CSCE 50103 – Embedded Systems Security (Spring 2025)

Quick Nav

Course Information
Schedule
Assignments
Resources
Syllabus – 5013

Course Information

Instructor: Alexander Nelson, ahnelson-at-uark.edu
Lecture: T/Th – 2:00-3:15, JBHT 239
Office Hours: T/Th 3:30-5:00 and by appointment

Schedule

 

Date

Notes

Info

01/14/25 Syllabus, Lecture 1 – Introduction to Embedded Systems Security Reading 1: Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi
1/16/25 Presentation 1 – Stute 2021
Lecture 2 – Review of Embedded Systems
1/21/25 Finish Lecture 2
Lecture 3 – Real-time operating systems
Reading 2: Mangard, Stefan. “A simple power-analysis (SPA) attack on implementations of the AES key expansion.” In International Conference on Information Security and Cryptology, pp. 343-358. Springer, Berlin, Heidelberg, 2002.
1/23/25 Presentation 2 – Mangard 2002
Finish Lecture 3
1/28/25 Chipwhisperer Introduction
Chipwhisperer 2_1A
Reading 3: T. Tucker, H. Searle, K. Butler and P. Traynor, “Blue’s Clues: Practical Discovery of Non-Discoverable Bluetooth Devices,” 2023 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2023, pp. 3098-3112, doi: 10.1109/SP46215.2023.10179358.
1/30/25 Presentation 3 – Tucker 2023
Chipwhisperer 2_1B
2/4/25 Lecture 4 – Symmetric Encryption
AES In Class Python
Reading 4: Rodrigues, Cristiano, Daniel Oliveira, and Sandro Pinto. “BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus Interconnect.” 2024 IEEE Symposium on Security and Privacy (SP). IEEE, 2024.
2/6/25 Presentation 4 – Rodrigues 2024
Chipwhisperer 3_1
2/11/25 Lecture 5 – Embedded Communications, and how to exploit them!
Chipwhisperer 3_2
Reading 5:

Puschner, Endres, Thorben Moos, Steffen Becker, Christian Kison, Amir Moradi, and Christof Paar. “Red team vs. blue team: a real-world hardware Trojan detection case study across four modern CMOS technology generations.” In 2023 IEEE Symposium on Security and Privacy (SP), pp. 56-74. IEEE, 2023.
2/13/25 Presentation 5 – Puschner 2023
Chipwhisperer 3_3 – DPA
2/18/25 Alternative Instruction (Snow) Reading 6: Klix, Simon, Nils Albartus, Julian Speith, Paul Staat, Alice Verstege, Annika Wilde, Daniel Lammers et al. “Stealing Maggie’s Secrets-On the Challenges of IP Theft Through FPGA Reverse Engineering.” In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, pp. 3391-3405. 2024.
2/20/25 Alternative Instruction (Snow)
2/25/25 Presentation 6 – Klix 2024
Lecture 6 – Side Channel Analysis
Reading 7: Mun, Hyeran, Kyusuk Han, and Dong Hoon Lee. “Ensuring safety and security in CAN-based automotive embedded systems: A combination of design optimization and secure communication.” IEEE Transactions on Vehicular Technology 69, no. 7 (2020): 7078-7091.
2/27/25 Presentation 7 – Mun 2020
Chipwhisperer 4_3 – Correlation Power Analysis
3/4/25 Lecture 7 – Side Channel Prevention Reading 8: Davis, Abe, Michael Rubinstein, Neal Wadhwa, Gautham J. Mysore, Fredo Durand, and William T. Freeman. “The visual microphone: Passive recovery of sound from video.” (2014).
3/6/25 Presentation 8 – Abe 2014
Finish Chipwhisperer 4_3
3/11/25 Lecture 8 – Generalizing an Attack Model
Lecture 9 – Introduction to Fault Injection
Reading 9: David, Yaniv, Nimrod Partush, and Eran Yahav. “Firmup: Precise static detection of common vulnerabilities in firmware.” ACM SIGPLAN Notices 53, no. 2 (2018): 392-404.
3/13/25 Presentation 9 – Yaniv 2018
Chipwhisperer Fault 101-2_1 – Fault Attacks
3/18/25 Lecture 10 – Fault Injection Countermeasures
Chipwhisperer Fault 101-2_2 – Voltage Glitching
Reading 10: Chen, Zitai, Georgios Vasilakis, Kit Murdock, Edward Dean, David Oswald, and Flavio D. Garcia. “{VoltPillager}: Hardware-based fault injection attacks against intel {SGX} enclaves using the {SVID} voltage scaling interface.” In 30th USENIX Security Symposium (USENIX Security 21), pp. 699-716. 2021.
3/20/25 Presentation 10 – Chen 2021
Finish Chipwhisperer Fault 101-2_2
3/25/25 No Class – Spring Break
3/27/25 No Class – Spring Break
4/1/25 Lecture 11 – Future Directions Reading 11: M. Busch, A. Machiry, C. Spensky, G. Vigna, C. Kruegel and M. Payer, “TEEzz: Fuzzing Trusted Applications on COTS Android Devices,” 2023 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2023, pp. 1204-1219, doi: 10.1109/SP46215.2023.10179302.
4/3/25 Presentation 11 – Busch 2023
Finish Lecture 11
4/8/25 Assignment 2 Help Reading 12: Xiao, Yinhao, Yizhen Jia, Xiuzhen Cheng, Jiguo Yu, Zhenkai Liang, and Zhi Tian. “I can see your brain: Investigating home-use electroencephalography system security.” IEEE Internet of Things Journal 6, no. 4 (2019): 6681-6691.
4/10/25 Presentation 12 – Xiao 2019
4/15/25 Assignment 2 Evaluation Reading 13: A. A. Ahmed and M. K. Hasan, “Multi-Layer Perceptrons and Convolutional Neural Networks Based Side-Channel Attacks on AES Encryption,” 2023 International Conference on Engineering Technology and Technopreneurship (ICE2T), Kuala Lumpur, Malaysia, 2023, pp. 69-73, doi: 10.1109/ICE2T58637.2023.10540465.
4/17/25 Presentation 13 – Ahmed 2023
Final Exam Review
4/22/25 Final Project Workday
4/24/25 Presentation 14 –
Presentation 15 –
4/29/25 In-Class Final Project Presentations
5/1/25 In-Class Final Project Presentations

Assignments

All dates are tentative and subject to change.

Date Assigned

Date Due

Assignment

Info

2/11/2025 2/26/2025 Assignment 1 – AES on Embedded Device (see Blackboard)
4/1/2025 4/15/2025 Assignment 2 – Attacking a “Secure” embedded device

(see Blackboard)

4/17/2025 5/1/2025 Assignment 3 – Test Vector leakage Assessment

 

Resources

Type

Links

Course Textbook (Optional) The Hardware Hacking Handbook:

Breaking Embedded Security with Hardware Attacks

by Colin O’Flynn and Jasper van Woudenberg

ISBN-13: 9781593278748
Chipwhisperer GitHub https://github.com/newaetech/chipwhisperer
Class Discord Invite Link
Reading Summary Template Link