Coming July 2020

Course registration opens soon!

Check out the detailed curriculum below to see all the included content for when the course launches. And if you're interesting in getting our complete collection of upcoming videos, be sure to see the launch special giving you this & all new courses we launch.

Learning Highlights

This course is designed to start you on your journey in power analysis, but this self-contained course doesn't stop with just the theory. Recover passwords and break symmetric encryption on the ChipWhisperer targets, and then learn what is needed to apply this to new devices.

  • Learn the theory behind power analysis, and validate it with hands-on labs.

  • Recover an encryption key from real AES-128 implementations running in firmware.

  • Learn about tools and equipment for performing attacks on real devices, including triggering and measurement.

Course curriculum

  • 1

    Welcome to the course!

    • Welcome to SCA101 - The Alpha Build

    • Welcome to SCA101

    • Environment Setup

  • 2
  • 3

    Part 2: Introduction to Power Analysis

    • Linking Power to Program Flow

    • QUIZ: Linking Power to Program Flow

    • LAB: Instruction Power Differences (SIMULATED)

    • LAB: Instruction Power Differences (HARDWARE)

    • QUIZ: Instruction Power Differences

    • LAB: Power Analysis for Password Bypass

    • QUIZ: Power Analysis for Password Bypass

    • Measuring Power In-Circuit Invasively (Basics)

    • Measuring Power In-Circuit Invasively (Tools & Advanced Techniques)

    • QUIZ: Measuring Power In-Circuit Invasively

  • 4

    Part 3: Power Analysis to Leak Data

    • What Power Tells us about Internal Data Bus States

      FREE PREVIEW
    • LAB: Large Hamming Weight Swings

    • QUIZ: Large Hamming Weight Swings

    • Differential Power Analysis (DPA) on AES Part 1

    • LAB: Recovering Data from a Single Bit

    • QUIZ: Recovering Data from a Single Bit

    • Differential Power Analysis (DPA) on AES Part 2

    • LAB: DPA on Firmware Implementation of AES

    • QUIZ: DPA on Firmware Implementation of AES

  • 5

    Part 4: Correlation Power Analysis Attack

    • Internal Data Bus State and Power Correlation

    • LAB: Power and Hamming Weight Relationship

    • QUIZ: Power and Hamming Weight Relationship

    • Correlating Power Measurements with Key Guesses (CPA Attack)

    • LAB Intro: CPA on Firmware Implementation

    • Quiz: CPA on Firmware Implementation of AES

    • LAB Intro: ChipWhisperer Analyzer CPA Attack

    • QUIZ: CPA Attack with Analyzer

  • 6

    Part 5: Applying CPA Attacks

    • Requirements for CPA Attacks in Real Life

    • ChipWhisperer-Analyzer Attack Result Types

    • LAB: A Streamlined CPA Attack (CPA Analyzer)

  • 7

    Part 6: Probes & Triggers

    • Measuring Power In-Circuit (Non-Invasive)

    • QUIZ: Measuring Power In-Circuit (Non-Invasive)

    • DEMO: NewAE H-Field Probe on UFO Board

      FREE PREVIEW
    • Triggering Encryption Operations

    • QUIZ: Triggering Encryption Operations

    • Triggering Power Analysis

    • DEMO: Analog (SAD) Trigger with ChipWhisperer-Pro

    • QUIZ: Triggering Power Analysis

    • LAB: Jittery Triggering on UART

    • QUIZ: Jittery Triggering on UART

  • 8

    Conclusions & Next Steps

    • DEMO: Instrumenting a Development Board

    • Next Steps in your Power Analysis Journey

Hardware & Labs

This course does not require hardware to complete the majority of labs.

The student experience is significantly improved with any of the "hardware" options, as it allows them to change and recompile the firmware. Note that the fault injection courses have different hardware requirements (Group B at minimum) if you are registering for all courses.

Simulation includes ANY of:

  • Running local VirtualBox VM.
  • Local ChipWhisperer install.
  • Online using Google account (Co-Lab).

Hardware Group A:

Hardware Group B includes ANY of:


Lab Name Course Simulator Group A Hardware Group B Hardware
Instruction Power Differences PA101

Power Analysis for Password Bypass PA101

Large Hamming Weight Swings PA101

Recovering Data from a Single Bit PA101

DPA on Firmware Implementation of AES PA101

CPA attack against a simple AES-128 Implementation PA101

Manual CPA Attack PA101

Jittery Triggering on UART PA101