injected in several ways: clock manipulation (for targets with an external clock), voltage where faults are injected in the target’s power domain and may cause wrong values to be read from the memory, electromagnetic fault injection by driving a high current through a coil or optical fault injection where a laser beam is used to achieve very specifi c change of data values or behavior.
During this course you learn how to inject faults for the purpose of security testing and you will apply these techniques in practice on real-world targets. You will also learn how to recognize when and where to inject a fault, what parameters are relevant, and how to use statistics to analyze faults.
- The workflow for performing fault injection testing.
- Voltage- and clock glitching a smart card PIN verification.
- Performing Differential Fault Analysis on a DES / AES operation.
- Optical glitching using a multi pulse laser on an RSA operation.
At the end of this course you will have a thorough understanding of fault injection. You can test the resilience of smart cards and embedded systems to fault injection with none up to basic countermeasures in a simple to moderate environment complexity.
Overall, an excellent value and a course that galvanized the students to learn and go further. Excellent job of the trainers and Riscure to explain a difficult topic in a straightforward way!
It’s a comprehensive course for those who want to have an overview of Fault Injection and sufficient hands-on practice.
Get to know Riscure Inspector
While the concepts we teach are generic and can be replicated using different equipment, during the training we use our Riscure Inspector tools and software. With Inspector we can effectively demonstrate a wide range of concepts; it is an all-in-one solution, is constantly updated and offers state of the art methods of security evaluation and analysis.
Advanced Fault Injection
Take the next step in fault injection and get ready to analyze the resilience of targets with complex countermeasures against fault injection attacks.
Secure Code Development Bootcamp
This training helps your development team to adopt the best security practices by sharing a hacker's mindset. Look at your software from a different perspective, understand how it can be hacked and identify ways to mitigate a coding error before it happens.