Embedded Systems & Hardware Security Researcher
I'm an independent embedded systems and hardware security researcher focused on fault injection, side-channel analysis, cryptographic fault attacks such as Differential Fault Analysis (DFA), and bypassing hardware security protections like read-out and access restrictions. I build custom low-cost tools to uncover vulnerabilities in wireless SoCs, MCUs, hardware cryptographic engines, and software cryptographic implementations. My work also covers secure embedded design, with a focus on practical hardware and firmware countermeasures against physical attacks. My background as an embedded hardware/software engineer, designing firmware and hardware for connected devices, gives me a unique edge in understanding and securing the systems I break.
Using Correlation Power Analysis (CPA), the AES-128 key was extracted from the MSPM0G3507. Leakage mapping across all 10 AES rounds was performed with Reverse CPA, targeting register-write transitions that dominate switching activity during the final round. Capture was performed with a ChipWhisperer Nano, and analysis used the eShard scared library.
To the best of the author's knowledge, this is the first publicly documented key extraction from this device. This research was not reported to Texas Instruments.
Explored voltage fault injection on the Arm® TrustZone® CryptoCell 310 AES-128 engine in the Nordic nRF52840 SoC. The research demonstrates how controlled voltage glitches can lead to plaintext leakage in ECB, CBC, and CTR modes, offering insight into the impact of physical faults on hardware-based AES encryption.
Reported on Nov 13, 2024. Publicly disclosed on Apr 11, 2025, in coordination with Nordic Semiconductor ASA.
Read the Nordic Advisory here: Nordic Semiconductor Advisory - April 11, 2025.Email:
LinkedIn: