|17 Apr||Monday||09:00 to 17:00 CEST/GMT+2||8 Hours|
|18 Apr||Tuesday||09:00 to 17:00 CEST/GMT+2||8 Hours|
The latter class is known to be the most potent. On top of that, it also often brings sufficient knowledge about the target for the creation of easier-to-perform methods (non- and semi-invasive) to exploit weaknesses found in the embedded firmware and the hardware itself.
This training is designed to give to Integrated Circuit professionals as well as newcomers a deep understanding of the complete Reverse-Engineering and Exploitation chain for various purposes such as building more secure designs, choosing the right device for a given application, improving the security risk assessment by taking the embedded firmware into consideration but also to find vulnerabilities in « Secure Elements » so as to conduct forensics analysis.
Students who complete this course will be familiar with all important classes of low-level hardware attacks (shield and hardware counter-measures bypass – ROM and Flash/EEPROM dump – bus passive and active probing – …) through real world examples covering the entire analysis workflow from the lab to the data analysis.
An introduction to non- and semi-invasive attacks will be given so as to be able to exploit the results of the IC RE and code dump results.
This training will be a mixture of theoretical lectures and practical assignments which will give the attendees all the key knowledge to perform such complete hardware + software analysis to reach their specific needs from in depth security evaluation to forensics data extraction.
When it comes to encrypted devices, one may want to gather embedded evidences while another would like to be able to check if a hardware backdoor is present or if the component and / or its embedded firmware (boot ROM / user code) contain intrinsic breaches, that could be exploited by a pirate.
• Integrated Circuits Structure • Transistors, CMOS logic and associated weaknesses • Digital logic and Memories • Failure Analysis and Reverse-Engineering Methods • Embedded Firmware and Secret Data Dump: ROM & Flash Dump > Analytical and Invasive ROM Dumps > Linear Code Extraction Based Methods • Automating the Entire Process • How to use the RE and code extraction results • Using scripting language to extract useful information • Writing VHDL model to simulate part of the circuit • Choosing the right types of attacks for a given study • Non-, semi- and fully invasive attacks with a focus on the latter • RE based attacks
Oliver Thomas studied Electrical Engineering (EE) and subsequently worked for a major semiconductor manufacturer designing analog circuits.
Then, Olivier began to work in the field of Integrated Circuit (IC) security as the head of one of the world’s leading IC Analysis Labs.
The lab primarily focused on securing future generation devices as well as developing countermeasures for current generation devices to combat piracy and counterfeiting.
During this time Olivier helped develop many new and novel techniques for semi- and fully-invasive IC analysis.
He has an extensive background in all the Failure Analysis techniques and equipment necessary for accessing vulnerable logic on a target device. Combined with his experience as an IC design engineer, Olivier continues to develop techniques for automating the analysis process. These techniques are not only applicable to lower complexity devices such as smartcards, which are the traditional targets for IC analysis, but they are applicable to modern semiconductor devices with millions of gates, such as modern System-on-Chips (SoCs). Olivier is the author of ARES (Automated Reverse Engineering Software), a software toolchain for the efficient analysis of designs of independent of their logical size.
He is the founder and CTO at Texplained SARL.