Security Expert, Kudelski Group
This course provides knowledge, skills and tools to apply side-channel attacks to cryptographic algorithms. Those attacks exploit various auxiliary leakages, e.g., time, power consumption, electromagnetic emanation, and others, to derive binary information, such as a secret key. Side-channel attacks can be used against hardware and software cryptography even when there is no software «bug», e.g. buffer overflow, code injection, etc., as the underlying attack principles are coming from hardware. Starting from the first minutes the audience will dive into the hands-on challenges in task-based CTF. The students will learn how and why side-channel information can be used to get secret keys in several minutes. Followed by real case examples on ESP32, the students will tackle practical attack aspects. After successful completion of this course, students will have a better understanding of how to detect and exploit side-channel leakages. As this course uses prepared Python code to attack AES-128 implementation, attendees will be able to re-use this software later.
Audience skill level: