Publication date: 
The ever-accelerating development of modern technologies is also increasing the demands for their protection. At the Embedded Security Laboratory at the Faculty of Information Technology, students learn how to protect smart devices and prevent hacker attacks. They study various aspects of Internet of Things (IoT) and embedded systems security. Thanks to the new laboratory equipment, students try out different types of cryptanalytic attacks in practical exercises to learn how to identify security threats and how to defend against them effectively.

Nowadays, you can find smart technology all around us. In the control systems of transport vehicles, smart homes, smart cities, but also in household appliances, car keys, payment cards or even public transport passes. These devices belong to the group of Internet of Things (IoT) and embedded systems (single-purpose computers and control systems that are directly embedded in smart devices), which are highly vulnerable to hacker attacks. "Our students are learning how to carry out these attacks and also how to defend against them. It is the practical knowledge of these attacks that is crucial for students, as only then will they know how to effectively defend themselves against these types of relatively common attacks in practice. Thus become experts in the security and protection of embedded systems," adds Dr.-Ing. Martin Novotný.

An example of such security threats are side-channel attacks, whereby an attacker attempts to obtain information for later exploitation. The attacker's goal is often to gain control of the device or to obtain user data (for example, to discover the encryption key used or to reveal the PIN). The behaviour of the compromised device often remains almost unchanged, and the attack can take place completely undetected. In order to be able to counter and effectively defend against these attacks, students must first try them out in practice. In the lab, students will learn to implement side-channel attacks, from preparing the device and measuring its power consumption, to analysing the data and finally breaking the cryptosystem. They will thus learn to identify specific threats and, last but not least, learn ways to prevent such attacks and properly secure the system. This year, the lab plans to expand the training to include attacks using electromagnetic radiation from devices as well as active attacks consisting of fault injection.

The teaching equipment is financed from faculty resources and the teaching is co-financed by the project of the Ministry of Education and Science from the Operational Programme Research, Development and Education, ESF Call for Universities II, titled CTU ESF II Project - Introduction of practical teaching of selected types of cryptanalytic attacks.

More information about the Embedded Security Lab is available here

Photo, courtesy of: CTU Faculty of Information Technology