Introduction to Smartcard Security
Specifically designed for smart card vendors, card issuers including banks and governmental bodies, this training covers the most important topics of smartcard security. Based on our extensive experience on securing and certifying smart cards for Visa, Mastercard and many other companies within the industry, this course combines knowledge about security threats relevant for the industry with practical knowledge on how to develop and test secure applets for smart cards. We also give an overview of Side Channel and Fault Injection attacks applied to the smartcard industry.
Duration: 3 days | Hands-on | Available on request, contact us at firstname.lastname@example.org
Who is this training for?
The primary audience for this training includes application developers, chip and hardware designers, security architects, security analysts, (product managers). The trainees typically come from smart card vendors, issuers like banks, governmental bodies, telecom and transportation industry and other test labs.
The training program provides thorough coverage on the topics mentioned above and is focused on beginner and intermediate level. The participants are expected to:
- Have a basic understanding of security and cryptography.
- Have a basic understanding of smart card technology and smart card interfaces.
- Have a basic understanding of Java Card Technology.
- Have experience in programming in Java and C/Assembly (native) on smart cards.
Riscure provides a three day practical introduction to all relevant attack techniques for smart cards. We focus on logical, side channel security and fault injection issues and introduce secure programming patterns, providing an understanding of the security requirements which can be taken into account when developing or evaluating smart card security.
During the training we examine source code and provide hands-on exercises to improve these implementations. We introduce logical security concepts and risks posed by the Java Card and GP platform in relation to security on all levels. Starting from the basics, such as the architecture and assumptions of the card’s operating system, we move to code development and applet development.
Further, we introduce countermeasures available to developers. Using these, the side channel and fault injection attack resilience of a smart card implementation should significantly improve. This approach allows you to develop a feel for the possibilities available to an attacker and limitations for software-based countermeasures against such attacks.
At the end of this course, you will:
- Understand the threats and security concepts of smart cards.
- Build experience in discovering security weaknesses in source code and in writing secure code for smart card technology.
- Build experience in developing and executing tests (attacks) to attack applets and the Java Card OS.
- Build experience in attacking smart cards with side channel and fault injection attacks.
- Understand the secure programming guidelines that are specific for smart cards.
- Understand how countermeasures can be used to mitigate vulnerabilities