image image

Lejla Batina & Łukasz Chmielewski

Attacking real-world crypto in embedded systems with side-channel & fault analysis

Trainer: Lejla Batina & Łukasz Chmielewski

Date: 24th - 26th Oct 2022

Time: 9:00am to 5:00pm CEST

Venue: Marriott Hotel, The Hague, Netherlands

Training Level: Intermediate to Advance

Please note: the training ticket does not include access to the conference. Similarly, the conference ticket does not grant access to the trainings. If you have any questions, reach out to us.

Training Objectives:

Modern cryptography has produced a multitude of ciphers that protect our daily lives including secure authentication, electronic transactions etc. However, once the cipher is implemented on a physical device (microprocessor, FPGA, ASIC etc.) it becomes vulnerable to side-channel and fault attacks. Side-channel attacks pose a unique challenge as an intersection of cryptography, electronics and statistics and pervading all aspects of modern hardware security. The attackers monitor closely the power consumption or electromagnetic emission of a cryptographic device and they are able to extract the secret key using statistical techniques. Fault injection attacks, on the other hand, take advantage of inserting some disturbances (such as glitches by changing e.g. voltage, clock, temperature etc.) into the system leading to faulty computations.

In this training we will provide extensive overviews of both, side-channel and fault analysis, showcasing the core techniques for key recovery. During the training the students will get the chance to develop several basic side-channel analysis tools in Python. They will also learn to perform hands-on physical attacks on real hardware. Subsequently they will use the tools to perform attacks on real-world datasets aiming at the secret key extraction.

The training will cover passive side-channel attacks on crypto implementations and countermeasures, including template attacks and leakage evaluation techniques. In addition, we will also treat active attacks such as fault injection and in particular glitching attacks with voltage and Electro Magnetic Fault Injection (EMFI). The training participants will learn to prepare the attacks including the attack set-up and execution on real hardware.

Training Detailed Description:

A detailed description of the course structure and content, including an outline (day-wise agenda) of theory and practical exercises. Hands-on & interactive approaches are strongly encouraged.

Day 1: Side-channel attacks

Side-channel attacks on crypto implementations and countermeasures:

  • Basic concepts and principles
  • Side-channel leakage modeling
  • Simple power analysis (SPA)
  • Differential power analysis (DPA) and higher-order attacks
  • Assignments 1-2: Hands-on DPA attacks on software and hardware implementations

Day 2: Advanced attacks

Profiling attacks:

  • Probability theory and statistics background
  • Step-by-step guide to profile and exploit a device's side-channel leakage
  • Assignment 3: Profiled and deep learning attack on an ECC implementation on an ARM Cortex micro-controller

Higher order attacks:

  • Introduction to side-channel countermeasures (masking, shuffling, etc.)
  • Higher-order side-channel attacks
  • Assignment 4: 2nd order attacks on a DPA-protected implementation

Leakage evalution:

  • TVLA and alternatives
  • Leakage simulators
  • Assignment 5: TVLA evaluation of (un)protected implementations

Day 3:

Introduction to fault injection attacks:

  • Fault attacks in practice: principles and use cases
  • Differential Fault Analysis (DFA)
  • Glitching attacks with voltage and Electro Magnetic Fault Injection (EMFI)
  • Assignment 6: Hands-on session on ChipWhisperer

What to expect? | Key learning objectives

Each training module will start with a tutorial identifying the main concepts and the theory behind physical attacks. After that, several assignments will be given to master the content and learn about key insights and identify practical challenges.

Who Should Attend? | Target Audience:

  • Researchers and students who want to learn the core techniques of side-channel analysis
  • Pen testers, government officers, auditors and evaluators of secure embedded devices
  • Developers of secure IoT products
  • Chip designers
  • Any embedded security enthusias

What to Bring? | Software and Hardware Requirements:

  • own laptop running Windows / Linux / macOS
  • installed Python version 3
  • extra pen drive

What to Bring? | Prerequisite Knowledge and Skills:

  • basic programming
  • basic knowledge of statistics
  • familiarity with every-day cryptography, such as AES, PKC etc.

Resources Provided at the Training | Deliverables:

  • Lecture slides and assignments
  • Python code examples for analysis
  • Side-channel datasets captured from AVR/ARM processors and FPGA implementations
  • Detailed description of set-ups used in training


Lejla Batina is a full professor at Radboud University. She got her professional doctorate in engineering from Eindhoven University of Technology and her PhD in Cryptography from KU Leuven, Belgium (2005). Prior to joining Radboud University she was a postdoc at KU Leuven and she spent 3 years in industry as a cryptographer at Pijnenburg Securealink (later SafeNet B.V.) in The Netherlands. Her research interests include cryptographic implementations and physical attacks and countermeasures. She leads a group of 10+ researchers at Radboud and 8 PhD students have so far graduated under her supervision.

Łukasz Chmielewski is a postdoctoral researcher in the Digital Security Group at Radboud University Nijmegen working in the field of physical attacks, both side-channel analysis (SCA) and fault injection (FI). In particular, his main research interests lie in SCA of public-key cryptosystems (including post-quantum schemes). He also has significant commercial experience in SCA, FI, and software-security evaluations of embedded devices. His overall practical experience in physical attacks spans over last 9 years.