Let's make implementation attacks great again!
Important information
Workshop trainers: Rafael Boix Carpi, Alexandru Geana, Marc Witteman
Max: 30 participants
Workshop prerequisites: attendees should bring their laptops and be able to install a Linux VM (~10GB) and have two USB ports free in their laptops
Type of workshop: interactive, hands-on exercises
Duration: 3.5hrs
Location: Training room is located in front of the reception desk of Hotel Ivan.
If you want to participate in the training, send an email to: www-croatia[AT]science.ru.nl
Please write in the subject line Riscure Training. Admission is on first-come first-serve basis. We will also maintain a waiting list.
Workshop description
Implementing security on embedded systems can be a difficult task. This is especially true when you write your own implementation of a crypto algorithm (either public or your own). During this workshop we perform attacks on cryptographic functions (encryption with AES, signatures with ECDSA) and security functions (password check) using the popular Riscure HackMe platform. "We perform attacks" in this context means you, as all the exercises are hands-on! You will learn that the requirements for executing some of the attacks (e.g. cost of hardware required for SCA) are much less than you thought, and if with the right knowledge they can be straightforward. Don't worry: we will have a theoretical introduction to the attacks, but in an easy to grasp format.
For the exercises we will use a real device (the RHme board, based on an Arduino Nano board) and the challenges available on the RHme2 contest so that you can perform these attacks with your own laptop. Note that we will change the flags of the challenges, so that you can enjoy them if you attempted/solved some of them. We will also provide a Virtual Machine already pre-configured so you will be good to go from the start of the workshop. And after the workshop, if you liked these attacks, you have the chance to practice your skills with the board with the publicly available challenges for the board.
Proposed workshop program
Intro to workshop and bootstrap laptops/embedded boards for the exercisesSide Channel Analysis on private key encryption (AES) challenge
- Theory
- Exercise: Piece of SCAke
(break)
Public Key signature (ECDSA) challenge
- Theory
- Exercise: Secure Filesystem v1.92r1
Password challenge
- Theory
- Exercise: Sergei's Secret Sauce (summerschool edition)
Should I attend this workshop or not?
You should attend if:
- You have little to zero practical experience on doing hands-on attacks on crypto/security implementations
- You think that performing implementation attacks on cryptography require very specialized tooling
- You enjoy participating in CTF-like contests
- You heard of terms like SCA, DPA, ECDSA or timing attacks but have never done them yourself
You should not attend if:
- Terms like SCA, DPA, ECDSA, timing attacks have no mystery for you, and you know how to perform them
- You are not interested in practical attacks on cryptography
- You participated in the RHme contest and you beat all these challenges
Who is Riscure?
Riscure is the leading industry party in side channel and fault injection tooling. With years of experience in security evaluation and tool development, Riscure is considered by many the preferred partner in side channel testing. Riscure is experienced on giving trainings of SCA and FI regardless of background, knowledge or experience of the attendees. Our training is provided by our own security analyst staff that performs side channel tests with Inspector on a daily basis.
Instructor Bio
Rafael Boix Carpi works with Riscure BV since 2013, currently as Senior Security Analyst & Trainer. Before joining Riscure, he graduated as a M. Sc. in Computer Science Engineering, Universitat Politecnica de Valencia, Spain. Additionally he followed a Networking & Operating System specialization track, as well as a M.Sc in Telecommunications Engineering, so he can talk both in bytes and in transistors.
His fields of expertise include Side Channel Analysis and Fault Injection in embedded devices, as well as smartcard security.
Among his contributions, Rafael has presented talks and workshops in several conferences worldwide (CCC camp 2016, PANDA 2016, ChinaCrypt 2015, SPACE 2015, Crypto Summerschool 2015 and 2014, ...), as well as authored and collaborated in several research papers especially on the topic of Fault Injection. Rafael is interested in information security, software development, hardware hacking and embedded devices. Basically tearing apart any device with chips on it until its secrets are revealed, and share how to do it.