Ir al contenido principal

TUGrazX: Physical and Advanced Side-Channel Attacks

Software-based and physical side-channel attacks have similar techniques. But physical attacks can observe properties and side effects that are usually not visible on the software layer. Thus, they are often considered the most dangerous side-channel attacks. In this course, we learn both about physical side-channel attacks but also about more advanced software-based side channels using prefetching and branch prediction. You will work with these attacks and understand how to mitigate them.

Physical and Advanced Side-Channel Attacks
10 semanas
3–4 horas por semana
A tu ritmo
Avanza a tu ritmo
Gratis
Verificación opcional disponible

Hay una sesión disponible:

Una vez finalizada la sesión del curso, será archivadoAbre en una pestaña nueva.
Comienza el 23 abr
Termina el 6 jun
Inscríbete
Physical and Advanced Side-Channel Attacks

Sobre este curso

Omitir Sobre este curso

On the hardware side, we will mount power analysis attacks on the cryptographic algorithms RSA and AES. We will see that simple power analysis attacks and differential power analysis attacks are powerful enough to obtain fine-grained information such as cryptographic keys, user input, or secrets of the operating system. This skill set and knowledge will give you the ability to spot these side channels in hardware and software projects. We will then cover countermeasures and mitigation strategies that allow you to develop side-channel-resilient hardware and software and protect your security-critical applications and sensitive information.

On the software side, we will learn about branch prediction an prefetching. We will learn how these mechanisms can be subverted into powerful side-channel attacks. You will need programming skills (C, C++, Python) and we will provide you with the knowledge required beyond these, including basics on hardware design, computer architecture, operating systems, and cryptography.

You will learn which attacks are relevant in the concrete environments you are working with, extending to your risk assessment skills. In a set of small exercises, you will demonstrate that you understood the techniques behind simple power analysis, and differential power analysis, as well as prefetch side channels and branch-prediction side channels.

De un vistazo

  • Institution TUGrazX
  • Subject Informática
  • Level Intermediate
  • Prerequisites

    Knowledge and skills from the prerequisite courses Side Channel Security S3: Cache Side-Channel Attacks and Mitigations.

    We expect basic programming skills on a similar level as in the prerequisite course. You may have obtained these as part of a university program such as computer science or a high school degree with a focus on computer science.

  • Associated programs
  • Language English
  • Video Transcript English
  • Associated skillsCryptography, Operating Systems, Hardware Design, Algorithms, Advanced Encryption Standard (AES), Cryptographic Keys, Forecasting, Risk Analysis, Resilience, Mitigation, C (Programming Language), Python (Programming Language), Computer Architecture, RSA (Cryptosystem), C++ (Programming Language)

Lo que aprenderás

Omitir Lo que aprenderás

- Understand where real-world systems expose physical side channels and how to exploit them
- How and why Simple Power Analysis and Differential Power Analysis work
- Understand the security risks posed by physical side-channel attackers as well as sophisticated software-based attackers
- Understand how these attacks can be mitigated.

Plan de estudios

Omitir Plan de estudios

- Episode 1: A Single Trace

Daniel breaks his student card that lets him enter the student lab. Fortunately, they just learned about physical side-channel attacks and so Daniel comes up with a plan how to get his entry back, with simple power analysis.

- Episode 2: What a Difference a Trace Makes

After deciding that simple power analysis is too simple, we now break into the lab again, but this time with a more realistic attack, namely differential power analysis.

- Episode 3: Mask, Hide and Seek

The flatmates realize that differential power analysis is difficult to mitigate, and learn about what can be done and how effective it is. In the end, they figure out that masking with a higher number of shares is the solution they were looking for.

- Episode 4: Where do we go from here? Jonas realizes that the branch predictor could be an interesting element to mount attacks on the test system. He figures out that the branch predictor exposes side-channel information.

- Episode 5: Prefetch Me If You Can

The flatmates realize that some instructions need to translate virtual addresses to physical ones. As this is a quite long and complicated task, they suspect that there might be some timing side channel in there.

¿Quién puede hacer este curso?

Lamentablemente, las personas residentes en uno o más de los siguientes países o regiones no podrán registrarse para este curso: Irán, Cuba y la región de Crimea en Ucrania. Si bien edX consiguió licencias de la Oficina de Control de Activos Extranjeros de los EE. UU. (U.S. Office of Foreign Assets Control, OFAC) para ofrecer nuestros cursos a personas en estos países y regiones, las licencias que hemos recibido no son lo suficientemente amplias como para permitirnos dictar este curso en todas las ubicaciones. edX lamenta profundamente que las sanciones estadounidenses impidan que ofrezcamos todos nuestros cursos a cualquier persona, sin importar dónde viva.

Este curso es parte del programa Side Channel Security – Caches and Physical Attacks Professional Certificate

Más información 
Instrucción por expertos
2 cursos de capacitación
A tu ritmo
Avanza a tu ritmo
5 meses
3 - 4 horas semanales

Formas de realizar este curso

Elige tu camino al inscribirte.

Verified Track

Audit Track

Costo

129 US$

Free

Acceso a los materiales del curso

Ilimitado

Limitado

Caduca el 2 jul

World class institutions and universities

Asistencia de edX

Certificado para compartir al finalizar

Tareas con calificación y exámenes

Visita la sección de Preguntas frecuentesen una pestaña nueva con preguntas frecuentes sobre estas modalidades.

¿Te interesa este curso para tu negocio o equipo?

Capacita a tus empleados en los temas más solicitados con edX para Negocios.
ComprarSolicitar información