Smart Card Security (3 days)
Riscure provides a three day training on Smart Card Security. The training will address both logical and side channel security issues and introduce the participants into secure programming patterns, providing an understanding of the security requirements which can be taken into account when developing smart card code or when testing or evaluating smart card security.
Integral part of this training is the Java Card Logical Security Training, which is also provided separately as a one-and-a-half day training.
This training provides a practical introduction into the world of side channel and perturbation analysis. It shows the basics and allows attendees to understand and experience what it means to break a system with these types of attacks. At the same time this course explores the countermeasures that are available to developers. Using these, the side channel and fault injection attack resistance of software on smart cards and embedded systems will significantly improve. We examine source code implementations on weaknesses and provide hands-on exercises to improve these implementations. This will allow the attendee to develop a feel for the possibilities and limitations for software-based countermeasures against such attacks.
Furthermore the trainees will be introduced to the logical security concepts and risks posed by the Java Card and GP platform in relation to security on all levels. Starting from basics, such as the architecture and assumptions of the card’s operating system, trainees move in to defense code development and applet development.
For the demonstrations and exercises during this training the following tools will be used:
At the end of the course, the aim is that each trainee:
Our training is cost effective as it would require considerably more effort and time to obtain this level of knowledge in-house.
The nature of the training is mainly technical. The primary audience for this training includes:
The trainees typically come from Smart Card vendors, issuers like banks, governmental bodies, telecom and transportation industry and other test labs.
The training program provides thorough coverage on the topics mentioned above and is focused on beginner and intermediate level. The participants are expected to:
A basic conceptual understanding of side channel and fault injection testing is recommended, but not required to follow the training.
Riscure provides lunch, coffee/tea and beverages and training material. Equipment for the hands-on sessions will be provided. Each participant will receive a certificate of completion.
Interested in options and availability please contact us by email or phone
Visit our catalog for more information.