>
curriculum/Hardware Security
section 13 of 152 min read

13. Going Further

Books

  • Colin O'Flynn and Jasper van Woudenberg, The Hardware Hacking Handbook (2021). The single best modern textbook on side channels and fault injection, with ChipWhisperer integration throughout.
  • Andrew "bunnie" Huang, Hacking the Xbox (2003) and The Hardware Hacker (2017). Foundational, beautiful, accessible.
  • Yongbin Zhou and Dengguo Feng, Side-Channel Attacks: Ten Years After Its Publication (2005, surveys early DPA). Historical anchor.
  • Joppe Bos and Martijn Stam, Topics in Cryptography Embedded (2019, EUMEMS series). Modern technical depth.
  • Stephane Mangard, Elisabeth Oswald, and Thomas Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards (2007). The reference text on power analysis.
  • Lex Schoonen, Practical Hardware Pentesting (2021). Aimed at practitioners.

Tools

  • ChipWhisperer (NewAE Technology). Open-source side-channel and FI capture/glitch platform. Lite version 300,Huskyversion300, Husky version 1500. Documentation and training labs are extraordinary.
  • JTAGulator. Joe Grand's TAP-discovery tool.
  • Saleae Logic / sigrok. Logic-analyzer software stacks for protocol decode.
  • Bus Pirate, Aardvark, Total Phase Beagle. Bus interfaces for SPI/I2C/UART exploration.
  • Proxmark3, Flipper Zero. RFID/NFC research and casual exploration.
  • HackRF, USRP, RTL-SDR. SDR platforms for RF security work.
  • Ghidra, IDA Pro, Binary Ninja, radare2. Firmware reverse engineering.
  • OpenOCD, J-Link. Debug-probe software.

Practice

  • DEF CON Hardware Hacking Village. Annual, hands-on.
  • Embedded CTF (eCTF), MIT Lincoln Lab. Annual collegiate competition.
  • rhme, riscure-school CTFs. Online side-channel and FI challenges.
  • Buy old IoT devices and tear them apart. Routers, IP cameras, baby monitors. The boards from 2010-2018 are full of un-disabled JTAG, default SSH keys, and unencrypted firmware updates.
  • ChipWhisperer training labs. From "first DPA" to "fault-injecting AES rounds", the lab series covers the techniques in this chapter with real captures.

Research frontiers

  • Post-quantum cryptography in hardware. Lattice-based KEMs (Kyber) and signatures (Dilthium) have very different performance profiles than RSA/ECC; hardware implementation and side-channel analysis are active.
  • ML-resistant PUFs. Designs that defeat modeling attacks while remaining manufacturable.
  • Anti-Trojan techniques. Split manufacturing, gate-camouflage, layout-locked netlists.
  • Side-channel resistance for AI accelerators. Neural-network weights are the new keys, and TPUs/NPUs leak them through power and timing.
  • Quantum-resistant secure boot. ROM-resident PQC implementations within tight code-size budgets.
  • Hardware fuzzing. Automated discovery of CPU vulnerabilities through formal models and fuzzing of microarchitectural state.