skip to content

Department of Computer Science and Technology



These pages are currently being updated for 2020/2021

Principal lecturer: 
Dr Markus Kuhn
Dr Sergei Skorobogatov
Other lecturers: 
Dr Franck Courbon
Shih-Chun You
MPhil ACS, Part III
Course code: 
Digital Electronics, Programming in C
Class limit: 


This course provides a practical introduction to aspects of hardware security, in particular the reverse engineering of embedded microcontroller devices that implement a cryptographic application.

The particular target on which the practical exercises center this year will (likely) be the evaluation kit of an authentication chip embedded in consumer electronics accessories, such as ink-jet printer tanks, which implements a challenge-response protocol based on elliptic-curve public-key cryptography.


  1. Lecture 1: Introduction to Elliptic Curve Cryptography (Kuhn, ~2h)
    Exercise 1: ECSM implementation (Kuhn+You, homework)
  2. Exercise 2: PCB analysis (Skorobogatov, 2h)
  3. Lecture 2 + Reading class 1: side-channel analysis (Kuhn+You, ~2h)
    Exercise 3: side-channel attack (You, homework)
  4. Exercise 4: firmware readout and protocol logging (Skorobogatov, 2h)
  5. Exercise 5: decompilation (Kuhn, ~2h+homework)
  6. Lecture 3: VLSI basics (Skorobogatov+Courbon, ~1.5h)
    Exercise 6: Mask ROM read-out (Skorobogatov+Courbon, ~0.5h+homework)
  7. Reading class 2: VLSI reverse engineering (Courbon, 2h)
  8. Reading class 3: fault injection, trojans (Skorobogatov+Courbon, 2h)

In addition to these eight weekly 2-hour meetings, there will also be an optional weekly 1-hour exercise help session.

Each exercise is due after two weeks.


On completion of this module, students should:

  • have gained hands-on experience in some of the tools and methods involved in reverse-engineering a digital product,
  • better understand the problem of hardening a product design against reverse engineering and tampering,
  • be familiar with a range of hardware-level attack techniques and countermeasures.


The course includes three reading sessions in which several papers are discussed. Each student is expected to give a 20–30 minute presentation covering 2–3 papers in one of these reading sessions. Each student is also expected to submit in advance a 5-page essay summarizing 2–3 papers for one other of these reading sessions.

Practical work

Exercise 1: implementation of an elliptic-curve scalar multiplication (ECSM) operation in a high-level language (e.g., Python, Julia, MATLAB, Perl)

Exercise 2: preparation of a circuit diagram from high-resolution photographs and X-ray images of a target printed circuit board

Exercise 3: implementation of a timing or power-analysis side-channel attack against a security function implemented on a microprocessor test board, using oscilloscope traces provided (e.g., password check, elliptic-curve scalar multiplication).

Exercise 4: extraction of the firmware and recording of a protocol exchange from a microcontroller PCB (same target as in Exercise 2).

Exercise 5: partial decompilation (using Ghidra) of the firmware extracted in Exercise 4, along the execution path taken by the protocol exchange observed in Exercise 4.

Exercise 6: extraction of bootloader firmware from high-resolution photographs of a mask ROM, using image-processing steps to be implemented in a high-level programming language (e.g., Python, Julia, MATLAB)

NOTE: This module has a large practical element. If the module is run remotely due to COVID-19 restrictions, changes to the practical work will be required 


60% exercises: each exercise handed in will be marked and the scores of the four exercises with the highest mark will each contribute 15% to the overall mark of the course.

20% reading-class presentation.

20% reading-class essay.

Further Information

Due to COVID-19, the method of teaching for this module will be adjusted to cater for physical distancing and students who are working remotely. We will confirm precisely how the module will be taught closer to the start of term.