ACTIVE METHODOLOGIES IN CYBERSECURITY EDUCATION: EXPERIENCES WITH DEFENSE AGAINST SIDE-CHANNEL ATTACKS IN EDUCATIONAL ENVIRONMENTS
DOI:
https://doi.org/10.56238/arev8n4-007Keywords:
Active Methodologies, Cybersecurity, Side-Channel Attack, Embedded Systems, Practical TeachingAbstract
Considering the expansion of embedded systems, the Internet of Things, and critical digital infrastructures, cybersecurity training is becoming increasingly relevant. However, in many technical and higher education courses, information security education still predominantly focuses on theoretical content, with little practical exploration of the physical vulnerabilities present in computing devices. This limitation hinders the understanding of how cryptographic algorithms can present vulnerabilities when implemented in real hardware, especially in side-channel attacks. In this context, this study aims to investigate how the application of active methodologies can contribute to cybersecurity education through practical defense against side-channel attacks in embedded systems. For this purpose, an active methodology based on project-based learning was implemented in two classes in the technological area of Senac Garanhuns, totaling forty-two students. The activities were developed over four months using microcontrollers, prototyping boards, electronic measuring instruments, and firmware development on the STM32CubeIDE platform, allowing students to experimentally explore concepts related to physical security. The results indicated greater student engagement, strengthened analytical thinking, and a better understanding of the relationships between software execution, hardware behavior, and the exposure of sensitive data. Furthermore, the experience demonstrated institutional viability by being registered on the Senac Pernambuco Genesis Platform, highlighting the potential of active methodologies for applied cybersecurity education in embedded systems.
Downloads
References
FELL, A.; PHAM, H. T.; LAM, S. TAD: time side-channel attack defense of obfuscated source code. ASPDAC '19: Proceedings of the 24th Asia and South Pacific Design Automation Conference, ACM, 2019. Disponível em: https://doi.org/10.1145/3287624.3287694. Acesso em: 25/05/2025.
FONTOURA, F. M. Uma API criptográfica para aplicações embarcadas. 155 f. Dissertação (Mestrado em Computação Aplicada) - Universidade Tecnológica Federal do Paraná, Curitiba, 2016. Disponível em: https://repositorio.utfpr.edu.br/jspui/handle/1/1813. Acesso em: 25/06/2025.
GOULART, G.; AMARAL, É.; CORDEIRO, M.; SOARES, M.; LEAL, T. Proposta de uma ferramenta para o apoio ao processo de ensino-aprendizagem de cibersegurança. Porto Alegre: Sociedade Brasileira de Computação, 2024. p. 166-171. Disponível em: DOI: https://doi.org/10.5753/errc.2024.4684. Acesso em: 25/08/2025.
JUNIOR, E. W. S. V. Ensino de segurança da informação no fundamental 1: uso de ia e laboratórios virtuais como ferramentas. Monumenta - Revista Científica Multidisciplinar, 10(10), 324–341. Disponível em: https://doi.org/10.57077/monumenta.v10i10.274. Acesso em: 25/08/2025.
KAUR, S.; SINGH, B.; KAUR, H. Stratification of Hardware Attacks: Side Channel Attacks and Fault Injection Techniques. Original Research Published: 31 March, Volume 2, article number 183, Springer Nature, 2021. Disponível em: https://link.springer.com/article/10.1007/s42979-021-00562-3. Acesso em: 25/06/2025.
KOCHER, P. C. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: 16th International Cryptology Conference on Advances in Cryptology. London, UK: (CRYPTO'96) Springer-Verlag, 2001. Disponível em: https://link.springer.com/chapter/10.1007/3-540-68697-5_9. Acesso em: 25/06/2025.
KOCHER, P. C.; JAFFE, J.; JUN, B. Differential Power Analysis. In: 19th International Cryptology Conference on Advances in Cryptology. Santa Barbara, USA: (CRYPTO'99) Springer-Verlag, 1999. Disponível em: https://link.springer.com/chapter/10.1007/3-540-48405-1_25. Acesso em: 25/06/2025.
