Though cryptographic algorithms like AES are crypto-analytically secure, real implementations must at least be tested against logical attacks such as API misuse. Smart cards and similar devices also face fault and side channel attacks. Such attacks exploit physical effects to manipulate the device or learn about secret information. As these attacks are very critical, customers in the smart card industry ask for third party evaluation (e.g. Common Criteria or EMVCo) to confirm high assurance levels. If passed, a certificate is issued by a trusted party. With the rise of the IoT, physical attacks and respective third-party witnessing of resistance might soon be relevant there as well.

About This Course

Though cryptographic algorithms like AES are crypto-analytically secure, real implementations must at least be tested against logical attacks such as API misuse. Smart cards and similar devices also face fault and side channel attacks. Such attacks exploit physical effects to manipulate the device or learn about secret information. As these attacks are very critical, customers in the smart card industry ask for third party evaluation (e.g. Common Criteria or EMVCo) to confirm high assurance levels. If passed, a certificate is issued by a trusted party. With the rise of the IoT, physical attacks and respective third-party witnessing of resistance might soon be relevant there as well.

Download Presentation

What you will Learn

Different security implementations for smartcards.

Course Outline

  • Part 1| Physical Attacks
    • 1.1| Functional vs. Physical Security
    • 1.2| Attacks on Smart Cards & Similar Devices
    • 1.3| Attacks on Smart Cards & Similar Devices Continued
  • Part 2| Side-Channel Analysis Attacks
    • 2.1| Pentagon Pizza Attack Example
    • 2.2| Pin Code Variation - Preventing Attacks
    • 2.3| Time/SPA Attack: Example RSA
    • 2.4| Good Practice to Avoid Information Leakage
  • Part 3| Attacks, Flow Control & Data Integrity
    • 3.1| What are Fault Attacks?
    • 3.2| Simple Fault Attacks: Code Execution
    • 3.3| Good Practice to Project Flow Control & Data Integrity
    • 3.4| Good Practice to Project Flow Control & Data Integrity Continued
  • Part 4| Security Evaluation & Certification
    • 4.1| Overview of Security Evaluation & Certification
    • 4.2| General Workflow Diagram
    • 4.3| Security Evaluation to Common Criteria Diagram
    • 4.4| Security Evaluation to Common Criteria Diagram Continued
    • 4.5| Evaluation Assurance Levels (EALS)
    • 4.6| EALS - Vulnerability Assessment Levels
    • 4.7| Number of CC Certificates in Different Domains
    • 4.8| NXP Composite Certifications
  • Part 5| Smart Card Domain
    • 5.1| The Working Groups in the Smart Card Domain
    • 5.2| Major Attack Classes & Attack Phases
    • 5.3| Rating Tables for Smart Cards

FIDO Alliance is getting huge traction in the secure authentication world and the member count has surpassed 250 companies. Secure Element based FIDO U2F Authenticators add another security layer to consumer online authentication for cloud services and have been deployed for services like Google, Dropbox, Github, and others. These Authenticators are available in various form factors (Cards, USB keys, Fobs, Wearables and embedded) and support multiple interfaces like USB, NFC and BLE to connect users to critical online services using the FIDO authentication protocol. In addition to FIDO credentials, NXP provides vSE based multi-credential (PKCS#15, EAC, BAC, SAC, Mifare, PIV ) as well as an online services platform including eDoc derived mobile credential management connecting relying parties to enable secure mobile authentication for eGov services.

About This Course

FIDO Alliance is getting huge traction in the secure authentication world and the member count has surpassed 250 companies. Secure Element based FIDO U2F Authenticators add another security layer to consumer online authentication for cloud services and have been deployed for services like Google, Dropbox, Github, and others. These Authenticators are available in various form factors (Cards, USB keys, Fobs, Wearables and embedded) and support multiple interfaces like USB, NFC and BLE to connect users to critical online services using the FIDO authentication protocol. In addition to FIDO credentials, NXP provides vSE based multi-credential (PKCS#15, EAC, BAC, SAC, Mifare, PIV ) as well as an online services platform including eDoc derived mobile credential management connecting relying parties to enable secure mobile authentication for eGov services.

Download Presentation

What you will Learn

Secure Element based FIDO U2F Authenticators overview

Course Outline

  • Part 1| Hacking & The Authentication Problem
    • 1.1| Introduction to Hacking
    • 1.2| The Pa$$w0rd & OTP Problem
    • 1.3| Hardware Based Solutions
    • 1.4| Security Experts' Safety Practice
  • Part 2| FIDO Alliance Overview
    • 2.1| FIDO Alliance Member Companies
    • 2.2| The Value Proposition
    • 2.3| Adoption of UAF & U2F
  • Part 3| U2F Architecture & Authenticator Form Factors
    • 3.1| Architecture Diagram
    • 3.2| Authentication Server
    • 3.3| FIDO Authenticators
  • Part 4| NXP Fido Solutions
    • 4.1| U2F Interface Options & Solutions Overview
    • 4.2| FIDO U2F Requirements
  • Part 5| Summary Of Parts 1-4
    • 5| Summary Of Parts 1-4
  • Part 6| Credential Management
    • 6.1| eGovernment Saving Potential
    • 6.2| Online Security Issues Today
    • 6.3| Credential Management Service
  • Part 7| Multi-Purpose eID Cards
    • 7.1| Details of Multi-Purpose eID Cards
    • 7.2| Architectural Overview
  • Part 8| eGove Case Study
    • 8.1| Case Study Explanation
    • 8.2| Results: How to Address Credential Service Opportunities