This course provides knowledge, skills and tools to apply side-channel attacks to cryptographic algorithms. Those attacks exploit various auxiliary leakages, e.g., time, power consumption, electromagnetic emanation, and others, to derive binary information, such as a secret key. Side-channel attacks can be used against hardware and software cryptography even when there is no software «bug», e.g. buffer overflow, code injection, etc., as the underlying attack principles are coming from hardware. Starting from the first minutes the audience will dive into the hands-on challenges in task-based CTF. The students will learn how and why side-channel information can be used to get secret keys in several minutes. Followed by real case examples on ESP32, the students will tackle practical attack aspects. After successful completion of this course, students will have a better understanding of how to detect and exploit side-channel leakages. As this course uses prepared Python code to attack AES-128 implementation, attendees will be able to re-use this software later.

Key takeaways:

What side-channel leakage is and how the leakage can be used to derive secret keys.

Common side-channel attacks against AES-128 algorithm.

Step-by-step technique to discover the attack possibility.

Audience skill level:

Python (numpy) is a must.

AES-128 is required.

Basic statistics is a plus.

Hardware requirements:

A laptop with «Jupyter lab» or «Jupyter».

8 GB of RAM would be beneficial for you.

Ability to run Linux binaries would be beneficial for you.