Sản phẩm
Distributors:

 

Ref. Subject Case
1 How to trace a binary Explanation
2 How to fault a binary Explanation
3 esTracer/esFaulter Presentation Explanation
4 Open Source Frameworks Presentation Explanation
5 Frameworks Summary Explanation
6 Binary handler configuration Tutorial
7 Generate a launcher to trace or fault an Android native library Tutorial
8 Trace or fault an Android native library Tutorial
9 First steps with esTracer Tutorial
10 esTracer graphical view Tutorial
11 What is traced with esTracer and heuristic to focus on interesting area Tutorial
12 First steps with esFaulter Tutorial
13 Align traces acquired with esTracer Tutorial
14 Tracer memory access Tutorial
15 Customize register tracing Tutorial
16 Trace based on kind of instruction Tutorial
17 esFaulter Log Tutorial
18 Multi-faults injection with esFaulter Tutorial
19 Notion of relative/absolute instruction range option with esFaulter Tutorial
20 How to narrow the area to attack with esTracer & esFaulter Tutorial

 

  How to trace a binary : We explain the different theoretical ways to trace a binary (registers,
memory access ...) with their assets and drawbacks.
How to fault a binary : We explain the different theoretical ways to fault a binary (static,
dynamic ...) with their assets and drawbacks.
esTracer/esFaulter Presentation : We present how to trace/fault a binary with the eShard
esTracer/esFaulter frameworks.

Open Source Frameworks Presentation : We present how to trace/fault a binary with open
source tools: Unicorn, Side Channel Marvels, Rainbow. [
1,2]
Frameworks Summary : We summarize and compare the assets/drawbacks/performance (trace
size, execution time...) for each framework.
Binary handler configuration : This tutorial explains the concept of the BinaryHandlerConfiguration object. It eases the interaction of a binary with esTracer and esFaulter.
Generate a launcher to trace or fault an Android native library : This tutorial explains
how to create a launcher binary in order to analyze a native Android library with esTracer or
esFaulter.
Trace or fault an Android native library : This tutorial explains how to configure esTracer
or esFaulter to analyze a native Android library.
First steps with esTracer : This tutorial explains how to generate a trace with esTracer. The
different options (program counter range, instruction range ...) to narrow the area of interest are
explained.
esTracer graphical view : This tutorial explains how to get and display the graphical representation of a trace file.
What is traced with esTracer and heuristic to focus on interesting area : This tutorial
explains the different areas of a trace file obtained with esTracer. Also, heuristics enabling to
automatically focus on areas of interest are listed.
First steps with esFaulter : This tutorial explains how to fault a binary with esFaulter. The
different options (program counter range, instruction range, fault model ...) to narrow the area of
interest or the attack effects are explained.
Align traces acquired with esTracer : This tutorial explains how the concept of traces resynchronisation.
Tracer memory access : This tutorial explains how to trace the memory access with esTracer.
Customize register tracing : This tutorial explains how to customize the register tracing with
esTracer to trace for instance only the written registers.
Trace based on kind of instruction : This tutorial explains how to configure esTracer to trace
only specific instructions, for instance only mul.
esFaulter Log : This tutorial explains the format of log obtained with esFaulter. The APIs to
parse it and extract information are also given.
Multi-faults injection with esFaulter : This tutorial explains how to inject several faults with
esFaulter.
Notion of relative/absolute instruction range option with esFaulter : This tutorial explains
the notion of relative and absolute instruction value used in esFaulter.
How to narrow the area to attack with esTracer & esFaulter : This tutorial explains
common options of esTracer and esFaulter to narrow the area of interest.
  

