Updates Coming Summer 2021!

Sign up below to get notified about course updates and new releases.

Learning Highlights

This course is designed to start you on your journey in power analysis, but this self-contained course doesn't stop with just the theory. Recover passwords and break symmetric encryption on the ChipWhisperer targets, and then learn what is needed to apply this to real world devices. This online course is self-paced and can be completed with virtual labs (no hardware required) or with ChipWhisperer hardware. Enrollment gives you access to current course material and any updates or changes that are made to the course in the future.

  • Learn the theory behind power analysis, and validate it with hands-on labs.

  • Recover an encryption key from real AES-128 implementations running in firmware.

  • Learn about tools and equipment for performing attacks on real devices, including triggering and measurement.

Course curriculum

  • 1

    Welcome to the course!

    • Welcome to SCA101 - The Alpha Build

    • Welcome to SCA101

    • Environment Setup

  • 2
  • 3

    Part 2: Introduction to Power Analysis

    • Linking Power to Program Flow

    • QUIZ: Linking Power to Program Flow

    • LAB: Instruction Power Differences (SIMULATED)

    • LAB: Instruction Power Differences (HARDWARE)

    • QUIZ: Instruction Power Differences

    • LAB: Power Analysis for Password Bypass

    • QUIZ: Power Analysis for Password Bypass

    • Measuring Power In-Circuit Invasively (Basics)

    • Measuring Power In-Circuit Invasively (Tools & Advanced Techniques)

    • QUIZ: Measuring Power In-Circuit Invasively

  • 4

    Part 3: Power Analysis to Leak Data

    • What Power Tells us about Internal Data Bus States

    • LAB: Large Hamming Weight Swings

    • QUIZ: Large Hamming Weight Swings

    • Differential Power Analysis (DPA) on AES Part 1

    • LAB: Recovering Data from a Single Bit

    • QUIZ: Recovering Data from a Single Bit

    • Differential Power Analysis (DPA) on AES Part 2

    • LAB: DPA on Firmware Implementation of AES

    • QUIZ: DPA on Firmware Implementation of AES

  • 5

    Part 4: Correlation Power Analysis Attack

    • Internal Data Bus State and Power Correlation

    • LAB: Power and Hamming Weight Relationship

    • QUIZ: Power and Hamming Weight Relationship

    • Correlating Power Measurements with Key Guesses (CPA Attack)

    • LAB Intro: CPA on Firmware Implementation

    • Quiz: CPA on Firmware Implementation of AES

    • LAB Intro: ChipWhisperer Analyzer CPA Attack

    • QUIZ: CPA Attack with Analyzer

  • 6

    Part 5: Applying CPA Attacks

    • Requirements for CPA Attacks in Real Life

    • ChipWhisperer-Analyzer Attack Result Types

    • LAB: A Streamlined CPA Attack (CPA Analyzer)

  • 7

    Part 6: Probes & Triggers

    • Measuring Power In-Circuit (Non-Invasive)

    • QUIZ: Measuring Power In-Circuit (Non-Invasive)

    • DEMO: NewAE H-Field Probe on UFO Board

    • Triggering Encryption Operations

    • QUIZ: Triggering Encryption Operations

    • Triggering Power Analysis

    • DEMO: Analog (SAD) Trigger with ChipWhisperer-Pro

    • QUIZ: Triggering Power Analysis

    • LAB: Jittery Triggering on UART

    • QUIZ: Jittery Triggering on UART

  • 8

    Conclusions & Next Steps

    • DEMO: Instrumenting a Development Board

    • Next Steps in your Power Analysis Journey

Hardware & Labs

This course does not require hardware to complete the majority of labs.

The student experience is significantly improved with any of the "hardware" options, as it allows them to change and recompile the firmware. Note that the fault injection courses have different hardware requirements (Group B at minimum) if you are registering for all courses.

Simulation includes ANY of:

  • Running local VirtualBox VM.
  • Local ChipWhisperer install.
  • Online using Google account (Co-Lab).

Hardware Group A:

Hardware Group B includes ANY of:

Lab Name Course Simulator Group A Hardware Group B Hardware
Instruction Power Differences PA101

Power Analysis for Password Bypass PA101

Large Hamming Weight Swings PA101

Recovering Data from a Single Bit PA101

DPA on Firmware Implementation of AES PA101

CPA attack against a simple AES-128 Implementation PA101

Manual CPA Attack PA101

Jittery Triggering on UART PA101