COURSE DESCRIPTION:

Modern cryptography has produced a multitude of secure ciphers that protect our daily electronic transactions. However, once the cipher is implemented on a physical device (microprocessor, FPGA, ASIC, etc.) it becomes vulnerable to side-channel and fault attacks. Side-channel attacks pose a unique challenge as an intersection of cryptography, electronics, and statistics and pervading all aspects of modern hardware security. The attacks monitor closely the power consumption or electromagnetic emission of a cryptographic device and they are able to extract the secret key using statistical techniques. More recently, we are witnessing the uprise of deep learning techniques in SCA, even for targets protected with countermeasures. Fault injection attacks, on the other hand, take advantage of inserting some disturbances (such as glitches by changing e.g. voltage, clock, temperature, etc.) into the system leading to faulty computations.

In this training we will provide introductions to both, side-channel and fault analysis, showcasing the core techniques for key recovery. Besides, we will explore advanced topics in profiling SCAs where the emphasis will be on machine learning and deep learning techniques.

Course sections:

• Introduction to side-channel attacks (1.5 days physical / 2 days virtual)
  • Basic concepts and principles
  • Side-channel leakage modeling
  • Simple power analysis (SPA)
  • Differential power analysis (DPA), Correlation Power Analysis (CPA)
  • Matlab/Python statistics tutorial
  • Correlation power analysis (CPA) in software and hardware
  • Assignment 1: Extracting the cipher key from the electromagnetic emanations from an ARM Cortex-M4 processor
  • Assignment 2: Extracting the cipher key from the power consumption of an FPGA-based AES implementation
  • Template attacks
  • Probability theory and statistics background
  • Step-by-step guide to profile and exploit a device's side-channel
  • Assignment 3: Template building/matching using the electromagnetic emanations of an industrial control system
  • Higher order attacks
  • Introduction to side-channel countermeasures (masking, shuffling, etc.)
  • Higher-order side-channel attacks
  • Assignment 4: Second-order attack using correlation and templates on a masking countermeasure implemented on an AVR smartcard
  • Assignment 5: Template attack on an ECC implementation on ARM Cortex microcontroller
  • Introduction to fault injection attacks
  • Fault attacks in practice: principles and use cases
  • Differential Fault Analysis (DFA)
  • Glitching attacks with voltage and Electro Magnetic Fault Injection (EMFI)
  • Assignment 6: Hands-on session on ChipWhisperer
• Machine learning-based side-channel attacks (1.5 days physical / 2 days virtual)
  • Basic concepts of machine learning
  • Hyperparameter tuning, Ensembles
  • Scikit-learn
  • Random forest, support vector machines, Naive Bayes, multilayer perceptron
  • Feature engineering techniques
  • Assignment 7: Extracting the cipher key in both Hamming weight and identity leakage models
  • Assignment 8: Countermeasure simulation
  • Deep Learning
  • Introduction to deep learning
  • Common methods in SCA (convolutional neural networks, multilayer perceptron, autoencoder)
  Keras
  • Assignment 9: Extracting the cipher key with multilayer perceptron and convolutional neural networks Hyperparameter tuning - advanced methods
  • Assignment 10: Running state-of-the-art publicly available architectures
  • Assignment 11: Removing misalignment with denoising autoencoder
  • Recent developments in deep learning-based SCA

KEY LEARNING OBJECTIVES:

You will learn

• how to perform differential attacks on both unprotected and masked implementation
• how to profile a device using templates and advanced ML methods
• to evaluate leakage by using TVLA methodology
• how to attack symmetric-key and public-key implementations in both, hardware and software
• how to perform DFA as a result of fault injection.

PREREQUISITES:

• Basic knowledge of crypto algorithms, such as AES and ECC
• (Ideally) some Python knowledge.

ABOUT THE TRAINER:

Stjepan PICEK is an assistant professor in the Cybersecurity group at TU Delft, The Netherlands. His research interests are security/cryptography, machine learning, and evolutionary computation. Before the assistant professor position, Stjepan was a postdoctoral researcher at ALFA group, MIT, USA. Before that, he was a postdoctoral researcher at KU Leuven, Belgium as a part of the Computer Security and Industrial Cryptography (COSIC) group. Stjepan finished his Ph.D. in 2015 with a topic on cryptology and evolutionary computation techniques. Stjepan also has several years of experience working in industry and government. Up to now, Stjepan gave more than 10 invited talks at conferences and summer schools and published more than 70 refereed papers in both evolutionary computation and cryptography journals and conferences. Stjepan is a member of the organization committee for International Summer School in Cryptography and president of the Croatian IEEE CIS Chapter. He is a general co-chair for Eurocrypt 2020, program committee member and reviewer for several conferences and journals, and a member of several professional societies.

Lejla BATINA studied and worked as a research assistant at the Technical University Eindhoven where she got her professional doctorate in Engineering degree in Mathematics for Industry - in 2001. After that she worked as a cryptographer for Pijnenburg - Securealink (later SafeNet, BV), in Vught, The Netherlands. She got her Ph.D. degree from KU Leuven, Belgium in 2005 where she also continued with postdoctoral research. She is currently a professor in the Digital Security group of the Computing Science Department at the Radboud University and active participant in the CHES and IACR communities. Her research interests are hardware security, lightweight cryptography, cryptography for pervasive computing (smart cards, RFIDs, etc.), side-channel attacks/countermeasures and implementations of cryptography.