Security evaluation includes a variety of tests from which the security of products can be assessed. One of the most powerful techniques is the class of side channel attacks. Such attacks aim to retrieve secret information by using information a product leaks in some indirect ways, such as power consumption, electromagnetic emission, etc. After its advent in 1990’s side channel analysis has become one of the critical threats to the security of modern security products such as smart cards, electronic passports, payment terminals, etc. Side Channel Evaluators will assess these products in terms of their security against state-of-the-art side channel attacks with hands-on experiments and analysis.
Side channel analysis is composed of several steps as outlined below. The day to day activities of Side Channel Evaluators involve performing these activities (but are not limited to them). As a (junior) Side Channel Evaluator you will be trained so you grow to understand all of the following. Once you are fully trained, and capable of performing Side Channel analysis attacks independently and with a high level of quality, you will be promoted to the position of (senior) Side Channel Evaluator.
Understanding the product
The Side Channel Evaluator starts his/her tests by building an understanding of the product: the target operation, vulnerability of the product, etc. Typically, this information is delivered by code or design reviewers in the form of a test plan. Understanding of crypto algorithms such as DES, AES, RSA, ECC etc., architecture of a microcontroller/smart card, or payment protocols will be helpful to understand the product.
Measurement of side channel information
After understanding the product, the Side Channel Evaluator first prepares a sample product for measurement. Several preparation techniques may be required, for example, removal of the package using an etching machine, making a circuit board with soldering, etc. Understanding electronic circuits, having experience making them, or experience of using an oscilloscope will be helpful.
Once the sample is prepared, the Side Channel Evaluator measures power consumption or electromagnetic emission of the product using a dedicated measurement set-up.
Analysis of the measured signals
The Side Channel Evaluator analyses the measured signals first by pre-processing the traces with different kinds of signal processing technics such as noise reduction, trace alignment, frequency domain transformation, etc., and then by applying mathematical methods such as statistical mean, correlation, multivariate-Gaussian model, mutual information, hypothesis testing, Maximum-Likelihood testing etc. Recent advances in the Deep Learning field have also led us to use this in Side Channel Attacks. Therefore, artificial neural networks (ANN) are now also part of side channel analysis. When only partial information of the secret key is known from the tests, the Evaluator needs to estimate the security using probability and entropy theory. A good understanding of the above mentioned mathematics or ANN will be helpful.
Writing a report
As a final step the Side Channel Evaluator needs to write a technical report that includes the details of the tests and the results. This report must be understood clearly by internal and external entities, so it is important to have good writing skills in English.
Besides the above mentioned activities, Side Channel Evaluators are involved in development of (hardware or software) tools and R&D of new attacks.
We are looking for people with a BSc, MSc or PhD. degree in a technical field (Information Security, Computer Science, Electronics, Mathematics, etc.) with the potential ability to understand and perform the above mentioned daily activities of Side Channel Evaluators. A good understanding of mathematics is important, as is possessing an analytic mind. Experience of development of electronic circuits and knowledge of crypto algorithms are helpful but not mandatory. SGS Brightsight provides a very good training program from the basics to the expert level. Therefore, potential and attitude to analyse the products are most important. This job also requires that you communicate knowledge convincingly, both orally and in writing, to internal and external entities. Working with colleagues from different backgrounds and knowledge is also important.
The field of side channel analysis is very broad, constantly on the move, and very exciting. We look forward to welcoming you to our team!