Black Hat USA 2009 Weekend Training Session
Black Hat USA 2009 Weekday Training Session
Side Channel Analysis
Side channel analysis is a technique to discover secrets such as cryptographic keys and PINs from hardware and embedded software. This is achieved by listening to and understanding the information that (hardware) channels emit when processing information. This course provides an understanding of the possibilities and impact of side channel analysis and explains how you can protect against it through a hands-on approach. Besides the necessary side channel theory, students will perform exercises themselves in which they will, for instance, break a DES key through power analysis. Further, in another exercise, each student is challenged to devise their own countermeasures and the effect of these is analysed via a live data acquisition and analysis on the code using side channel analysis equipment.
For a long time, Side Channel Analysis (SCA) terms such as Differential Power Analysis (DPA), Timing attacks and Electro Magnetic Analysis (EMA) have had the air of mythical powers to break any crypto system and reveal every secret in a system. This course provides a practical introduction into the world of side channel analysis. It shows the basics and allows students to understand and experience what it means to break a system with these types of attacks. At the same time this course explores the countermeasures that are available to developers. Using these, the side channel attack resistance of software on smart cards and embedded systems will significantly improve. We examine source code implementations on weaknesses and provide hands-on exercises to improve these implementations. This will allow the student to develop a feel for the possibilities and limitations for software-based countermeasures against such attacks.
- Introduce the student to the finer details of side channel analysis through example and hands-on exercise
- Experience the effectiveness of SCA by breaking a DES key
- Explain the fine balance between hardware and software countermeasures against SCA
- Understand the relation between software implementation and SCA
- Teach software developers how to mitigate the threats of SCA in software
Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. Pre-configured laptops will be provided for this class.
Job de Haas
holds an M.Sc. in Electrical Engineering and has a track record in the security industry of more than 15 years. He has experience evaluating the security of a wide range of embedded platforms, such as IPTV decoders, satellite receivers, mobile phones, PDAs, VoIP enabled devices and a range of modems (ADSL, Wireless). Further, he is a specialist in the reverse engineering of applications and consumer electronics that are based on Sparc, MIPS, Intel and ARM processors.
At Riscure, Job is the senior specialist in charge of security testing of embedded devices for high-security environments. Amongst others, he assessed the protection of pay television systems against side channel and card-sharing attacks for conditional access providers. Job has researched the security features and weaknesses of embedded technology for many years.
Job has a long speaking history at international conferences, including talks on kernel-based attacks, security of mobile technologies such as GSM, SMS and WAP, and the reverse engineering of embedded devices.
Jasper van Woudenberg
has experience performing security evaluation projects since 2001.
These include security evaluations of embedded devices, such as telecommunications equipment, payment terminals and mobile phone technology, and also security assessments through network penetration testing. His background is in Computer Science and Artificial Intelligence, both of which he holds an MSc degree in.
At Riscure, Jasper performs side channel evaluations on smart cards and embedded systems. As part of his research activities, Jasper investigates the application of AI techniques in side channel analysis and is developing a laser fault injection setup. Jasper provides trainings for Riscure clients worldwide.
Ends Mar 15
Ends May 1
Ends Jul 22