Lukasz.chmielewski: Learn SCA with open source tools & cheap equpiment from experts!

2017-08-05T11:49:26Z

Learn SCA with open source tools & cheap equpiment from experts!

New page

{{Session
|Has session tag=sca, open source, cheap
|Is for kids=No
|Has description=During this workshop in the Riscufefe village, security analysts from Riscure will show how Side Channel Analysis techniques work (DPA) with super cheap equipment (less than 60 euro the full setup) and Open Source SCA tools (jlSCA).

IMPORTANT: You will get a VM which you can practice what you learned; please bring your own laptop with >15GB of free disk space and VirtualBox installed (with extension package)!!
|Has website=www.riscure.com/training
|Has session type=Workshop
|Has session keywords=hardware, software, embedded, hacking, security
|Processed by village=Village:Riscufefe
|Held in language=en - English
|Has orga contact=boixcarpi@riscure.com
}}
{{Event
|Has subtitle=Saturday edition
|Has start time=2017/08/04
|Has duration=90
|Has session location=Village:Riscufefe
}}
{{Event
|Has subtitle=Sunday edition
|Has start time=2017/08/04
|Has duration=90
|Has session location=Village:Riscufefe
}}
Workshop description
(Important: bring your own laptop with Virtualbox and 15GB free disk space!)

Implementing security on embedded systems can be a difficult task. This is especially true when you write your own implementation of a crypto algorithm (either public or your own). During this workshop we perform attacks on cryptographic functions (encryption with AES, if time maybe signatures with ECDSA) using the popular Riscure HackMe platform. "We perform attacks" in this context means you, as all the exercises are hands-on! You will learn that the requirements for executing some of the attacks (e.g. cost of hardware required for SCA) are much less than you thought, and if with the right knowledge they can be straightforward. Don't worry: we will have a theoretical introduction to the attacks, but in an easy to grasp format.

For the exercises we will use a real device (the RHme board, based on an Arduino Nano board) and the challenges available on the RHme2 contest so that you can perform these attacks with your own laptop. Note that we will change the flags of the challenges, so that you can enjoy them if you attempted/solved some of them. We will also provide a Virtual Machine already pre-configured so you will be good to go from the start of the workshop. And after the workshop, if you liked these attacks, you have the chance to practice your skills with the board with the publicly available challenges for the board.

Proposed workshop program
Intro to workshop and bootstrap laptops/embedded boards for the exercises

Side Channel Analysis on private key encryption (AES) challenge
- Theory
- Exercise: Piece of SCAke

If time: public Key signature (ECDSA) challenge
- Theory
- Exercise: Secure Filesystem v1.92r1

Should I attend this workshop or not?

You should attend if:
- You have little to zero practical experience on doing hands-on attacks on crypto/security implementations
- You think that performing implementation attacks on cryptography require very specialized tooling
- You enjoy participating in CTF-like contests
- You heard of terms like SCA, DPA, ECDSA or timing attacks but have never done them yourself

You should not attend if:
- Terms like SCA, DPA, ECDSA, timing attacks have no mystery for you, and you know how to perform them
- You are not interested in practical attacks on cryptography
- You participated in the RHme contest and you beat all these challenges

Session:Cheap SCA with Open Source tools - Revision history

Lukasz.chmielewski: Learn SCA with open source tools & cheap equpiment from experts!