HIT · CS Concentrations

COURSE · CY3

Hardware & Embedded Systems Security

אבטחת חומרה ומערכות משובצות

physical attacker models, side-channel leakage, and hardware roots of trust

Attacking and defending hardware, firmware, and embedded devices.

Year 313 weeks2h lecture + 2h practiceProject-based

About this course

Examine security at the hardware and firmware level, where physical access, side channels, and constrained devices create distinct threats.

Course format. Thirteen weeks, four contact hours each: a two-hour lecture (concepts and theory) and a two-hour practice session. The course is project-based; teams carry one running project end to end and present it three times, in weeks 5, 8, and 13.
What you will build

Performed a full hardware security assessment of an embedded device, mapping UART and SPI interfaces, dumping and reverse-engineering firmware with binwalk and Ghidra, extracting an AES key by differential power analysis on ChipWhisperer, then adding masking, constant-time fixes, signed updates, and debug-port lockdown.

Expected outcomes

  • Explain embedded threat models and the expanded attack surface of physical devices.
  • Describe the theory of side channels: power, timing, and electromagnetic leakage.
  • Mount differential power analysis and reason about its statistical foundations.
  • Analyze fault-injection and glitching attacks against secure boot and key handling.
  • Explain secure boot, hardware roots of trust, and the TPM 2.0 architecture.
  • Extract and reverse engineer firmware to recover secrets and logic.
  • Identify hardware interfaces such as UART, JTAG, and SPI and use them for analysis.
  • Design countermeasures: masking, constant-time code, and tamper resistance.
  • Assess an embedded product against a structured hardware threat model.
  • Evaluate the trade-offs between security, cost, and performance in hardware design.

Key topics

  • Side-channel attacks
  • Secure boot & TPM
  • Firmware analysis
  • Embedded threat models

Theoretical foundations

The concepts and results this course rests on.

  • the physical attacker model and embedded attack surface
  • the leakage model behind power, timing, and electromagnetic side channels
  • differential power analysis and its hypothesis-testing statistics
  • fault models for voltage, clock, and electromagnetic glitching
  • measured and verified boot and rollback protection
  • hardware roots of trust and the TPM 2.0 sealed-storage model
  • masking, hiding, and constant-time countermeasure theory

Prerequisites

This is a Year-3 course. It assumes the mandatory CS core: data structures and algorithms, operating systems, computer networks, databases, software engineering, and the core mathematics (linear algebra, probability and statistics, calculus, discrete mathematics). It additionally requires the specific prior courses listed below.

Course-specific prerequisites:

  • Computer organization and architecture
  • Operating systems
  • C or embedded programming

Weekly schedule 13 weeks · lecture + practice

Foundations
Wk 1
Embedded threat models and attack surface
LectureSurvey embedded system architectures, the physical attacker model, and the spectrum of hardware attacks.
PracticeTear down a target board, identify components and interfaces, and document its attack surface.
ProjectChoose the target device and produce its initial hardware threat model.
Interfaces
Wk 2
Debug interfaces and bus sniffing
LectureExplain UART, JTAG, SWD, SPI, and I2C and how exposed debug ports become entry points.
PracticeLocate and connect to a UART console and sniff an SPI bus with a logic analyzer.
ProjectMap and access the debug and bus interfaces on the target.
WatchHacker's Guide to UART Root Shells (Flashback)
Firmware
Wk 3
Firmware extraction and analysis
LectureCover flash dumping, firmware image formats, and static reverse engineering of embedded binaries.
PracticeDump flash over SPI, unpack the firmware with binwalk, and disassemble it in Ghidra.
ProjectExtract the target firmware and begin a reverse-engineering map.
WatchIntro to Firmware Analysis with QEMU and Ghidra
Wk 4
Finding secrets and logic flaws
LectureDiscuss hardcoded keys, weak update mechanisms, and vulnerability patterns in firmware.
PracticeHunt for hardcoded credentials and an update-verification flaw in the dumped firmware.
ProjectDocument recovered secrets and a firmware vulnerability in the target.
WatchHardware Hacking: UART Root Shells and Finding Secrets
Wk 5
Threat model and analysis specificationPresentation
LectureReview how interface, firmware, and physical findings combine into a coherent attack plan.
PracticeTeam presentation: each team defends its target, threat model, and planned attack chain.
ProjectFreeze the project specification and attack-plan document.
Side channels
Wk 6
Side-channel theory and timing attacks
LectureIntroduce the leakage model, timing attacks on cryptographic implementations, and the underlying statistics.
PracticeReproduce a timing attack to recover key bits from a vulnerable software routine.
ProjectAdd a timing-leak analysis of the target's crypto operations.
WatchBreaking AES with ChipWhisperer (Side Channel Analysis 100)
Wk 7
Power analysis and DPA
LectureDerive simple and differential power analysis and the hypothesis-testing model behind key recovery.
PracticeCapture power traces on ChipWhisperer and run DPA to extract an AES key.
ProjectMount a power-analysis attack against an encryption routine on the target.
WatchBreaking AES with ChipWhisperer (Side Channel Analysis 100)
Wk 8
Fault injection and glitchingPresentation
LectureExplain voltage and clock glitching, fault models, and bypassing security checks via faults.
PracticeTeam presentation: interim demo of a working side-channel or fault attack on the target.
ProjectDemonstrate the interim physical attack against the device.
WatchChipWhisperer Tutorial: Clock Glitching Attacks and Glitch Explorer · ChipWhisperer Tutorial: VCC Glitching Attacks against ATMega328
Roots of trust
Wk 9
Secure boot and chain of trust
LectureCover measured and verified boot, signature verification, and rollback protection in the boot chain.
PracticeAnalyze a secure-boot implementation and attempt a glitch to bypass signature verification.
ProjectEvaluate and attack the target's boot integrity mechanism.
WatchSecure Boot from A to Z (Bootlin)
Wk 10
TPM and hardware key storage
LecturePresent the TPM 2.0 architecture, sealed storage, attestation, and hardware-backed key isolation.
PracticeUse a TPM to seal a secret and reason about which attacks it does and does not stop.
ProjectDesign a TPM-backed key-protection improvement for the target.
WatchTPM Based Attestation: How Can We Use It for Good? (Matthew Garrett, LCA 2020)
Defenses
Wk 11
Countermeasures and constant-time design
LectureDiscuss masking, hiding, constant-time coding, and tamper-resistant design principles.
PracticeAdd masking and constant-time fixes to a routine and re-run the side-channel attack to measure improvement.
ProjectImplement and validate a countermeasure on the target.
Wk 12
Hardened firmware and secure updates
LectureCover signed updates, anti-rollback, debug-port lockdown, and secure provisioning.
PracticeImplement a signed-update verifier and lock down the exposed debug interfaces.
ProjectHarden the firmware update path and disable insecure interfaces.
WatchSecure Boot from A to Z (Bootlin)
Capstone
Wk 13
Final assessment and defensePresentation
LectureReview the full attack chain and the defenses applied across the term.
PracticeTeam presentation: final demonstration of attacks and mitigations with oral defense of findings.
ProjectDeliver the complete hardware security assessment with attacks, fixes, and report.
AI tools in this course.

