Power Analysis with the ChipWhisperer® 2-Day Power Analysis with ChipWhisperer®

26 November 2018 - 27 November 2018
Hosted by
Seaport Conference Center
459 Seaport Ct, Redwood City, CA 94063
View on Google Maps
Colin O'Flynn

Course Description

Side-Channel Power Analysis - that freaky method of extracting secret keys from embedded systems that doesn’t rely on exploits or coding errors. It can be used to read out an AES-128 key in less than 60 seconds from a standard implementation on a small microcontroller. Are your products vulnerable to such an attack? This course is loaded with hands-on examples to teach you not only about the attacks and theories, but how to apply them.

The course uses the open-source ChipWhisperer project (www.chipwhisperer.com) for both hardware & software tools, meaning attendees can immediately take the knowledge learned in this course and apply it in real life. The course includes a ChipWhisperer-Lite along with a UFO target board, so students walk away with the hands-on hardware used during the lab.

During the two-day course, topics covered will include: theory behind side-channel power analysis, measuring power in existing systems, setting up the ChipWhisperer hardware & software, several demonstrated attacks and labs, understanding leakage detection, and analyzing your own hardware.

This course has been updated from our previous 2-day course, and now goes into more depth with power analysis topics. It also includes updated hardware so we can target ARM devices, alongside hardware AES peripherals.

Side Channel Power Analysis has never been more accessible, and testing your products has never been this inexpensive or easy. Register for both the side-channel analysis course and the fault injection course to get four full days of intense training on embedded security threats.


This course targets low-level embedded systems - such as 8-bit, 16-bit, and 32-bit microcontrollers (including ARM and PowerPC). The hands-on portions will use an ARM device but the techniques are directly applicable to other microcontrollers. These techniques are most useful when attacking systems running bare-metal or a RTOS, which could include for example the bootloader mode on an automotive MCU.


This course is aimed at anyone who has previously designed or reverse-engineered embedded systems. Students are expected to be familiar with both C and Python (in-depth experience is not required, but knowledge of general syntax and how to build programs in both).

General embedded design experience is assumed - students should be familiar with UARTs, bootloaders, bus interfaces, use of microcontroller peripherals, etc. The course does not require any specific knowledge but the course content will be most valuable to someone experienced in this area.


  • 50% lecture
  • 40% Lab
  • 10% discussion

Course Outline

  1. Introduction
    • Introduction, software setup.
    • What is ‘Advanced Hardware Hacking’.
  2. Simple Power Analysis & Finding Leakage
    • Simple Power Analysis (SPA) Lecture.
    • LAB: SPA for Password Bypass.
  3. Differential Power Analysis (DPA) & Leakage Detection
    • DPA Attacks on AES-128.
    • LAB: AES-128 Attack.
    • Finding Leakage.
    • LAB: Finding Leakage.
  4. AES-256 Bootloader Challenge
    • Introduction to AES-256 bootloader.
    • LAB: AES-256 Bootloader challenge/lab.
  5. Leakage Detection
    • Introduction to leakage detection.
    • LAB: T-Test for validating devices security.
  6. Testing Real Devices
    • Lab setup, connecting to real targets.
    • Introduction to attacks beyond 8-bit devices.
    • LAB: 32-bit ARM T-Table implementation.
    • Attacking hardware cryptography.
    • LAB: Attacking hardware cryptography.

What To Bring

Students MUST bring a laptop with approximately 15GB of free space. A variety of (Python-based) tools will be installed and used, which can run on Linux & Windows. To simplify the class, a VMWare image will be provided which has all tools installed, but students are free to directly install the tools on their own computer.

Students are encouraged to bring a computer with VMWare Workstation already installed to reduce setup time.

ChipWhisperer® is a Trademark of NewAE Technology Inc., registered in the U.S and Europe. Used with Permission.


$2200 (until October 29th)
$2900 (after October 29th)
Cancellation requests by paid registrants must be made at least 45 days before the event and may be subject to an administration fee. In the event of course cancellation by the trainer, students may choose to attend an alternate course (space pending) or receive a full refund.

Pay by Credit Card

Purchase Both Classes

Register for both courses for a full four days covering both power analysis and fault injection attacks. Get a discounted rate by registering for both classes together.

Pay by Check/Wire or
Request a Group Discount

Group discounts are available for 3 or more registrations.
Request Invoice

Onsite Training

Can't make it? Our trainings are also available at a location of your choice.
Request an Onsite Quote