Fault injection attacks are designed to influence the intended behavior of embedded systems by changing a critical value or by changing the fl ow of a program. Faults can be used to exploit or bypass robust security features found in secure embedded systems. Examples of such attacks include differential fault analysis
(DFA) and bypassing authentication mechanisms.
Faults can be injected in several ways: clock manipulation (for targets with an external clock), voltage where faults are injected in the target’s power domain and may cause wrong values to be read from the memory, electromagnetic fault injection by driving a high current through a coil or optical fault injection where a laser beam is used to achieve very specific change of data values or behavior.
During this course you learn how to inject faults for the purpose of security testing and you will apply these techniques in practice on real-world targets. During the course we learn how to recognize when and where to inject a fault, what parameters are relevant, and how to use statistics to analyze faults.
During the course, by means of hands-on exercises, you will:
• Become comfortable with the workflow for performing fault injection testing.
• Perform voltage- and clock glitching of a smart card to bypass the PIN verification.
• Perform differential Fault Analysis on a DES / AES operation.
• Perform optical glitching using a multi pulse laser on an RSA operation.
At the end of this course you will have a thorough understanding of fault injection. You can test the resilience of smart cards and embedded systems to fault injection with none up to basic countermeasures in a simple to moderate environment complexity.
What are our trainees saying?
Overall, an excellent value and a course that galvanized the students to learn and go further. Excellent job of the trainers and Riscure to explain a difficult topic in a straightforward way!
(Received April 2017)
It's a comprehensive course for those who want to have an overview of Fault Injection and sufficient hands-on practice.
(Received April 2017)
Want to know more? Download the flyer here. Or send us an email for more information.