Warning
Work in progress
Note
All the resources mentioned are ones I've studied/used, am currently studying or will be studying.
Side-channel attacks (SCA): An attack enabled by leakage of information from a physical cryptosystem. Characteristics that could be exploited in a side-channel attack include timing, power consumption, and electromagnetic and acoustic emissions. (Source)
Note
This section is taken from "The Hardware Hacking Book"
There are tons of types of attack on embedded systems, and here's a list of some of them:
- Software Attacks on Hardware
- Fault Injection: Practice of pushing hardware to a point that induces processing errors.
- DRAM Hammering
- CPU overclocking
- Side-Channel Attacks
- Microarchitectural attacks
- Fault Injection: Practice of pushing hardware to a point that induces processing errors.
- PCB-Level Attacks
- Logical Attacks: Attack at the level of logical interfaces.
- Debugging and Tracing
- Fuzzing Devices: The goal is to find crashes to exploit for code injection.
- Dump fuzzing: Send random data to a target and observe its behavior.
- Smart fuzzing: Focuses on protocols, data structures, typical crash-causing values, or code structure.
- Generation-based fuzzing: Fuzzing that creates inputs from scratch.
- Mutation-based fuzzing: Fuzzing that takes existing inputs and modifies them.
- Coverage-guided fuzzing: Fuzzing that takes existing data to allow you to find deeper bugs.
- Flash Image Analysis
As for hardware attacks, there're a large number of possible side-channel attacks. Here is a non-exhaustive list of SCA categories (Source):
- Cache attack
- Timing attack
- Power-monitoring attack
- Electromagnetic attack
- Acoustic cryptanalysis
- Differential fault analysis
- Data remanence
Note
The information on this section are from An Introduction to Mathematical Cryptography (Second Edition)
- Black-box model: The attacker only sees what goes in and out of the cipher.
- Gray-box model: The attacks has access to a cipher implementation.
Both of this attacks believe in the gray-box model.
However, SCA are noninvasive, whereas invasive attacks are.
Invasive attacks are more powerful than SCA, but more expensive because they require sophisitacted equipment. They require tools such as a high-resolution microscopes and a chemical lab.
Note
I find it very difficult to find free resources to perform SCA safely, which make the learning process longer, as we need theory and practice to fully understand SCA. That's why I would like to provide some practical labs, but it's going to take some time.
However, if I find practical labs for certain attacks, I'll link to those resources as well.
- Timing Attacks
- Website Fingerprinting
- Cache Attacks
- Spectre
- Meltdown
- Rowhammer
- ASLR Bypasses
- CPU Fuzzing
| Name | Type | Source |
|---|---|---|
| Side Channel Security (All Season) | Theory | TU Graz |
| Side-Channel Security – Materials (2025) | Theory / Lectures | TU Graz |
| Coursebook for attack on Implementation | Theory / Labs | Ben-Gurion University |
| Secure Hardware Design | Theory / Lab | MIT |
| Sécurité matérielle (L’interface matériel/logiciel) | Theory / Labs | Université de Rennes |
| Hackropole | CTF | ANSSI |
| Root-me | CTF | Root-Me |
| CryptoHack | CTF | CryptoHack |
| ASCAD (ANSSI SCA Database) | Databases / Trained models | ANSSI |
| COSIC (Computer Security and Industrial Cryptography) | Seminar / Workshop / Summer School | Theory / Video |
| OpenSecurityTraining2 | Courses | Theory |
| Intel SGX Explained | Theory | Paper (118 pages) |
| The Dead Drop lab | Lab | UIUC |
| MAD (micro-architecture attacks and defenses) Tutorial | Theory / Labs | ISCA 2022 |
| Computer Architecture and System Software Tutorial | Theory (Website - Youtube) / Labs | Theory / Lab |
- The Hardware Hacking Book - Breaking Embedded Security with Hardware Attacks
- Sécurité matérielle des systèmes - Vulnérabilité des processeurs et techniques d’exploitation
- Principles of Secure Processor Architecture Design
- Security Basics for Computer Architects
Resources not directly related to SCA but useful/necessary for understanding certain concepts/attacks
| Name | Content | Type |
|---|---|---|
| MIT - Introduction to Deep Learning | Deep Learning | Youtube / GitHub |
| Artificial Intelligence: A Modern Approach, 4th Global ed. | AI textbook | Book |
| A Journey in Creating an Operating System Kernel - 539kernel | Operating System | Book |
| The Fuzzing Project | Fuzzing | Website |