Who is this training for?
The primary audience for this training includes application developers, chip and hardware designers, security architects, security analysts, (product managers). The trainees typically come from smart card vendors, issuers like banks, governmental bodies, telecom and transportation industry and other test labs.
The training program provides thorough coverage on the topics mentioned above and is focused on beginner and intermediate level. The participants are expected to:
- Have a basic understanding of security and cryptography.
- Have a basic understanding of smart card technology and smart card interfaces.
- Have a basic understanding of Java Card Technology.
- Have experience in programming in Java and C/Assembly (native) on smart cards.
Riscure provides a three day practical introduction to all relevant attack techniques for smart cards. We focus on logical, side channel security and fault injection issues and introduce secure programming patterns, providing an understanding of the security requirements which can be taken into account when developing or evaluating smart card security.
During the training we examine source code and provide hands-on exercises to improve these implementations. We introduce logical security concepts and risks posed by the Java Card and GP platform in relation to security on all levels. Starting from the basics, such as the architecture and assumptions of the card’s operating system, we move to code development and applet development.
Further, we introduce countermeasures available to developers. Using these, the side channel and fault injection attack resilience of a smart card implementation should significantly improve. This approach allows you to develop a feel for the possibilities available to an attacker and limitations for software-based countermeasures against such attacks.
At the end of this course, you will:
- Understand the threats and security concepts of smart cards.
- Build experience in discovering security weaknesses in source code and in writing secure code for smart card technology.
- Build experience in developing and executing tests (attacks) to attack applets and the Java Card OS.
- Build experience in attacking smart cards with side channel and fault injection attacks.
- Understand the secure programming guidelines that are specific for smart cards.
- Understand how countermeasures can be used to mitigate vulnerabilities
Essential Fault Injection
Closely connected with SCA know-how, the Fault Injection experience this training empowers your team with the complete knowledge of hardware security techniques.
Essential Side Channel Analysis
Regardless of your background, this training is designed to help you understand what makes Side Channel Analysis easy and what makes it difficult.