Glitch Attacks with the ChipWhisperer® 2-Days Fault Injection with ChipWhisperer®
- 25 April 2018 - 26 April 2018
- Hosted by
- Hilton Washington DC/Rockville (click for group rate)
- 1750 Rockville Pike, Rockville, MD, 20852-1699
View on Google Maps
- Colin O'Flynn
Fault injection attacks - can you even trust your hardware? This 2-day training will cover fault injection attacks (also known as glitch attacks) on embedded systems. These attacks allow you to entirely bypass security mechanisms, dump memory over communication interfaces, and wreck havoc for fun and profit.
The course uses the open-source ChipWhisperer project (www.chipwhisperer.com) for both hardware & software tools, meaning attendees can immediately take the knowledge learned in this course and apply it in real life. The course fee includes a ChipWhisperer-Lite along with a UFO board and several targets, so students walk away with the hands-on hardware used during the lab.
This course has been updated from our previous 2-day course (that covered power analysis & fault injection), and now goes into more depth with fault injection topics. It also includes updated hardware so we can target ARM devices, alongside demonstrations of bootloader and lock bit attacks.
Fault Attacks have never been more accessible, and testing your products has never been this inexpensive or easy. Register for both the side-channel analysis course to get four full days of intense training on embedded security threats.
This course targets low-level embedded systems - such as 8-bit, 16-bit, and 32-bit microcontrollers (including ARM and PowerPC). The hands-on portions will use an ARM device but the techniques are directly applicable to other microcontrollers. These techniques are most useful when attacking systems running bare-metal or a RTOS, which could include for example the bootloader mode on an automotive MCU.
This course is aimed at anyone who has previously designed or reverse-engineered embedded systems. Students are expected to be familiar with both C and Python (in-depth experience is not required, but knowledge of general syntax and how to build programs in both).
General embedded design experience is assumed - students should be familiar with UARTs, bootloaders, bus interfaces, use of microcontroller peripherals, etc. The course does not require any specific knowledge but the course content will be most valuable to someone experienced in this area.
- 50% lecture
- 40% Lab
- 10% discussion
- Introduction, software setup.
- What is ‘Advanced Hardware Hacking’.
- Introduction to Glitch Attacks
- Introduction to Glitch Attacks & finding vulnerable parameters.
- LAB: Glitch attacks (clock glitching) for password bypass.
- LAB: Glitch attacks for memory dumping.
- Voltage Glitching.
- Finding Glitch Timing with Power Analysis
- Introduction to power analysis.
- LAB: Finding bootloader lockbit location using power analysis.
- Bypassing Device Security Lockbits
- Introduction to device memory lockbits.
- Examples of memory lockbit types
- LAB: Bypassing memory lockbits using power analysis.
- EM Fault Injection
- Introduction to EM fault injection.
- DEMO: EM Fault injection platform.
- Differential Fault Analysis (DFA)
- Introduction to DFA.
- LAB: Differential Fault Analysis (DFA) of AES.
- Testing Real Devices
- Lab setup, connecting to real targets.
- Finding fault injection parameters.
- Communications interfaces.
What To Bring
Students MUST bring a laptop with approximately 15GB of free space. A variety of (Python-based) tools will be installed and used, which can run on Linux & Windows. To simplify the class, a VMWare image will be provided which has all tools installed, but students are free to directly install the tools on their own computer.
Students are encouraged to bring a computer with VMWare Workstation already installed to reduce setup time.
ChipWhisperer® is a Trademark of NewAE Technology Inc., registered in the U.S and Europe. Used with Permission.
Registration$2200 (until March 26th)
$2900 (after March 26th)
Cancellation requests by paid registrants must be made at least 45 days before the event and may be subject to an administration fee. In the event of course cancellation by the trainer, students may choose to attend an alternate course (space pending) or receive a full refund.
Pay by Credit Card or Bitcoin
Purchase Both Classes
This course expands on the power analysis class. Get a discounted rate by registering for both classes together.
Pay by Check/Wire or
Request a Group Discount
Group discounts are available for 3 or more registrations.
Can't make it? Training is also available at a location of your choice.