What you will learn
- Ability to spot side channels in hardware and software.
- Ability to leak information with hardware and software side channels.
- Understanding of concrete mitigation strategies in hardware and software.
- In-depth knowledge of state-of-the-art cache side channels.
In this program, you will learn about side channels in software and hardware. In software, we will focus on different types of caches, that are one of the main targets in software-based side-channel attacks.
On the hardware side, we will mount power analysis attacks on the cryptographic algorithms RSA and AES. We will see that simple power analysis attacks and differential power analysis attacks are powerful enough to obtain fine-grained information such as cryptographic keys, user input, or secrets of the operating system. This skill set and knowledge will give you the ability to spot these side channels in hardware and software projects. We will then cover countermeasures and mitigation strategies that allow you to develop side-channel-resilient hardware and software and protect your security-critical applications and sensitive information.
In both courses, you will practically apply the acquired skills in simple exercises based on measurements you perform on your own computer or measurements we obtained from physical devices, that we provide to you. Both courses require rudimentary programming skills (C, C++, Python). We will provide you with the knowledge required beyond these, including basics on operating systems, computer architecture, and hardware design.
Daniel Gruss is an internationally renowned expert in side-channel research and has written many seminal works in this field and presented them at renowned international conferences, especially on transient-execution attacks that affected the entire industry and defenses that have been implemented in all operating systems.
Courses in this program
TUGrazX's Side Channel Security – Caches and Physical Attacks Professional Certificate
- 3–4 hours per week, for 10 weeks
Software-based side-channel attacks can pose a severe security threat in practice. In this course, we focus on a particularly prominent case: caches and cache side-channel attacks and we will go beyond the basic Flush+Reload attack. You will work with different cache side channels and understand where timing differences in architectures originate. You will learn which mechanisms can mitigate specific side-channel techniques in practice.
- 3–4 hours per week, for 10 weeks
Software-based and physical side-channel attacks have similar techniques. But physical attacks can observe properties and side effects that are usually not visible on the software layer. Thus, they are often considered the most dangerous side-channel attacks. In this course, we learn both about physical side-channel attacks but also about more advanced software-based side channels using prefetching and branch prediction. You will work with these attacks and understand how to mitigate them.
- This course is particularly beneficial if you work in or pursue a career as an offensive security engineer, security architect, embedded software engineer, research scientist, cryptologist, or blockchain engineer.
- Expertise on side-channel discovery and mitigation is relevant to most computer technology companies today, including companies like Qualcomm, Nvidia, Intel, Arm, Apple, AMD, Microsoft, PayPal, and Facebook.
- Expertise in side channel security will also advance your skills in vulnerability discovery and mitigation, penetration testing, threat modeling, and risk assessment. You will acquire new knowledge mainly on cache side channels, power side channels, and s
Meet your instructor from Graz University of Technology (TUGrazX)
Experts from TUGrazX committed to teaching online learning