Roman Korkikian

Security Expert, Kudelski Group

About speaker

Roman Korkikian is Security Expert at Kudelski Group with 9+ years of practical side-channel and fault attacks. He completed a PhD at Ecole Normale Superieur in Paris. Offensive techniques are his main research focus. Testing smart-cards, set-top-boxes, mobile phones, and other physically accessible systems is the main fun he has in daily work.
June 17
16:00 — 19:00
Second Track
Russian

This course provides knowledge, skills and tools to apply side-channel attacks to cryptographic algorithms. Those attacks exploit various auxiliary leakages, e.g., time, power consumption, electromagnetic emanation, and others, to derive binary information, such as a secret key. Side-channel attacks can be used against hardware and software cryptography even when there is no software «bug», e.g. buffer overflow, code injection, etc., as the underlying attack principles are coming from hardware. Starting from the first minutes the audience will dive into the hands-on challenges in task-based CTF. The students will learn how and why side-channel information can be used to get secret keys in several minutes. Followed by real case examples on ESP32, the students will tackle practical attack aspects. After successful completion of this course, students will have a better understanding of how to detect and exploit side-channel leakages. As this course uses prepared Python code to attack AES-128 implementation, attendees will be able to re-use this software later.


Key takeaways:

  • What side-channel leakage is and how the leakage can be used to derive secret keys.
  • Common side-channel attacks against AES-128 algorithm.
  • Step-by-step technique to discover the attack possibility.

  • Audience skill level:

  • Python (numpy) is a must.
  • AES-128 is required.
  • Basic statistics is a plus.

  • Hardware requirements:

  • A laptop with «Jupyter lab» or «Jupyter».
  • 8 GB of RAM would be beneficial for you.
  • Ability to run Linux binaries would be beneficial for you.