KOEUNE, F.; STANDAERT, F.-X. A tutorial on physical security and side-channel attacks. Foundations of Security Analysis and Design III: FOSAD 2004/2005 Tutorial Lectures. Berlin, Heidelberg: Springer Berlin Heidelberg, 2005. ISBN 978-3-540-31936-8. Disponível em: https://link.springer.com/chapter/10.1007/11554578_3. Acesso em: 25/07/2025.
LELLIS, R. N. Fluxo de ataque DPA/DEMA baseado na energia dos traços para neutralizar contramedidas por desalinhamento temporal em criptosistemas. 96f. Dissertação (Mestrado) – Programa de Pós-Graduação em Computação. Universidade Federal de Pelotas, Pelotas, 2017. Disponível em: https://bdtd.ibict.br/vufind/Record/UFPL_7aafafc0807f4c5cfa935076fdeeebbf. Acesso em: 25/06/2025.
PARAMESWARAN, S.; WOLF, T. Embedded Systems Security — An Overview. Design Automation for Embedded Systems, 12(3), 2008. Disponível em: https://www.researchgate.net/publication/220201340_Embedded_systems_security-an_overview. Acesso em: 25/06/2025.
PRODANOV, C. C.; FREITAS, E. C. de. Metodologia do Trabalho Cientifico: Métodos e Técnicas da Pesquisa e do Trabalho Acadêmico. 2. ed. Novo Hamburgo, Rio Grande do Sul: Feevale, 2013. Disponível em: https://www.feevale.br/Comum/midias/0163c988-1f5d-496f-b118-a6e009a7a2f9/E-book%20Metodologia%20do%20Trabalho%20Cientifico.pdf. Acesso em: 25/06/2025.
RAMOS, R. B. Metodologias de análise integrada de segurança crítica e segurança cibernética em sistemas ciber físicos. Digital Library of Theses and Dissertations of USP, São Paulo, 2024. Disponível em: https://doi.org/10.11606/D.3.2024.tde-12072024-091247. Acesso em: 25/06/2025.
STALLINGS, W. Cryptography and Network Security:Principles and Practice. Ed. Pearson, 2017. Disponível em: https://www.scirp.org/reference/referencespapers?referenceid=4166016. Acesso em: 25/08/2025.
STMicroelectronics. UM2407 - User manual, STM32H7 Nucleo-144 boards (MB1364). Genebra, Suíça, 2024. Disponível em: https://br.mouser.com/ProductDetail/STMicroelectronics/NUCLEO-H753ZI?qs=%252B6g0mu59x7JptTWmsgHt6Q%3D%3D. Acesso em: 25/05/25.
TEHRANIPOOR, M.; KOUSHANFAR, F. A survey of hardware trojan taxonomy and detection. IEEE Design Test of Computers, v. 27, n. 1, janeiro 2010. ISSN 1558-1918. Disponível em: https://ieeexplore.ieee.org/document/5406669. Acesso em: 25/06/2025.
WANGHAM, M. S.; DOMENECH, M. C.; MELLO, E. R. d. Infraestruturas de Autenticação e de Autorização para Internet das Coisas. In Minicursos do XIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais - SBSeg, 2013. Disponível em: https://www.researchgate.net/publication/263161591_Infraestruturas_de_Autenticacao_e_de_Autorizacao_para_Internet_das_Coisas. Acesso em: 25/06/2025.
WEBSTER, J.; WATSON, R. T. Analyzing the past to prepare for the future: Writing a literature review. MIS Quarterly, v. 26, n. 2, p. xiii-xxiii, 2002. Disponível em: https://www.researchgate.net/publication/220259996_Analyzing_the_Past_to_Prepare_for_the_Future_Writing_a_Literature_Review. Acesso em: 25/06/2025.
