top of page

2-Day Introductory Training


This 2-day course gives you an introduction to side-channel power analysis, and both clock and voltage fault injection attacks using the ChipWhisperer-Lite 32-bit board (that you get to keep). Topics include password bypass (with power analysis and fault injection), AES attacks (with power analysis and fault injection), RSA attacks (with fault injection), and more.

Topics Covered & Skills Learned

Where does Power Analysis and Fault Injection Apply?

What does hardware hacking encompass? With many skills involved in hardware hacking, we should know when power analysis and fault injection are the appropriate method for analyzing devices, and where they will be a waste of time.

Setting up ChipWhisperer

ChipWhisperer encompasses a wide variety of software and hardware. Students will learn about various features of the hardware and software, along with the setup of the software environment.

Power Analysis for Password Bypass

Power analysis is used to bypass a password check by analyzing the timing signature of the password check using power traces.

Power Analysis for AES Attacks

A basic power analysis (CPA) attack is performed on AES-128. Students will be able to recover cryptographic keys in basic AES implementations and can perform further work on their own to understand 


Students debrief on the ECU attack exercise. A brief introduction to attacks on cryptographic algorithms, including differential power analysis (DPA) are demonstrated with a hands-on lab recovering a key from an AES-128 software implementation. Future steps are described for students looking to dig deeper into cryptographic attack methods.

Class Topics by Day

Day 1

  1. Introduction to Hardware Hacking

    • Introduction, software setup.

    • What is ‘Advanced Hardware Hacking'?

  2. Simple Power Analysis & Finding Leakage

    • Simple Power Analysis (SPA) Lecture.

    • LAB: SPA for Password Bypass.

  3. Differential Power Analysis (DPA) & Leakage Detection

    • DPA Attacks on AES-128.

    • LAB: AES-128 Attack.

    • Finding Leakage.

    • LAB: Finding Leakage.

  4. Leakage Detection

    • Introduction to leakage detection.

    • LAB: T-Test for validating device security.

Day 2

  1. Introduction to Glitch Attacks

  2. Introduction to Clock Fault Injection
    • LAB: Glitch attacks (clock glitching) - finding parameters.

    • LAB: Glitch attacks (clock glitching) for password bypass.

  3. Differential Fault Analysis (DFA) of RSA

    • RSA theory & fault possibilities.

  4. Voltage Fault Injection

    • LAB: Simple voltage fault injection.

    • LAB: Voltage fault injection for DFA on RSA.

  5. Testing Real Devices

    • Lab setup, connecting to real targets.

    • Finding fault injection parameters.

    • Communications interfaces.

bottom of page