skip to primary navigationskip to content

Department of Computer Science and Technology



Course pages 2020–21

Hardware Security Practicals

Principal lecturers: Dr Markus Kuhn, Dr Sergei Skorobogatov
Additional lecturer: Shih-Chun You
Taken by: MPhil ACS, Part III
Code: P232
Hours: 16 (4 lectures, 6 practical exercises, 3x2h seminars)
Class limit: max. 8 students
Prerequisites: Digital Electronics, Programming in C


This course provides a practical introduction to aspects of hardware security, in particular the reverse engineering of embedded microcontroller devices that implement a cryptographic application.

The particular target on which the practical exercises center this year will (likely) be the evaluation kit of an authentication chip embedded in consumer electronics accessories, such as ink-jet printer tanks or batteries, which implements a challenge-response protocol based on elliptic-curve public-key cryptography.


  1. Lecture 1: Introduction to Hardware Security (Skorobogatov)
    Exercise 1: ARM Cortex programming, debugging, decompiling, logic analysis (Kuhn)
  2. Lecture 2 + Exercise 2: PCB reverse engineering (Skorobogatov)
  3. Lecture 3: Public-key cryptography (Kuhn)
    Exercise 3: firmware readout and protocol logging (Skorobogatov+Kuhn)
  4. Lecture 4: Elliptic-curve cryptography (Kuhn)
    Exercise 4: decompilation – communications (Kuhn+Skorobogatov)
  5. Lecture 5: Feedback on exercises (Skorobogatov+Kuhn)
    Exercise 5: decompilation – elliptic-curve cryptography (Kuhn+You)
  6. Exercise 6: re-implementation of single-wire interface or elliptic-curve layer
  7. Reading class 1: side-channel analysis (Kuhn+You)
  8. Reading class 2: VLSI reverse engineering, fault attacks (Skorobogatov)

In addition to these eight weekly 2-hour meetings, there will also be an optional weekly 1-hour exercise help session.

Each exercise is due after two weeks.


On completion of this module, students should:

  • have gained hands-on experience in some of the tools and methods involved in reverse-engineering a digital product,
  • better understand the problem of hardening a product design against reverse engineering and tampering,
  • be familiar with a range of hardware-level attack techniques and countermeasures.


The course includes three reading sessions in which several papers are discussed. Each student is expected to give a 20–30 minute presentation covering 1–3 papers in one of these reading sessions and prepare an essay on the topics covered.

Practical work

Exercise 1: implementation of an elliptic-curve scalar multiplication (ECSM) operation in a high-level language (e.g., Python, Julia, MATLAB, Perl)

Exercise 2: preparation of a circuit diagram from high-resolution photographs and X-ray images of a target printed circuit board

Exercise 3: implementation of a timing or power-analysis side-channel attack against a security function implemented on a microprocessor test board, using oscilloscope traces provided (e.g., password check, elliptic-curve scalar multiplication).

Exercise 4: extraction of the firmware and recording of a protocol exchange from a microcontroller PCB (same target as in Exercise 2).

Exercise 5: partial decompilation (using Ghidra) of the firmware extracted in Exercise 4, along the execution path taken by the protocol exchange observed in Exercise 4.

Exercise 6: extraction of bootloader firmware from high-resolution photographs of a mask ROM, using image-processing steps to be implemented in a high-level programming language (e.g., Python, Julia, MATLAB)

NOTE: This module has a large practical element. If the module is run remotely due to COVID-19 restrictions, changes to the practical work will be required 


60% exercises: each exercise handed in will be marked and the scores of the four exercises with the highest mark will each contribute 15% to the overall mark of the course.

20% reading-class presentation.

20% reading-class essay.

Recommended reading

Hankerson/Menezes/Vanstone: Guide to Elliptic Curve Cryptography. Springer 2004.

Mangard/Oswald/Popp: Power Analysis Attacks: Revealing the Secrets of Smart Cards power analysis attacks. Springer 2007.

Further Information

Due to COVID-19, the method of teaching for this module will be adjusted to cater for physical distancing and students who are working remotely. We will confirm precisely how the module will be taught closer to the start of term.