Student wanting to learn

Hi all, I am currently a student studying computer science and cyber security and have picked up an interest in the hardware side of things. I have taken classes like computer architecture and C programming classes, also building an 8 bit computer (Ben Eater’s) in my free time.

I want to start picking into the security side of hardware and understand I may need a higher level knowledge base or experience and want to ask is the chipwhisperer, and the tutorials they have, a good option to learn more. I started reading their documentation and all of it seem interesting and fairly complex. As I am a broke college student, I’m considering to pick up the Chip whisperer Nano and maybe a smart chip or Arduino nano to try and do a side channel attack on my own. To my understanding this board should be good enough for learning and basic testing.

I would appreciate any advice on how to further delve into this field, if the CW Nano can be viable or any other potential resources. Thanks!

TLDR: Want to learn hardware security, is the CW Nano a good option, what are its capabilities, best ways to learn, etc.

Disclaimer: I never played with CW Nano.

But from your situation the Nano is really the best option. It’s cheap, well documented and shows concepts, so you will have a good time with it.

But Nano has its limitations, and to attack not-simple targets you will need a Lite or Pro.

Yup, I’d agree with 3 in that it sounds like your best option, but might be too limited for attacking other targets. This is super situational though, so don’t let us discourage you from trying it out and learning stuff from it. The Arduino Nano in particular sounds like a good way to get some experience modifying a board to be able to perform side channel attacks on it; as a fair warning, this is going to involve cutting traces on your board and some soldering.

The Nano supports almost all of our power analysis tutorials (so measuring power to attack things like AES), so it’s a great way to get into that part of the field. The data it collects is usually a little noisier and jittery, so you usually need more of it for a successful attack, but this usually isn’t much of an issue. It also supports voltage glitching (briefly dropping the voltage supply to the target), but not clock glitching (inserting a brief pulse into the target’s clock to disrupt its operation).

Let me know if you have any more questions and I’d be happy to help,