  Attack analysis

Ref. Subject Case
1 Creating your own distinguisher for attack Tutorial
2 ECC: Basic SPA on ECC Tutorial
3 ECC: SPA on Montgomery Ladder Tutorial
4 ECC: How to attack Double and Add with CPA on input How to
5 ECC: How to attack intermediate values in Scalar multiplication How to
6 How to perform a 2nd order attack How to
7 The Attack analysis API Tutorial
8 The Attack analysis widget Tutorial
9 AES: How to attack encrypt How to
10 AES: How to attack decrypt How to
11 DES: How to attack encrypt How to
12 DES: How to attack decrypt How to
13 RSA: Statistical side-channel analysis on SFM RSA Use case
14 RSA: Chosen message simple side-channel analysis on SFM RSA Use case
15 RSA: Chosen Operand Statistical side-channel analysis on CRT-RSA Use case
16 RSA: Chosen message simple side-channel analysis on CRT RSA Use case
17 RSA: Correlation side-channel analysis in SFM RSA intermediate com
putations
Use case
18 RSA: Simple side-channel observation on CRT RSA Traces to locate area
for recombination attack
Use case
19 RSA: Statistical side-channel attack in the CRT RSA recombination final
multiplication to recover the first secret prime of q from the signature
knowledge
Use case

 

  Creating your own distinguisher for attack : Tutorial to create a distinguisher for attack.
ECC: Basic SPA on ECC : Read the secret key bits from side-channel traces of an ECC encryption. [1]

ECC: SPA on Montgomery Ladder : Retrieve the secret key bits by reading the Montgomery
Ladder exponentiation.
ECC: How to attack Double and Add with CPA on input : Explaining how to discriminate
the double from the add operation in order to recover the secret key with a CPA.
ECC: How to attack intermediate values in Scalar multiplication : Explaining how to
target specific intermediate values during the scalar multiplication.
How to perform a 2nd order attack : Explaining how to select two target frames and get the
outcome of the different frame combinations. Learn how to highlight the points of interest when
leakage has been found. [
2,3]
The Attack analysis API : This tutorial provides a quick hands-on and presentation of the
esDynamic SCA Attack API.
The Attack analysis widget : This tutorial provides a quick hands-on and presentation of the
attack analysis widget.
AES: How to attack encrypt : How to attack an AES trace set and recover intermediate key
(with ready-to-use selection function).
AES: How to attack decrypt : How to attack an AES trace set and recover intermediate key
(with ready-to-use selection function).
DES: How to attack encrypt : Explaining how to setup and perform a side-channel attack
analysis on DES encryption.
DES: How to attack decrypt : Explaining how to setup and perform a side-channel attack
analysis on DES decryption.
RSA: Statistical side-channel analysis on SFM RSA : This notebook presents how to
use correlation analysis to recover the secret exponent in an StraightForward RSA Method. The
targeted implementation is atomic and using Montgomery modular exponentiation.
RSA: Chosen message simple side-channel analysis on SFM RSA : This notebook presents
how to use chosen message analysis with Montgomery arithmetic to recover the secret exponent
in an StraightForward RSA Method in a single trace. The targeted implementation is atomic and
using Montgomery modular exponentiation. [
4]
RSA: Chosen Operand Statistical side-channel analysis on CRT-RSA : This notebook
presents how to use chosen message statistical analysis with Montgomery arithmetic to recover
the secret exponent in CRT-RSA. The targeted implementation is atomic and using Montgomery
modular exponentiations.
RSA: Chosen message simple side-channel analysis on CRT RSA : This notebook presents
how to use chosen message single analysis with Montgomery arithmetic to recover the secret exponent in CRT-RSA. The targeted implementation is atomic and using Montgomery modular exponentiations. [
4]
RSA: Correlation side-channel analysis in SFM RSA intermediate computations : This
notebook performs a ZEMD (Zero-Exponent-Message-Data) statistical analysis on intermediate
data of the computation to recover the secret exponent. This technique can also threaten regular
exponentiations like the Square and Multiply always or Montgomery Ladder ones. [
5] 

RSA: Simple side-channel observation on CRT RSA Traces to locate area for recombination attack : This notebook perform simple side-channel analysis in a CRT RSA traces to
identify the different computation areas and identify the area related to the CRT recombination
part involving the secret prime value q.
RSA: Statistical side-channel attack in the CRT RSA recombination final multiplication to recover the first secret prime of q from the signature knowledge : This notebook
perform the CRT recombination attack to recover the first bytes of the prime secret factor q which
composes the public modulus. The attack could be repeated to recover the remaining bytes. [
6]

 

1
Tìm kiếm