Session:Cheap SCA with Open Source tools

From SHA2017 Wiki
Jump to: navigation, search
Description During this workshop in the Riscufefe village, security analysts from Riscure will show how Side Channel Analysis techniques work (DPA) with super cheap equipment (less than 60 euro the full setup) and Open Source SCA tools (jlSCA).

IMPORTANT: You will get a VM which you can practice what you learned; please bring your own laptop with >15GB of free disk space and VirtualBox installed (with extension package)!!

Type Workshop
Kids session No
Keyword(s) hardware, software, embedded, hacking, security
Tags sca, open source, cheap
Processing village Village:Riscufefe
Person organizing
Language en - English
en - English
Other sessions...


Subtitle Saturday edition
Starts at 2017/08/04
Ends at 2017/08/04 01:30
Duration 90 minutes
Location Village:Riscufefe
Subtitle Sunday edition
Starts at 2017/08/04
Ends at 2017/08/04 01:30
Duration 90 minutes
Location Village:Riscufefe

Workshop description (Important: bring your own laptop with Virtualbox and 15GB free disk space!)

Implementing security on embedded systems can be a difficult task. This is especially true when you write your own implementation of a crypto algorithm (either public or your own). During this workshop we perform attacks on cryptographic functions (encryption with AES, if time maybe signatures with ECDSA) using the popular Riscure HackMe platform. "We perform attacks" in this context means you, as all the exercises are hands-on! You will learn that the requirements for executing some of the attacks (e.g. cost of hardware required for SCA) are much less than you thought, and if with the right knowledge they can be straightforward. Don't worry: we will have a theoretical introduction to the attacks, but in an easy to grasp format.

For the exercises we will use a real device (the RHme board, based on an Arduino Nano board) and the challenges available on the RHme2 contest so that you can perform these attacks with your own laptop. Note that we will change the flags of the challenges, so that you can enjoy them if you attempted/solved some of them. We will also provide a Virtual Machine already pre-configured so you will be good to go from the start of the workshop. And after the workshop, if you liked these attacks, you have the chance to practice your skills with the board with the publicly available challenges for the board.

Proposed workshop program Intro to workshop and bootstrap laptops/embedded boards for the exercises

Side Channel Analysis on private key encryption (AES) challenge - Theory - Exercise: Piece of SCAke

If time: public Key signature (ECDSA) challenge - Theory - Exercise: Secure Filesystem v1.92r1

Should I attend this workshop or not?

You should attend if: - You have little to zero practical experience on doing hands-on attacks on crypto/security implementations - You think that performing implementation attacks on cryptography require very specialized tooling - You enjoy participating in CTF-like contests - You heard of terms like SCA, DPA, ECDSA or timing attacks but have never done them yourself

You should not attend if: - Terms like SCA, DPA, ECDSA, timing attacks have no mystery for you, and you know how to perform them - You are not interested in practical attacks on cryptography - You participated in the RHme contest and you beat all these challenges