(Junior) Security Evaluator, Fault Injection

Security evaluations include a variety of tests from which the security of products can be assessed. One of the most powerful techniques is fault injection. Such attacks aim at modifying the circuit’s behaviour in order to access protected assets. Many types of fault injection attacks have been developed during the past decades, posing a critical threat for modern secured products. Fault injection security Evaluators use a wide range of attack methods to evaluate the security of a product.

 

The Position:

Fault injection attacks are performed in several steps, using various methods. Your daily activities involve (but are not limited to) cooperation with code and/or hardware reviewers to understand the product and its vulnerabilities, hands-on experiments in our lab, result analysis and reporting. As a (junior) fault injection security Evaluator, you will be trained in these activities by an experienced colleague. Once fully trained, you will become an independent Evaluator. As attacks and products are constantly evolving, you will keep learning with the team.

The vacancy is located in Delft, Netherlands.

 

Understanding the product

A fault injection test is usually one task of a larger evaluation project. These projects start with an implementation review (hardware and/or code) to identify potential vulnerabilities. This review is done by code and/or hardware reviewers who then create a test plan based on the identified vulnerabilities. Your task starts by building an understanding of the product: its architecture, the vulnerability you are assessing, the target operation you need to attack, etc. Typically, this information is also part of the test plan and you will discuss this during the project with the rest of the team. Understanding the architecture of a microcontroller/smart card, crypto algorithms such as DES, AES, RSA, ECC etc., or payment protocols will be helpful to understand the product. This will be the first part of your training if you have no experience in this area.

 

Fault injection experiments

Once you have understood the product, you will prepare product samples for testing. This step can involve various preparation techniques like mechanical or chemical removal of packaging, chip thinning, the preparation of test circuit boards, etc. Skills like understanding and/or designing electronic circuits or experience with lab equipment like oscilloscopes will be helpful but they – as well as any skills needed to prepare the samples – will also be part of the training and are not mandatory.

 

Once the sample is prepared, you will need to write a test script (typically in JavaScript) which performs the attack on one of the various fault injection set-ups present at SGS Brightsight. The techniques you will encounter include voltage manipulation (VM), body bias injection (BBI), electro-magnetic fault injection (EMFI) and light manipulation (LM) using various laser set-ups. During the second part of your training, you will learn how to prepare your sample and how to use all of our fault injection set-ups.

 

Analysis of the experiments results

As part of the experiments, you will assess the impact of the manipulation attempts performed e.g. by analyzing the response to a target command. You will need to determine whether the product you are attacking has activated countermeasures or whether you have successfully injected a fault. This is an iterative process, based on the results of several experiments for each of which you will actively choose the various parameters needed to thoroughly test the product. During this phase, you will discuss your results with the team and the code or hardware reviewer to understand better any unexpected activity you may observe.

 

Writing a report

As a final step, you will write a technical report to describe the experiments that you have performed as well as the results you have achieved. An important part of the report is your well supported conclusion with regard to the security of the product. The report must be understandable for internal and external entities, so it is important that you can determine what is important or not and have good writing skills in English.

 

Other activities

Besides the above-mentioned activities, fault injection security Evaluators are involved in the development of (hardware or software) tools and R&D of new attacks.

 

JOB REQUIREMENTS:

We are looking for people with a BSc or MSc degree in a technical field (Electronics, Physics, Electrical Engineering) with the potential ability to understand and perform the above-mentioned daily activities of Fault Injection Evaluators. It is important that you like to work in a lab, with oscilloscopes, function generators, and other electronic equipment. Having an analytic mind and being a good team player will be a plus. Experience in circuit development and knowledge of fault injection attacks are helpful but not mandatory. SGS Brightsight provides a full training program from basics to expert level. Therefore, your motivation, potential and attitude to analyse the products are most important. This job also requires that you communicate knowledge convincingly, both orally and in writing, to internal and external entities.

 

The field of security evaluation is very broad, constantly on the move, and very exciting. We look forward to welcoming you to our team!