Device Security Bulletin | Issue 78
Keysight Device Security Testing
Riscure Security Solutions, a Keysight Technologies device security research lab
Security Highlight: Side-Channel Vulnerability in Infineon Cryptographic Library
Recently Thomas Roche from NinjaLab revealed a side-channel vulnerability in Infineon’s Elliptic Curve Digital Signature Algorithm (ECDSA) implementation, which allows attackers to recover private keys from a few signatures. The vulnerability affected a number of products using Infineon’s cryptographic library, including the Yubikey 5 hardware authentication device.
Reading the EUCLEAK paper provides a detailed journey through the ups and downs of carrying out a blackbox attack. Roche’s perseverance, as well as the ingenious techniques used, exemplify the challenges and triumphs inherent in side-channel cryptography.
The Latest Updates
Join our webinar on October 2: Security Training for the Automotive Industry
We've recently launched our new Automotive Security Training, which addresses current challenges and evolving threats in the automotive industry, providing participants with up-to-date knowledge and techniques. The course covers the entire spectrum of automotive security, from foundational concepts to advanced diagnostics and hands-on sessions.
We're thrilled to give you a first look at the new training during a special mini-webinar on October 2nd at 5pm CET/11am EST. This session will offer a sneak peek into the course content, a live demo of the hands-on exercises, and an exclusive Q&A with our trainers. Mark your calendars and join us live!
NEW: Riscure Side Channel Webinar, 2nd PQC Edition
Join us online on November 7th at 5pm CET/11am EST for the next edition of the Riscure Side Channel webinar series. This session will focus on the advancements in Post-Quantum Cryptography (PQC) and Riscure's solutions for security testing.
UPCOMING: Riscure Side Channel Webinar: Automotive edition
On November 27th, we will host the next Side Channel webinar focusing on automotive security. We will discuss post-quantum cryptography in automotive, and the rest of the agenda will be announced soon.
In the Side Channel webinar series we discuss the latest events in device security. This includes notable attacks, research and product updates, both within Riscure and externally. We choose the topics that are important for our customers and also invite you to ask your own questions. Did you know? On Side Channel by Riscure, you get access to all our content after a one-time registration.
Understanding Device Security: What We’ve Learned at Riscure
What makes a device truly secure, and what does device security actually mean? To find out, we interviewed our experts at Riscure. As they shared their thoughts, several common themes stood out. In this post, we’ll explore why compliance, product longevity, and efficient vulnerability analysis are the key factors in success of device security.
My Internship at Riscure: Gabin Le Saout
Meet Gabin L. , who has recently completed his internship at Riscure. Gabin’s experience of working at Riscure reflects a welcoming and collaborative environment fostering professional growth.
MEET WITH RISCURE DURING THESE UPCOMING EVENTS
PCI SSC 2024 Community Meeting
Join is on October 8-10 in Barcelona for the next PCI SSC Community Meeting. The Payment Card Industry (PCI) Security Standards Council is a global forum that develops, maintains and manages the PCI Security Standards, which include the Data Security Standard (DSS) and PIN Transaction Security (PTS) Requirements.
GovWare Conference and Exhibition
On October 15-17, our team will be in Singapore for the upcoming GovWare exhibition. A premier milestone in Asia’s cyber calendar, the global cyber community gathers to explore the latest trends and cutting-edge tech, build connections and forge partnerships.
Auto-ISAC Cybersecurity Summit
On October 21-24, 2024, in Detroit, MI, we will attend the the next Auto-ISAC Cybersecurity Summit. This automotive cybersecurity conference showcases insights from manufacturers, suppliers, thought leaders, lawmakers, practitioners, and other stakeholders and highlights the commitment of members to trust, share, teach, learn, and act.
Hardwear.io
Come by our booth on October 21-25 in Amsterdam, The Netherlands, for the next Hardwear.io conference.
Learn from leading hardware security researchers & professionals and discuss the latest & most innovative research on attacking and defending hardware.
Automotive Testing Expo
Join this free-to-attend exhibition on October 22-24 in Novi, MI, and discover cutting-edge advancements from over 250 leading suppliers in the test, development, and validation phases, spanning from prototype to production. Explore solutions that accelerate next-gen technology development, shorten product lifecycles, and enhance product quality.
Money 20/20
On October 27-30 in Las Vegas, NV, our team will attend Money20/20 – the world’s leading premium content, sales and networking platform for the global money ecosystem. From in-depth analytics to inspirational speakers, our world-class insight and networking opportunities help our customers stay ahead – powering strategies and relationships and switching mindsets. We hope to see you there!
If you would like to connect with our team at any of the above events, please don't hesitate to get in touch with us via [email protected].
MORE ABOUT RISCURE
Become a part of our team!
Riscure is always looking for talented professionals to join our dynamic team and to help us further develop our testing and knowledge products! When joining Riscure, you join one of the leading companies in the industry and a fun and exciting team of professionals to work with. Find out more about what it is like working at Riscure on our website.
We have open vacancies in different departments and within various positions. Are you ready to join our team?
Join us on Twitter and LinkedIn
In addition to monthly newsletters, we regularly share updates on our social networks. If you are not subscribed already, check out our accounts on Twitter and LinkedIn.