Though cryptographic algorithms like AES are crypto-analytically secure, real implementations must at least be tested against logical attacks such as API misuse. Smart cards and similar devices also face fault and side channel attacks. Such attacks exploit physical effects to manipulate the device or learn about secret information. As these attacks are very critical, customers in the smart card industry ask for third party evaluation (e.g. Common Criteria or EMVCo) to confirm high assurance levels. If passed, a certificate is issued by a trusted party. With the rise of the IoT, physical attacks and respective third-party witnessing of resistance might soon be relevant there as well.

Watch Video Presentation