8:30am - 9:00am

-- Registration / Coffee --

9:00am - 10:00am

What's Hot, What's Happened

During this 50-minute talk, Riscure founder Marc Witteman will share his thoughts on recent market developments and gives an insight on his expectations of trends that have a chance to become mainstream soon.

10:00am - 10:30am

Post Quantum Cryptography (PQC)

Development of PQC implementations is a necessity nowadays. Usage of PQC algorithms is for example mandated by the US government. In this session we will cover the state-of-the art regarding Post Quantum market developments and will cover side channel and fault injection vulnerabilities for various ciphers: Dilithium, Kyber, XMSS and LMS. Leakage assessment (TVLA) for ciphers using transformations in NTT domain. 

10:30am - 10:45am

-- Morning Coffee & Snack Break --

Inspector Update - Next Generation Workstation (PXI)

The latest Inspector developments are discussed and demonstrated in this session. Next to that we will present the next generation embedded security testbench. This development of security test devices based on Keysight PXI products will deliver a boost in performance, additional capabilities, and improved user experience. We will cover what is available today and what our roadmap is.

Automotive - Achieving UN-R155 and 156 Type Approval: Real-World Experiences and Best Practices.

In this session we will cover in what way security labs approach a security evaluation project for a vehicle. We will give insights on the process a typical security lab will follow and though the examples we cover are focused on the automotive industry, concepts can be applied to testing of any other product.

1:00pm - 1:45pm

Invited Speaker (See each location for invited speaker information)

1:45pm - 2:30pm

Artificial Intelligence

We already presented the benefits of using AI to improve FI and SCA test scenarios. For both scenarios Inspector offers modules you can benefit from. Lately though, we see more publications on using SCA and FI to attack AI chips to extract secrets, mostly the configuration of trained networks. In this session, we will explain how these attacks work and what attackers can gain. Next to that we will also explain how FI can be used to influence the outcome of decisions from AI networks.

OCP Safe

We'll provide insights into the Open Compute Poject (OCP) Security and Compliance Framework, including the OCP Security Appraisal Framework (OCP SAFE), and how your company can align with these standards to enhance hardware security and resilience. Additionally, we'll explore the evolving securiting landscape of hyperscalers and data centers, discussing the unique challenges in securing large-scale infrastructure, mitigating emerging threats, and implementeing robust hardware and firmware protections. We will also highlight some attacks that can be categorized as remote SCA or FI.

Pre-Silicon

We achieved breakthroughs in identifying leakage and root cause in a protected AES implementation. Results from pre-silicon testing correlated extremely well with test results from physical testing on a FPGA. We will provide details on the appraoch and gains to achieve with this emerging technology.

RED Certification

We explain how medium assurance product certification like RED can be achieved through chip certification based on the SESIP or ARM PSA schemes. This will leverage the efforts of chip vendors to provide security assurance and enable product vendors to acquire a RED certificate quickly.

Screaming Channels

Mixed signal chips can be vulnerable for SCA attacks, leaking secret information from cryptographic operation through a modulated signal over a transmitted carrier wave: WIFI, Bluetooth and now cellular. We will go into the details on how this remote SCA attacks works and demonstrate how we were able to find leakage in transmitted cellular signals. For this attack we used several security test devices and Inspector software in combination with Keysight dedicated 5G test equipment.