Essentials SCA (SCAONLINE)

Embedded Systems → Hardware security → Side channel analysis


Description

This course provides the foundation knowledge and skills to evaluate the resistance of cryptographic implementations to side channel analysis. The main learning objective of this training is the methodology of applying SCA to a wide range of devices from the very simple, unprotected smartcards to implementations protected with advanced countermeasures or complex embedded applications.

While the concepts we teach are generic and can be replicated using different equipment, during the training we use our Riscure Inspector - tool. With Inspector we can effectively demonstrate a wide range of concepts; it is an all-in-one solution, is constantly updated and has state of the art methods.

If you have Inspector equipment, at the end of the course, by means of hands-on exercises, you will:

• Become comfortable with the workflow for performing side channel analysis testing.

• Are able to perform inspection of a target using Simple Power Analysis (SPA).

• Perform differential- and Correlation Power Analysis on DES and AES (DPA/CPA).

• You will have an overview of the countermeasures against SCA.

If you do not have Inspector equipment, at the end of the course, you will:

• Become comfortable with the workflow for performing side channel analysis testing.

• Understand what Simple Power Analysis (SPA) is and how it is applied in practice.

• Understand what differential- and Correlation Power Analysis and see how it is applied on DES and AES (DPA/CPA).

• You will have an overview of the countermeasures against SCA.


At the end of the training you have a thorough understanding of power and electromagnetic analysis methods and you are able to perform testing on both smart cards and embedded chips. You are able to assess the robustness of chips with no or basic countermeasures of moderate complexity.

Location: Online

Content
  • Session 1. Side Channel Analysis: Introduction
  • 1.1 (THEORY) What is SCA?
  • 1.2 (EXERCISE) Hello Inspector
  • 1.3 (DISCUSSION) Is SCA Easy?
  • Session 1 Knowledge check: quiz
  • SLIDES Introduction to SCA
  • Session 2. Power Analysis: Tools and Principles
  • 2.1 (THEORY) Typical Power Analysis Setups
  • 2.2 (EXERCISE) Trace Inspection
  • 2.3 (THEORY) The Principles of Power Analysis
  • Session 2 Knowledge check: quiz
  • SLIDES Power Analysis. Tools and Principles
  • SESSION 3. POWER ANALYSIS: ACQUISITION
  • 3.1 (THEORY) The Key Parameters of Power Acquisition
  • 3.2 (DISCUSSION) How to Find the Best Parameters for Power Acquisition
  • 3.3 (EXERCISE) Power Side Channel Acquisition on TC6
  • Session 3 Knowledge check: quiz
  • SLIDES Power Analysis. Acquisition
  • SESSION 4. STATIC ALIGN
  • 4.1 (THEORY) The Key Parameters of Static Align.
  • 4.2 (EXERCISE) Performing Static Align in Practice
  • 4.3 (DISCUSSION) How to Find the Best Parameters for Static Align
  • Session 4 Knowledge check: quiz
  • SLIDES Static Align
  • Session 5. INTRODUCTION TO CRYPTO AND STATISTICS
  • 5.1 (THEORY) Intro to Crypto and Statistics
  • Section 5 Knowledge check: quiz
  • SLIDES Intro to Crypto and Statistics
  • Session 6. Simple Power Analysis (SPA) and Differential Power Analysis (DPA)
  • 6.1 (THEORY) Intro to SPA and DPA
  • Session 6 Knowledge check: quiz
  • SLIDES SPA and DPA
  • Session 7. CORRELATION POWER ANALYSIS (CPA)
  • 7.1 (THEORY) Intro to CPA
  • 7.2 (EXERCISE) CPA in Practice
  • 7.3 (THEORY) Differential Power Analysis (DPA) on Smartcards
  • 7.4 (EXERCISE+DISCUSSION) DPA on TC6 (LPF1.9MHz)
  • 7.5 (EXERCISE+DISCUSSION) DPA on TC6 (LPF50MHz)
  • 7.6 (EXERCISE+DISCUSSION) DPA on TC6 (LPF50MHz resampled)
  • Session 7 Knowledge check: quiz
  • SLIDES What is CPA
  • SLIDES DPA on Smartcards
  • Session 8. Leakage models
  • 8.1 (THEORY+EXERCISE) Leakage Models
  • 8.2 (THEORY+EXERCISE) Application to DES
  • 8.3 (THEORY+EXERCISE) Attacking the DES S-box
  • 8.4 (DISCUSSION) Best Leakage Models
  • 8.5 (EXERCISE) Leakage Models in Practice
  • Session 8 Knowledge check: quiz
  • Session 8 (SLIDES) Leakage Models
  • Session 9. SCA on Embedded Systems
  • 9.1 (THEORY+DISCUSSION) Embedded Systems
  • 9.2 (THEORY+DISCUSSION) The Pinata Board
  • 9.3 (THEORY) How toTrigger
  • 9.4 (THEORY) How to Measure Power
  • 9.5 (DISCUSSION) Embedded Systems
  • 9.6 (EXERCISE) Target Practice: Pinata
  • Session 9 Knowledge check: quiz
  • SLIDES SCA on Embedded Systems
  • Session 10. Programming in Inspector
  • 10.1 (THEORY) Modules in Inspector
  • 10.2 (EXERCISE) Writing a Signal Processing Module
  • 10.3 (THEORY+EXERCISE) Protocol and Sequence
  • Session 10 Knowledge check: quiz
  • SLIDES Inspector Module Development
  • SLIDES Target I/O and setup: Protocol and Sequence
  • Section 11. Hardware cryptographic engines
  • 11.1 (EXERCISE) DPA on the Pinata HW DES Engine
  • SLIDES DPA on Hardware Crypto Engines
  • Session 11 Knowledge check: quiz
  • Session 12. ElectroMagnetic (EM) Analysis
  • 12.1 (THEORY) EM Radiation
  • 12.2 (THEORY+EXERCISE) Tools and Setup
  • 12.3 (THEORY+EXERCISE) Finding the Hotspot on TC8
  • 12.4 (THEORY+EXERCISE) Acquisition on TC8, Signal Processing and EM Analysis
  • Session 12 Knowledge check: quiz
  • SLIDES EM analysis
  • SLIDES DEMA on embedded
  • Session 13. SCA countermeasures
  • 13.1 (THEORY) Generic SCA Countermeasure Classes
  • 13.2 (EXERCISE) DEMA on TC2 (3DES with random delays)
  • Session 13 Knowledge check: quiz
  • SLIDES SCA Countermeasures
  • SLIDES Elastic Alignment
  • Session 14. Smart triggering with icWaves
  • 14.1 (THEORY) Smart Triggering
  • 14.2 (EXERCISE) Real-Time Pattern Triggering on TC8
  • Session 14 Knowledge check: quiz
  • SLIDES Smart Triggering with icWaves
  • Session 15. SCA on contactless smartcards
  • 15.1 (THEORY) Contactless Smartcard Technology
  • 15.2 (THEORY) Tools and Setup
  • 15.3 (EXERCISE) Simple Radio Frequency Analysis (SRFA) on TC5 (RSA)
  • Session 15 Knowledge check: quiz
  • SLIDES Contactless Smartcards and SRFA
Completion rules
  • All units must be completed
  • Leads to a certification with a duration: 1 year