If you cannot read this email, please  View this email in your browser
Brightsight Newsletter May 2016


At Brightsight, Research and Development (R&D) is an important part of our daily work. We have a small team working on R&D full time, however everyone within Brightsight is encouraged to work on R&D, next to their usual pursuits. Innovation serves two purposes, it keeps the work fun and interesting, because it gives our evaluators the opportunity to work out their own innovative and new ideas. And it creates efficiency. New, innovative tools are developed to allow (more) automation of the work we do.
During an evaluation, there is always something called ‘idle time development’. This is the time during which a tool is doing its work, without the need for the evaluator to intervene. During this time, the evaluator can work on other things, such as innovation, to optimize the use of his time, hence reducing overall costs. This ‘idle time development’ is increasing as we develop more and more tools that automate such processes. Encouraging our people to focus on innovation means we keep improving our current tools as well as creating new tools to continuously make processes more efficient.
The biggest challenge we face when developing new tools is that the tools need to provide flexibility. They’re used for a lot of different products from different companies, who each have different demands and protocols. Besides this flexibility, they also have to be easy and straight-forward to use for the evaluator. Fortunately we have a great team with dedicated colleagues who like this challenge and are dedicated to creating such tools.
An example of a new tool that has been developed recently is the ‘Brightsight Rotator’. The rotator is an addition to our EMFI and EM set-ups that allow further automation. All signals in a smart card generate an electromagnetic (EM) field. The Brightsight EM set-up is designed to listen to these EM fields and get information about the data that is being processed (such as a PIN for example). The closer the probe gets to the part of the brain of the smart card (the microprocessor), which handles the data, the more information about the data can be disclosed. The probes, however, are only sensitive to EM fields in a certain direction. Therefore all measurements need to be repeated with different orientations of the probe. Brightsight now upgraded its EM set-up to fully automate this process using the Brightsight Rotator. The position of the probes is very important for the results of the attack.
The above explains how EM fields can be used to detect what's going on in the brains of a credit card. This process is reversible, which means that by generating EM fields it is possible to disturb the processing of the brains. This is exactly what the Brightsight EMFI set-up is designed to do. Instead of measuring the EM fields, probes are used to generate EM fields to temporarily disturb the brains of the credit card. This temporary disruption could be used to bypass security mechanisms. Again, changing the orientation of the probe will change the disruption. So changing the orientation of the probe could mean the difference between no effect and bypassing security mechanisms.
The rotator adds value because it saves time, and therefore reducing costs for the customer. Because the quality of the analysis increases, the schemes also benefit from this.
Brightsight is growing steadily these past years. We think we owe our growth partly to the fact that we improved our tools significantly. This has allowed us to increase the quality as well as the efficiency of our work.

"We welcome young talent"

At Brightsight, we welcome young talent. To show our future security evaluators what we do and how we work, we host open days. This year, we hosted two open days on the 12th and 13th of April for students. One of these days was specifically designed for our Chinese speaking visitors. Presentations were given in Chinese and the attendants were able to ask all their questions in Chinese to our Chinese colleagues. The second day was given in English, as the students that attended were from a variety of different nationalities.

The program for both days included presentations given about Brightsight in general, about our departments within Brightsight and about R&D. After these presentations, the attendants were given three lab tours, which included an extensive Q&A session. At the end of the program, some new colleagues spoke about their experience at Brightsight. We ended the days on a relaxed note with drinks and tapas.

Every year we host open days for students, with recruitment as objective. It gives us a great opportunity to get to know each other, and see if we’re a good fit for each other. At the moment, we have recruited 16 people from an open day.

"We would love to meet you at these events"

Are you attending any of the following events? Come and say hello, as Brightsight will be there!
  • 8 - 12 May Eurocrypt 2016, Vienna, Austria
  • 18 - 20 May ICMC, Ottawa, Canada
  • 23 - 24 May MedSec 2016, San Jose, USA

"A changing payment landscape calls for new services" 

With the payment landscape changing rapidly, we see new services and technologies emerge. And of course, Brightsight is on top of this. A certain number of new innovative technologies are software-based solutions that enable rapid development and deployment and are not depending on dedicated secure hardware. HCE is such a solution that in many cases is developed as a software-only solution. Compared to card-based payment solutions, other security principles have to be used to manage overall system security. It is, however, also possible to implement HCE as a hybrid solution with dedicated hardware support. Finding your way in this diverse landscape presents new challenges and requires a dedicated security approach. 

As the number one independent security evaluation lab, Brightsight is on top of the latest developments and possesses the skills and experiences needed to support developers in the mobile payment domain. Our full set of services provides support in the various stages of product development, whether it concerns a software-only solution or a hardware-supported solution, such as TEE, eSE, uSIM or SIM. Our aim is to minimise and control time-to-market via close collaboration with the developer throughout the process. Contact us if you'd like to know how we can help you roll out your HCE solution in the most efficient way possible.

"Lack of standardization in user experience using HCE payment solutions creates confusion and hinders easy adoption"

The HCE Summit in New York was held on the 14th of April and Brightsight was there to get a better understanding on how the HCE market is developing. We looked into whether this market is still as immature and vulnerable as some mentio. Also, it was a good platform to promote our security evaluation services for HCE.

The presentations at the conference covered several real-life implementations and openly discussed the challenges faced. Worth mentioning is the noted lack of standardization in user experience using HCE payment solutions. This creates confusion and hinders easy adoption. The security perspective of HCE, which is always our prime interest, was covered in less detail during this conference. Brightsight featured a booth at the small exhibition related to the HCE summit. The networking during the breaks gave us the opportunity to present our service offers and promote our HCE evaluation services accredited by Visa, MasterCard and Amex.

Delftechpark 1 / 2628 XJ Delft 
The Netherlands / +31 (0)15 269 2500

This email was sent to <<Email Address>>
why did I get this?    unsubscribe from this list    update subscription preferences
Brightsight · Delftechpark 1 · Delft, Zh 2628 XJ · Netherlands

Email Marketing Powered by MailChimp