About the Course
This is a 2-day course which takes a student through methods of performing advanced hardware hacking. These represent some of the most important attacks currently available, as they allow an adversary the ability to break otherwise secure systems by side-stepping encryption algorithms.
What’s This About?
Side-Channel Power Analysis – that freaky method of extracting secret keys from embedded systems that doesn’t rely on exploits or coding errors. It can be used to read out an AES-128 key in less than 60 seconds from a standard implementation on a small microcontroller. Are your products vulnerable to such an attack? This course is loaded with hands-on examples to teach you not only about the attacks and theories, but how to apply them.
The course uses the open-source ChipWhisperer project (www.chipwhisperer.com) for both hardware & software tools, meaning attendees can immediately take the knowledge learned in this course and apply it in real life. The course includes a ChipWhisperer-Lite, so students walk away with the hands-on hardware used during the lab.
During the two-day course, topics covered will include: theory behind side-channel power analysis, measuring power in existing systems, setting up the ChipWhisperer hardware & software, several demonstrated attacks, understanding and demonstration glitch attacks, and analyzing your own hardware.
As this course uses entirely open-source tools & examples, attendees will be able to use this knowledge in their own training courses, for example training employees at their workplace in these techniques. Side Channel Power Analysis & Fault Attacks have never been more accessible, and testing your products has never been this inexpensive or easy.
Who Should Take This
Anyone dealing with embedded systems needs to understand the threats that can be used to break even a “perfectly secure” system (meaning no buffer overflows, ability to inject code, or other such flaws). This course assumes knowledge and experience with embedded systems, and will build upon that to teach you about the practicality of various advanced attacks on those systems.
This course will also contain an extensive hands-on component, and includes a ChipWhisperer-Lite to allow you to extend the experiments covered in class onto your own products.
Students taking this class are assumed to have a good working knowledge of basic embedded systems (i.e. 8-bit microcontrollers), including programming in C and hardware design. This could mean at minimum having implemented projects on the Arduino platform. Students should be familiar with the Python programming language, as most tools are written in Python. The tools are fairly user-friendly, meaning it’s not a requirement, but modification of the tools will be briefly mentioned.
Students MUST bring a laptop with approximately 15GB of free space. A variety of (Python-based) tools will be installed and used, which can run on Linux & Windows. To simplify the class, a VMWare image will be provided which has all tools installed, but students are free to directly install the tools on their own computer.
Students are encouraged to bring a computer with VMWare Workstation already installed to reduce setup time.
What You Get
- ChipWhisperer-Lite hardware platform (kept by the student once class is done).
- Slides and documentation used during class (not open source, not distributable)
• VMWare image, software tools (all tools open source, distributable)
• Example capture traces (distributable)
Details for Students
More details coming! If you are taking the course please check back here before arriving to ensure you’ve got the latest details!
Upcoming in-person Trainings
We will be running two 2-day training classes at Black Hat USA again, course dates are August 4th-5th and August 6th-7th. If you’re interested be sure to sign up HERE, classes sell out quick and regular registration pricing ends July 13th.
We offer a few in-person training courses with HardwareSecurity.Training. Currently we are scheduling a training in the Bay Area for the fall, details to come.