Applus+ around the world
Close Countries Panel
Close Divisions Panel
Applus+ DIVISIONS
Energy & Industry Division
Industrial and environmental inspection, vendor inspection, technical assistance, non-destructive testing (NDT) and technical staffing for all type of industries.
Logo RTD Logo VELOSI Logo NORCONTROL Logo Intec Logo K2
Logo Ingelog Logo JAN Logo Kiefer Logo Novotec Logo NRay
Logo PTJava Logo Skc Logo XRay Logo Qualitec
Laboratories Division
Multidisciplinary laboratories.Testing and engineering for product development. Conformity testing and product certification. SYSTEMS CERTIFICATION.
Logo Applus Laboratories Logo Applus Certification
Automotive Division
Statutory vehicle inspection services and emission & gas testing solutions worldwide.
Logo Applus Automotive Logo Applus ITVE Logo NCT Logo Applus Bilsyn Logo K1
Logo Technologies Logo ITVs Logo Riteve
IDIADA Division
Design, engineering, testing and homologation services for the automotive industry worldwide.
Logo Applus IDIADA
News

Applus+ presents cost-effective solutions to evaluate cryptographic module security against current threats

07/06/2016
FIPS compliant products are not protected against Side Channel and Fault Injection Attacks, two effective penetration technics that are relatively easy and cheap to implement.
All commercial IT products marketed in the United States and Canada must comply with FIPS, an official security standard for cryptographic modules embedded in those products.
At the moment, FIPS 140-2 requirements do not include testing against Fault Injection and Side Channel attacks. Both attack techniques share common characteristics: they are cheap to implement with equipment that can be easily found on the market and they have proven to be effective against daily use commercial cryptographic products (embedded in laptops, cell phones, CPUs, etc.)
While a new version of FIPS is being prepared, the industry is now discussing how to include new testing requirements in a cost-effective manner. This issue was also one of the main topics of discussion the International Cryptographic Module Conference (ICMC), celebrated in Ottawa in May 2016. Applus+ decided to participate in the ICMC and provide its vision as a security laboratory with a proven track record evaluating security-critical products such as smart cards. 
At the conference, Applus+ presented its approach to evaluating Side Channel and Fault Injection attacks. Applus+ experts detailed how these penetration attacks can be performed, the necessary equipment and its approximate cost. In a second part of the conference, they proposed a model of testing campaign (SPA/SEMA, EMI injection, power line glitch, etc.) to evaluate cryptographic modules’ protection against Side Channel and Fault Injection attacks in a cost-effective way.
Click to download the Applus+ presentation at the ICMC or contact us for more information.
About Applus+ Security Laboratories
Applus+ is an IT security evaluation facility with SOGIS recognition to conduct Common Criteria security evaluations up to EAL 7. We are also recognized by EMVCo and most payment brands (Visa, AMEX, MasterCard, etc.) to evaluate the security of ICs, platforms and applications for payment solutions. Additionally, Applus+ is also one of the few laboratories in the world to be qualified to evaluate the security of TEE products under the GlobalPlatform Certification scheme. 
 
 
Site map