Here you find the additional exercises that are not directly implemented on edX. You will obtain an individual code that you can use on edX to prove you completed the exercise. Make sure to watch the corresponding episode before the exercise.
In Episode 3, we learn about simple timing channels and timing coordination to build covert channels. To teach these principles without the need to write code, we illustrated them with collaborative card games. Play some rounds and obtain a code that you can enter on edX as proof that you completed the exercise.
In Episode 4, we learn about further side channels in games, timing and non-timing based. In the excercise, we will again teach these principles without the need to write code, by focusing on another timing side channel in a different collaborative card game. The channel you will use together with the bot is precisely the one we published as FDG 2019. Just play some rounds and obtain a code that you can enter on edX as proof that you completed the exercise.
Here you find the additional exercises that are not directly implemented on edX as well as Docker containers for the exercises you run on your own machine. In all cases, you will obtain answers and codes that you can use on edX to prove you completed the exercise. Make sure to watch the corresponding episode before the exercise.
In Episode 1, we learn about a simple but effective timing attack on an insecure PIN entry. As detailed on edX, there are different ways how you can solve this exercise and obtain the 3 secret PINs of the 3 difficulty levels.
In Episode 2, we learn about Flush+Reload, a powerful cache side-channel attack to observe data accesses in shared memory. Similar to the previous exercise, you have to leak a PIN code but the shared library contains a hardening against the timing side channel. However, there is still a cache side channel which you can use to leak the correct 4-digit pin code.
In Episode 3, we advance our Flush+Reload side-channel attack to extract a secret RSA key. We target a square-and-multiply implementation which has some mitigations against timing side channels.
In Episode 4, we target the OpenSSL T-table implementation with Flush+Reload side-channel attack to extract 64 bit of an 128 bit AES key.
Here you find the additional exercises that are not directly implemented on edX as well as Docker containers for the exercises you run on your own machine. In all cases, you will obtain answers and codes that you can use on edX to prove you completed the exercise. Make sure to watch the corresponding episode before the exercise.
In Episode 3, we extend the attacks we know into a Prime+Probe side-channel attack. While the attack primitives you use can be run in a very similar way on your hardware, Prime+Probe is more tied to specific hardware properties and requires manual adjustments for each platform. For this reason, we provide you with a framework in which you can implement Prime+Probe regardless of the underlying hardware but with the same attack interfaces.
In Episode 4, we perform a cache template attack on a modified version of the pin library from episode 2.2. We provide you an application that enters the PIN and the library verifies if the Pin was correct, however does not reveal the PIN. Your first task is to perform cache templating on the victim binary and detect which cache lines are used for correct and wrong digits. We recommend focusing on a single cache lines for the profiling for a single run to get the most stable results. Using the correct cache lines, you should be able to recover the correct 4-digit PIN :)
Here you find the additional exercises that are not directly implemented on edX as well as Docker containers for the exercises you run on your own machine. In all cases, you will obtain answers and codes that you can use on edX to prove you completed the exercise. Make sure to watch the corresponding episode before the exercise.
In Episode 1, we continue with simple power analysis. In a first introductory example, you will attack a PIN entry. As we cannot ship the physical devices to everyone, we provide you with a Jupyter Notebook instead that you can use without any special hardware equipment.
In Episode 2, we perform differential power analysis. In this excercise, you will extract an AES key from power traces. As we cannot ship the physical devices to everyone, we provide you with a Jupyter Notebook instead that you can use without any special hardware equipment.
In Episode 5, we break KASLR on a recent Linux. In this exercise, you will write a KASLR break using the prefetch side channel, which allows you to distinguish between present and not-present pages.
Here you find the additional exercises that are not directly implemented on edX as well as Docker containers for the exercises you run on your own machine. In all cases, you will obtain answers and codes that you can use on edX to prove you completed the exercise. Make sure to watch the corresponding episode before the exercise.
In Episode 1, we take a first dive into speculative behavior and its influence on timings. In this exercise, you will implement a Spectre-PHT attack on a vulnerable binary. You have access to the source code but must ultimately attack the original library blind to get a key to enter on edX.
In Episode 2, we perform a Meltdown attack on a simulated kernel. Use a cache side channel to recover information from the transient window.
In Episode 4, we perform a Foreshadow attack on a simulated virtual machine and host. Use a cache side channel to recover information from the transient window.
In Episode 5, we perform the ZombieLoad attack in a simulated environment. Use a cache side channel to recover information from the transient window.
Here you find the additional exercises that are not directly implemented on edX as well as Docker containers for the exercises you run on your own machine. In all cases, you will obtain answers and codes that you can use on edX to prove you completed the exercise. Make sure to watch the corresponding episode before the exercise.
In Episode 1, we perform a Rowhammer attack in a simulated environment. Using Rowhammer, you will flip a bit in the target binary to bypass a password check.
In Episode 2, we perform a fault attack on AES-128 in a simulated environment, recovering the encryption key.
In Episode 4, we attack a constant time password check using software-based power side channels in a simulated environment, recovering the password to enter on edX.
We provide you with a Docker image that already contains all the required libraries and programs to program on the assignments. Install Docker on Windows or Linux using the tutorial. You can pull the docker image from DockerHub:
docker pull sidechannelsecurity/side_channel_security
docker run -v local-folder:/home/assignments -it sidechannelsecurity/side_channel_security