Smart cards and other secure microcontrollers are increasingly used for securing access to data or services. Examples of such devices are chip-enabled banking cards (e.g. EMV aka “het nieuwe pinnen”), electronic passports, pay-tv decoder cards and SIM cards. Security of these products is vital for the organizations (e.g. banks, or governments) issuing them, and for the individual users. As the security level of devices is evolving, so are the attack strategies. Malicious attackers typically do not disclose the details of their attacks, but do leave evidence of the strategy they have employed. Therefore, it is important for manufacturers to stay informed about the state of the art attacks. From sources within finance, pay-tv and government, it is clear that side-channel analysis and fault injection are actively being used.
This project addresses potential threats within the scope of side-channel analysis and fault injection. Any newly uncovered threats can be directly shared with manufacturers and other security labs through established certification networks that Riscure participates in. This knowledge can also be shared in the form of analysis tools: Riscure is the world-wide leading vendor of side-channel and fault injection test tools, and any new techniques can be directly implemented in these tools. This allows direct application not only within evaluations performed by Riscure, but also by any of its customers. These customers range from security labs to chip manufacturers and smart card vendors.