Side-Channel Power Analysis - that freaky method of extracting secret keys from embedded systems that doesn’t rely on exploits or coding errors. Are your products vulnerable to such an attack? What about clock or power glitching, how does one start learning about such attacks? This course is loaded with hands-on examples to teach you not only about the attacks and theories, but how to apply them.
The course uses the open-source ChipWhisperer project (www.chipwhisperer.com) for both hardware & software tools, meaning attendees can immediately take the knowledge learned in this course and apply it in real life. The required hardware costs approximately $2000, allowing even small companies or divisions to setup an analysis lab.
During the two-day course, topics covered will include: theory behind side-channel power analysis, measuring power in existing systems, setting up the ChipWhisperer hardware & software, several demonstrated attacks, testing your (custom) hardware, understanding and demonstration glitch attacks, and analyzing your own hardware.
As this course uses entirely open-source tools & examples, attendees will be able to use this knowledge in their own training courses, for example training employees at their workplace in these techniques. Side Channel Analysis & Fault Attacks have never been more accessible, and testing your products has never been this inexpensive or easy!
See NewAE.com/sidechannel/2daycourse for full training outline.
This course assumes advanced knowledge and experience with embedded systems, and will build upon that to teach you about the practicality of various attacks on those systems. If you’re an architect of embedded systems, you need this course to understand the threats: e.g. should you assume attacks can (easily) extract encrypted bootloader keys?
This course will also contain an extensive hands-on component, and will include sufficient information to setup an analysis lab at your company for approximately $2000 in tools.
Students taking this class are assumed to have a good working knowledge of basic embedded systems (i.e. 8-bit microcontrollers), including programming in C and hardware design. This could mean at minimum having implemented projects on the Arduino platform. Experience with FPGAs will be an asset but not required.Students should be familiar with the Python programming language, as most tools are written in Python. The tools are fairly user-friendly, meaning it’s not a requirement, but modification of the tools will be briefly mentioned.
The ChipWhisperer Complete capture hardware can be brought to this course. This kit can be purchased from NewAE.com/sidechannel. Note you are *Not Required* to bring ChipWhisperer hardware to the course. As part of the course you'll learn about various options for capture hardware, including using a regular oscilloscope you may already have in your lab.
Students MUST bring a laptop with approximately 15GB of free space. A variety of (Python-based) tools will be installed and used, which can run on Linux & Windows. To simplify the class, a VMWare image will be provided which has all tools installed, but students are free to directly install the tools on their own computer.
If students have hardware tools they regularly use, such as a small USB logic analyzer or oscilloscope, they are encouraged to bring it to the class and will have a chance to use this.
• Slides and documentation used during class (not open source, not distributable)
• VMWare image, software tools (all tools open source, distributable)
• Example capture traces (distributable)
Colin O’Flynn has previously spoken at Black Hat USA, EU, AD, and Design West. He is an experienced embedded system designer, and writes a column for Circuit Cellar about FPGA Development.
