LC Networks Communication

Solutions

Certification Testing Service
  • White Box Cryptography security testing training

Product details

How do I verify if an implementation using white box cryptography protects well against side channel attacks? In this open training course, you learn how to do this. The course is aimed at software engineers that make applications with white box cryptography and at security testers that want to evaluate these solutions.

Over the past few years white box cryptography has taken its place in secure application design especially on mobile platforms. Although common place in hardware security testing, side channel attacks are relatively new but relevant on software implementations such as white box cryptography.

In this course you learn the workflow for side channel testing on a white box cryptography implementation. You learn the concepts of DPA and fault injection and you perform hands-on exercises on implementations in order to master the testing. Topics in the training include:

  • Side channel analysis: DPA, CPA, signal processing, key analysis
  • Fault injection: differential fault analysis (DFA)
  • White box cryptography and obfuscation concepts
  • Obtaining intermediate values from a software implementation
  • Signal analysis on binary traces
  • Performing side channel tests on example implementations with AES and DES

At the end of the training you will have a thorough understanding on how to evaluate the strength of a white box cryptography implementation against side channel attacks. With this understanding you will be able to make solutions that offer strong security.

People attending this training should have a software engineering background or a software security testing background. Knowledge on white box cryptography and side channel testing are not required.