DANH MỤC

- ATE - Thiết bị đo tự động
- Audio and Video Quality - Đo Chất lượng âm và Video
- Automotive Telematics - Thiết bị đo Ôtô
- Avionics - Thiết bị đo Hàng Không
- Broadband Systems - Hệ thống phân tích băng thông rộng
- Brüel & Kjær
- Communications Test - Đo thông tin Vô tuyến điện
- IMA/Multi-Function Modules - Module đa chức năng
- Microwave - Counter Power Meters - Máy phát sóng
- PXI - Thiết bị điều chế RF
- Semiconductor Test - Thiết bị thử nghiệm bán dẫn
- Side-Channel Analysis - Phân tích tấn công kênh kề
- Signal Generators - Máy phát tín hiệu
- Signal Sources - Nguồn tín hiệu
- Spectrum Analyzers and Signal Analyzers - Máy phân tích tín hiệu, máy phân tích phổ
- Synthetic Test Systems - Hệ thống thủ nghiệm tổng hợp
- VIAVI Ranger
- Viavi Tera VM
- Wireless - Mạng không dây

Sản phẩm

Distributors:
--- Hãng SX ---
VIAVI Solutions
Domo Tactical
Telewave, Inc
eShard
Viavi Tera VM
Brüel & Kjær

Ref. | Subject | Case |

1 | How to trace a binary | Explanation |

2 | How to fault a binary | Explanation |

3 | esTracer/esFaulter Presentation | Explanation |

4 | Open Source Frameworks Presentation | Explanation |

5 | Frameworks Summary | Explanation |

6 | Binary handler configuration | Tutorial |

7 | Generate a launcher to trace or fault an Android native library | Tutorial |

8 | Trace or fault an Android native library | Tutorial |

9 | First steps with esTracer | Tutorial |

10 | esTracer graphical view | Tutorial |

11 | What is traced with esTracer and heuristic to focus on interesting area | Tutorial |

12 | First steps with esFaulter | Tutorial |

13 | Align traces acquired with esTracer | Tutorial |

14 | Tracer memory access | Tutorial |

15 | Customize register tracing | Tutorial |

16 | Trace based on kind of instruction | Tutorial |

17 | esFaulter Log | Tutorial |

18 | Multi-faults injection with esFaulter | Tutorial |

19 | Notion of relative/absolute instruction range option with esFaulter | Tutorial |

20 | How to narrow the area to attack with esTracer & esFaulter | Tutorial |

How to trace a binary : We explain the different theoretical ways to trace a binary (registers,

memory access ...) with their assets and drawbacks.

• How to fault a binary : We explain the different theoretical ways to fault a binary (static,

dynamic ...) with their assets and drawbacks.

• esTracer/esFaulter Presentation : We present how to trace/fault a binary with the eShard

esTracer/esFaulter frameworks.

• Open Source Frameworks Presentation : We present how to trace/fault a binary with open

source tools: Unicorn, Side Channel Marvels, Rainbow. [1,2]

• Frameworks Summary : We summarize and compare the assets/drawbacks/performance (trace

size, execution time...) for each framework.

• Binary handler configuration : This tutorial explains the concept of the BinaryHandlerConfiguration object. It eases the interaction of a binary with esTracer and esFaulter.

• Generate a launcher to trace or fault an Android native library : This tutorial explains

how to create a launcher binary in order to analyze a native Android library with esTracer or

esFaulter.

• Trace or fault an Android native library : This tutorial explains how to configure esTracer

or esFaulter to analyze a native Android library.

• First steps with esTracer : This tutorial explains how to generate a trace with esTracer. The

different options (program counter range, instruction range ...) to narrow the area of interest are

explained.

• esTracer graphical view : This tutorial explains how to get and display the graphical representation of a trace file.

• What is traced with esTracer and heuristic to focus on interesting area : This tutorial

explains the different areas of a trace file obtained with esTracer. Also, heuristics enabling to

automatically focus on areas of interest are listed.

• First steps with esFaulter : This tutorial explains how to fault a binary with esFaulter. The

different options (program counter range, instruction range, fault model ...) to narrow the area of

interest or the attack effects are explained.

• Align traces acquired with esTracer : This tutorial explains how the concept of traces resynchronisation.

• Tracer memory access : This tutorial explains how to trace the memory access with esTracer.

• Customize register tracing : This tutorial explains how to customize the register tracing with

esTracer to trace for instance only the written registers.

• Trace based on kind of instruction : This tutorial explains how to configure esTracer to trace

only specific instructions, for instance only mul.

• esFaulter Log : This tutorial explains the format of log obtained with esFaulter. The APIs to

parse it and extract information are also given.

• Multi-faults injection with esFaulter : This tutorial explains how to inject several faults with

esFaulter.

• Notion of relative/absolute instruction range option with esFaulter : This tutorial explains

the notion of relative and absolute instruction value used in esFaulter.

