- Webinar |
- Netherlands 2023 |
- USA 2023 |
- Netherlands 2022 |
- USA 2022 |
- Netherlands 2021 |
- USA 2021 |
- Germany 2021 |
- Berlin 2021 |
- Netherlands 2020 |
- Virtual Con 2020 |
- Berlin 2020 |
- Netherlands 2019 |
- USA 2019 |
- Berlin 2019 |
- Netherlands 2018 |
- Berlin 2018 |
- Netherlands 2017 |
- Netherlands 2016 |
- Netherlands 2015
Embedded Physical Attacks 101
3rd - 5th April 2019 | 3 Days
TRAINERS
Lejla Batina, Kostas Papagiannopoulos & Niels Samwel
OBJECTIVE
Modern cryptography has produced a multitude of secure ciphers that protect our daily electronic transactions. However, once the cipher is implemented on a physical device (microprocessor, FPGA, ASIC etc.) it becomes vulnerable to side-channel and fault attacks. Side-channel attacks pose a unique challenge as an intersection of cryptography, electronics and statistics and pervading all aspects of modern hardware security. The attacks monitor closely the power consumption or electromagnetic emission of a cryptographic device and they are able to extract the secret key using statistical techniques. Fault injection attacks, on the other hand, take advantage of inserting some disturbances (such as glitches by changing e.g. voltage, clock, temperature etc.) into the system leading to faulty computations.
In this training we will provide introductions to both, side-channel and fault analysis, showcasing the core techniques for key recovery. During the training the students will get the chance to develop several basic side-channel tools in Matlab/Octave. Subsequently they will use them to perform attacks on datasets in order to extract the secret key.
Course sections:
Introduction to side-channel attacks
- Basic concepts and background information
- Side-channel leakage modeling
- Simple power analysis (SPA)
- Differential power analysis (DPA)
Correlation power analysis (CPA) in software and hardware
- Assignment 1: Extracting the cipher key from the electromagnetic emission of an ARM Cortex-M4 processor
- Assignment 2: Extracting the cipher key from the power consumption of an FPGA-based AES implementation
Template attacks
- Probability theory and statistics
- Step-by-step guide to profile and exploit a device's side-channel
- Assignment 3: Template building/matching using the electromagnetic emission of an industrial control system
Higher order attacks
- Introduction to side-channel countermeasures (masking, shuffling, etc.)
- Higher-order side-channel attacks
- Assignment 4: Second-order attack using correlation and templates on a masking countermeasure implemented on an AVR smartcard
Introduction to fault injection attacks:
- Fault attacks in practice: principles and use cases
- Differential Fault Analysis (DFA)
- Glitching attacks with voltage and Electro Magnetic Fault Injection (EMFI)
- Assignment 5: Hands-on session on ChipWhisperer
Who should attend the course:
- Researchers and students who want to learn the core techniques of side-channel and fault analysis
- Penetration testers, auditors and evaluators of secure embedded devices
- Developers of secure IoT products
- Any embedded security enthusiast
What should attendees bring:
- Laptop with Windows or Linux
- Matlab or Octave installed
What will be provided:
- Lecture slides and assignments
- Matlab code and examples
- Side-channel datasets captured from AVR/ARM processors and FPGA implementations
- Fault injection data sets obtained from ChipWhisperer
About the trainers:
Lejla Batina studied and worked as a research assistant at the Technical University Eindhoven where she got her professional doctorate in Engineering degree in Mathematics for Industry - in 2001. After that she worked as a cryptographer for Pijnenburg - Securealink (later SafeNet, BV), in Vught, The Netherlands. She got her Ph.D. degree from KU Leuven, Belgium in 2005 where she also continued with postdoctoral research. She is currently a professor in the Digital Security group of the Computing Science Department at the Radboud University and active participant in the CHES and IACR communities. Her research interests are hardware security, lightweight cryptography, cryptography for pervasive computing (smart cards, RFIDs, etc.), side-channel attacks/countermeasures and implementations of cryptography.
Kostas Papagiannopoulos received a degree in Electrical and Computer engineering from the National Technical University of Athens, Greece in 2011. He received his joint M.Sc. in Information Security from Radboud University, Technical University Eindhoven and University of Twente in 2014. He is currently a Ph.D. candidate in the Digital Security group of Radboud University in Nijmegen, the Netherlands. In addition he was a research visitor at the Riscure testing/evalution lab in Delft, in 2016. His research interests are side-channel attacks and countermeasures, high-performance cryptographic implementations, machine learning and information theory.
Niels Samwel received a BSc in Computer Science from Leiden University,The Netherlands in 2014. He received his joint MSc degree in Cyber Security from Radboud University, Technical University Eindhoven and University of Twente in 2016. He is currently a PhD student in the Digital Security group in the Radboud University, The Netherlands. In addition, he was a research visitor at the University of Pennsylvania in 2017 (working with Daniel Genkin) and at the University of Adelaide in 2018 (working with Yuval Yarom). His research interests are side-channel and fault attacks, countermeasures and cryptographic implementations.