Students use AI assistants to accelerate the slow parts of a hardware assessment: scripting ChipWhisperer capture and DPA analysis in Python, summarizing Ghidra decompilation of dumped firmware, and generating glue to parse SPI dumps and logic-analyzer traces. They prompt the assistant to identify candidate hardcoded keys and update-verification flaws in disassembled code, to write the statistical key-recovery analysis over power traces, and to draft masking and constant-time rewrites of a leaky routine. AI also drives tool automation (flashrom, OpenOCD, tpm2-tools) and helps interpret glitching results, but students confirm every claimed leak or recovered secret on the real bench, because power and fault behavior is physical and the assistant cannot see the oscilloscope.

Student project

Teams perform a full hardware security assessment of a real embedded device, progressing from interface mapping and firmware extraction to side-channel and fault attacks, then to designed countermeasures. Each finding is reproduced and documented. The capstone presents both the demonstrated attacks and the hardened result with an oral defense.

Requirements

  • Build a working system, not a set of disconnected exercises.
  • Be original: a new system that solves a real problem, not a re-implementation of a tutorial or course demo.
  • Show real depth: real data, real users or realistic load, and engineering trade-offs that are measured rather than assumed.
  • Carry one running project from specification to a deployed, defensible result across the whole term.
  • Work in a team of three or four and defend the design at each of the three presentations (weeks 5, 8, and 13).

Example projects

Smart-lock teardown and attackIoT camera firmware auditAES key extraction by DPASecure-boot bypass studyRouter firmware vulnerability huntTPM-backed key-storage redesignGlitch-attack on a microcontrollerConstant-time hardening project

Assessment & grading

Grading is project-based, with no written exam. Teams of three or four present one running project three times.

ComponentWhat it coversWeight
Project · SpecificationPresentation 1 (week 5): problem, objectives, and architecture20%
Project · InterimPresentation 2 (week 8): the working system demonstrated live30%
Project · FinalPresentation 3 (week 13): end-to-end demo with oral defense50%

Tools & platforms

  • ChipWhisperer: power-analysis and fault-injection platform
  • Ghidra: firmware disassembly and reverse engineering
  • binwalk: firmware extraction and analysis
  • Saleae Logic: logic analyzer for bus sniffing
  • flashrom: SPI flash dumping and writing
  • OpenOCD: JTAG and SWD debugging
  • QEMU: firmware emulation for dynamic analysis
  • Bus Pirate: low-level bus interfacing
  • tpm2-tools: TPM 2.0 experimentation and sealing
  • radare2: binary analysis and patching

Free online courses

Existing free, video-based courses this course can build on, for self-study or as a teaching basis.

In Hebrew · בעברית

Primary literature

Seminal works to read for graduate-level depth.

References

Books and resources link to an online or publisher page.

Role in each concentration

ConcentrationRole
Intelligent Software SystemsElective
Networking & Cyber SecurityCore · Semester 2
AI & RoboticsElective
AI and Quantum Computing for FinanceElective
Immersive Systems & Game DevelopmentElective
Defense Technologies & Autonomous SystemsCore · Semester 1
← CY2 · Network SecurityCY4 · Cyber-Security Governance, Risk & Compliance →