Black Hat USA 2009 Weekend Training Session

July 25-26

Black Hat USA 2009 Weekday Training Session

July 27-28

Side Channel Analysis

Riscure

Overview:

Side channel analysis is a technique to discover secrets such as cryptographic keys and PINs from hardware and embedded software. This is achieved by listening to and understanding the information that (hardware) channels emit when processing information. This course provides an understanding of the possibilities and impact of side channel analysis and explains how you can protect against it through a hands-on approach. Besides the necessary side channel theory, students will perform exercises themselves in which they will, for instance, break a DES key through power analysis. Further, in another exercise, each student is challenged to devise their own countermeasures and the effect of these is analysed via a live data acquisition and analysis on the code using side channel analysis equipment.

For a long time, Side Channel Analysis (SCA) terms such as Differential Power Analysis (DPA), Timing attacks and Electro Magnetic Analysis (EMA) have had the air of mythical powers to break any crypto system and reveal every secret in a system. This course provides a practical introduction into the world of side channel analysis. It shows the basics and allows students to understand and experience what it means to break a system with these types of attacks. At the same time this course explores the countermeasures that are available to developers. Using these, the side channel attack resistance of software on smart cards and embedded systems will significantly improve. We examine source code implementations on weaknesses and provide hands-on exercises to improve these implementations. This will allow the student to develop a feel for the possibilities and limitations for software-based countermeasures against such attacks.

Learning Objectives

• Introduce the student to the finer details of side channel analysis through example and hands-on exercise
• Experience the effectiveness of SCA by breaking a DES key
• Explain the fine balance between hardware and software countermeasures against SCA
• Understand the relation between software implementation and SCA
• Teach software developers how to mitigate the threats of SCA in software

Prerequisite

• A basic knowledge of cryptography concepts and standards
• Basic Java or C programming experience.
• It is useful but not required to be familiar with side channel analysis (eg. http://www.iaik.tugraz.at/aboutus/people/oswald/papers/dpa_tutorial.pdf)
• It is useful but not required to be familiar with signal processing basics

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. Pre-configured laptops will be provided for this class.

Trainer:

Job de Haas

holds an M.Sc. in Electrical Engineering and has a track record in the security industry of more than 15 years. He has experience evaluating the security of a wide range of embedded platforms, such as IPTV decoders, satellite receivers, mobile phones, PDAs, VoIP enabled devices and a range of modems (ADSL, Wireless). Further, he is a specialist in the reverse engineering of applications and consumer electronics that are based on Sparc, MIPS, Intel and ARM processors.

At Riscure, Job is the senior specialist in charge of security testing of embedded devices for high-security environments. Amongst others, he assessed the protection of pay television systems against side channel and card-sharing attacks for conditional access providers. Job has researched the security features and weaknesses of embedded technology for many years.

Job has a long speaking history at international conferences, including talks on kernel-based attacks, security of mobile technologies such as GSM, SMS and WAP, and the reverse engineering of embedded devices.

Jasper van Woudenberg

has experience performing security evaluation projects since 2001. These include security evaluations of embedded devices, such as telecommunications equipment, payment terminals and mobile phone technology, and also security assessments through network penetration testing. His background is in Computer Science and Artificial Intelligence, both of which he holds an MSc degree in.

At Riscure, Jasper performs side channel evaluations on smart cards and embedded systems. As part of his research activities, Jasper investigates the application of AI techniques in side channel analysis and is developing a laser fault injection setup. Jasper provides trainings for Riscure clients worldwide.

Super Early: Ends Mar 15	Early: Ends May 1	Regular: Ends Jul 1	Late: Ends Jul 22	Onsite:
$2200	$2300	$2500	$2700	$3000