Side Channel Security Basics

Side channels are everywhere. They allow attackers to steal secret information that is protected and never directly exposed to the attacker. They are incredibly powerful and have disrupted the world in the last years, especially with attacks like Meltdown and Spectre that impacted most computers on the planet. You have also likely seen side channels and used them already yourself.

In this program, consisting of two courses, you will learn and practice the side-channel mindset , understand how to spot side channels in the real-world and how to use them in non-technical and semi-technical settings. The first course will provide you with the ability to spot side channels and the security problems they introduce in your job, research, studies, and in everyday life. In both courses, you will solve simple exercises using side channels in the real world and on computer systems to practically apply the acquired skills.

The first course requires no programming skills and has an entirely web-based exercise. In the second course, you will need basic programming skills (reading C code is required). We will provide you with all basics beyond that, including basics on operating systems, computer architecture, cryptography, and most importantly side-channel analysis. You will learn and practice how basic software-based side channels work and how you can mitigate them to protect yourself as well as the hardware and software you develop. We will provide you with Docker containers (and a tutorial on how to use them), to run the exercises on your own computer.

Daniel Gruss is a internationally renowned expert in side-channel research and has written many seminal works in this field and presented them at renowned international conferences, especially on transient-execution attacks that affected the entire industry and defenses that have been implemented in all operating systems.