Riscure

Riscure Riscure is a Dutch company specializing in security evaluation, testing, and certification of embedded systems, smart cards, and Internet of Things devices. It operates test facilities and develops proprietary tools used in vulnerability assessment, side-channel analysis, and fault injection for semiconductor, payment, automotive, and consumer electronics sectors. The company is noted for bridging academic research from institutions such as Eindhoven University of Technology, applied work with laboratories like Joint Research Centre (European Commission), and industry consortia including GlobalPlatform and FIDO Alliance.

History

Founded in 2001 by engineers with ties to Eindhoven University of Technology and the Dutch semiconductor cluster around Philips and NXP Semiconductors, Riscure emerged amid growing demand for evaluation of cryptographic implementations in smart cards and embedded microcontrollers. Early engagements included cooperation with test houses derived from standards bodies such as Common Criteria laboratories and certification schemes connected to EMVCo and PCI Security Standards Council. Throughout the 2000s the company expanded service offerings to address threats highlighted by researchers at conferences like CHES and USENIX Security Symposium, and by academic groups at KU Leuven, TU Darmstadt, and CWI (Amsterdam). In the 2010s Riscure scaled internationally, opening labs that served clients from Infineon Technologies, STMicroelectronics, and Intel Corporation while participating in projects involving European Commission research programs and collaborations with institutions such as TÜV Rheinland and Fraunhofer Society.

Services and Products

Riscure provides independent security evaluation and certification preparation services for devices adhering to standards set by bodies such as Common Criteria and FIDO Alliance. Its offerings include laboratory testing for side-channel leakage analysis, fault injection campaigns, penetration testing, and secure element validation supporting schemes from EMVCo and GlobalPlatform. Products developed by the company have included instrumentation and software platforms for automated measurements used alongside lab gear from vendors like Rohde & Schwarz, Keysight Technologies, and Tektronix. Riscure’s test suites and test benches are tailored for industries represented by callers such as Visa, Mastercard, and American Express in payment; by Bosch, Continental AG, and Denso in automotive; and by Samsung Electronics and Apple Inc. in consumer electronics. The company also offers training courses and workshops delivered at venues associated with Black Hat, DEF CON, and academic summer schools.

Research and Methodology

Riscure’s methodology integrates techniques from side-channel analysis, including power analysis and electromagnetic emission analysis, and from active fault injection methods like glitching and laser fault induction. The firm’s approach draws on theoretical foundations advanced at conferences such as CRYPTO, Eurocrypt, and Asiacrypt, and implementational exploitation work seen at Black Hat USA and Usenix Security. Tools and methods incorporate statistical procedures inspired by research from groups at Université catholique de Louvain, ETH Zurich, and SRI International to quantify leakage using metrics such as Test Vector Leakage Assessment and TVLA variants. Riscure also leverages hardware platforms and instrumentation referenced in whitepapers by CEA-Leti, IMEC, and Applied Micro Circuits Corporation to reproduce attack scenarios and to model countermeasures evaluated against adversary techniques reported by teams at NXP Semiconductors Research and Infineon Labs. Their labs apply systematic threat models aligned with guidelines from ENISA and committee outputs from ISO/IEC JTC 1 working groups where appropriate.

Industry Impact and Partnerships

The company has influenced product development cycles at semiconductor and payment organizations including Infineon Technologies, NXP Semiconductors, STMicroelectronics, Qualcomm, and Broadcom. By working with certification bodies and test houses such as BSI (Federal Office for Information Security), ANSSI, and TÜV SÜD, Riscure has helped manufacturers meet compliance targets tied to schemes run by EMVCo and Common Criteria. Strategic partnerships and collaborative research projects have connected the firm with academic centers like Eindhoven University of Technology, TU Delft, and CWI (Amsterdam), as well as industry consortia such as GlobalPlatform, FIDO Alliance, and the Trusted Computing Group. Riscure’s training and published case studies have been cited by engineers at companies including Visa, Mastercard, Samsung Electronics, Sony, and Apple Inc. as part of secure product development lifecycles.

Notable Assessments and Case Studies

Riscure’s assessments have been referenced in public vulnerability disclosures and in vendor advisories concerning hardware security issues reported by teams from Infineon Technologies and NXP Semiconductors. The company’s labs replicated and analyzed attack vectors originally presented at CHES, Black Hat Europe, and Hack In The Box, demonstrating practical exploitation of weaknesses in secure elements used in payment cards and mobile devices. Case studies include evaluations of secure boot implementations in platforms from Intel Corporation and ARM Holdings, side-channel resistance testing of cryptographic accelerators from STMicroelectronics and Atmel (Microchip Technology), and fault injection resilience assessments for automotive microcontrollers supplied to firms like Bosch and Continental AG. Its work has been cited in technical discussions at IETF meetings and in standardization dialogues involving ISO/IEC committees addressing embedded security.

Category:Computer security companies