• How to narrow the area to attack with esTracer & esFaulter : This tutorial explains

common options of esTracer and esFaulter to narrow the area of interest.

Attack analysis

Ref. | Subject | Case |

1 | Creating your own distinguisher for attack | Tutorial |

2 | ECC: Basic SPA on ECC | Tutorial |

3 | ECC: SPA on Montgomery Ladder | Tutorial |

4 | ECC: How to attack Double and Add with CPA on input | How to |

5 | ECC: How to attack intermediate values in Scalar multiplication | How to |

6 | How to perform a 2nd order attack | How to |

7 | The Attack analysis API | Tutorial |

8 | The Attack analysis widget | Tutorial |

9 | AES: How to attack encrypt | How to |

10 | AES: How to attack decrypt | How to |

11 | DES: How to attack encrypt | How to |

12 | DES: How to attack decrypt | How to |

13 | RSA: Statistical side-channel analysis on SFM RSA | Use case |

14 | RSA: Chosen message simple side-channel analysis on SFM RSA | Use case |

15 | RSA: Chosen Operand Statistical side-channel analysis on CRT-RSA | Use case |

16 | RSA: Chosen message simple side-channel analysis on CRT RSA | Use case |

17 | RSA: Correlation side-channel analysis in SFM RSA intermediate com putations |
Use case |

18 | RSA: Simple side-channel observation on CRT RSA Traces to locate area for recombination attack |
Use case |

19 | RSA: Statistical side-channel attack in the CRT RSA recombination final multiplication to recover the first secret prime of q from the signature knowledge |
Use case |

• Creating your own distinguisher for attack : Tutorial to create a distinguisher for attack.

• ECC: Basic SPA on ECC : Read the secret key bits from side-channel traces of an ECC encryption. [1]

• ECC: SPA on Montgomery Ladder : Retrieve the secret key bits by reading the Montgomery

Ladder exponentiation.

• ECC: How to attack Double and Add with CPA on input : Explaining how to discriminate

the double from the add operation in order to recover the secret key with a CPA.

• ECC: How to attack intermediate values in Scalar multiplication : Explaining how to

target specific intermediate values during the scalar multiplication.

• How to perform a 2nd order attack : Explaining how to select two target frames and get the

outcome of the different frame combinations. Learn how to highlight the points of interest when

leakage has been found. [2,3]

• The Attack analysis API : This tutorial provides a quick hands-on and presentation of the

esDynamic SCA Attack API.

• The Attack analysis widget : This tutorial provides a quick hands-on and presentation of the

attack analysis widget.

• AES: How to attack encrypt : How to attack an AES trace set and recover intermediate key

(with ready-to-use selection function).

• AES: How to attack decrypt : How to attack an AES trace set and recover intermediate key

(with ready-to-use selection function).

• DES: How to attack encrypt : Explaining how to setup and perform a side-channel attack

analysis on DES encryption.

• DES: How to attack decrypt : Explaining how to setup and perform a side-channel attack

analysis on DES decryption.

• RSA: Statistical side-channel analysis on SFM RSA : This notebook presents how to

use correlation analysis to recover the secret exponent in an StraightForward RSA Method. The

targeted implementation is atomic and using Montgomery modular exponentiation.

• RSA: Chosen message simple side-channel analysis on SFM RSA : This notebook presents

how to use chosen message analysis with Montgomery arithmetic to recover the secret exponent

in an StraightForward RSA Method in a single trace. The targeted implementation is atomic and

using Montgomery modular exponentiation. [4]

• RSA: Chosen Operand Statistical side-channel analysis on CRT-RSA : This notebook

presents how to use chosen message statistical analysis with Montgomery arithmetic to recover

the secret exponent in CRT-RSA. The targeted implementation is atomic and using Montgomery

modular exponentiations.

• RSA: Chosen message simple side-channel analysis on CRT RSA : This notebook presents

how to use chosen message single analysis with Montgomery arithmetic to recover the secret exponent in CRT-RSA. The targeted implementation is atomic and using Montgomery modular exponentiations. [4]

• RSA: Correlation side-channel analysis in SFM RSA intermediate computations : This

notebook performs a ZEMD (Zero-Exponent-Message-Data) statistical analysis on intermediate

data of the computation to recover the secret exponent. This technique can also threaten regular

exponentiations like the Square and Multiply always or Montgomery Ladder ones. [5]

• RSA: Simple side-channel observation on CRT RSA Traces to locate area for recombination attack : This notebook perform simple side-channel analysis in a CRT RSA traces to

identify the different computation areas and identify the area related to the CRT recombination

part involving the secret prime value q.

• RSA: Statistical side-channel attack in the CRT RSA recombination final multiplication to recover the first secret prime of q from the signature knowledge : This notebook

perform the CRT recombination attack to recover the first bytes of the prime secret factor q which

composes the public modulus. The attack could be repeated to recover the remaining bytes. [6]

1

Tìm kiếm

Loading