Title:

Secure Hardware Devices

Code:BZA
Ac.Year:2009/2010 (Not opened)
Term:Summer
Study plans:
ProgramBranchYearDuty
IT-MSC-2MBI-Elective
IT-MSC-2MBS-Compulsory-Elective - group B
IT-MSC-2MGM-Elective
IT-MSC-2MGM.-Elective
IT-MSC-2MIN-Compulsory-Elective - group B
IT-MSC-2MIN.-Elective
IT-MSC-2MIS2ndCompulsory-Elective - group S
IT-MSC-2MIS.2ndElective
IT-MSC-2MMI-Elective
IT-MSC-2MMM-Elective
IT-MSC-2MPS-Elective
IT-MSC-2MPV-Elective
IT-MSC-2MSK-Elective
IT-MSC-2EITE2ndElective
Language:Czech, English
Credits:5
Completion:examination (written)
Type of
instruction:
Hour/semLecturesSem. ExercisesLab. exercisesComp. exercisesOther
Hours:3900013
 ExaminationTestsExercisesLaboratoriesOther
Points:50200030
Guarantee:Cvrček Daniel, doc. Ing., Ph.D., DITS
Faculty:Faculty of Information Technology BUT
Department:Department of Intelligent Systems FIT BUT
 
Learning objectives:
The course applies knowledge acquired in the courses of Cryptography and Security of Information Systems (although they are not necessary prerequisite) in a particular area. It exends students' proficiency in implementation of secure and cryptographic devices. The goal is to make students search and analyse side-channels (unintended sources of information).
Description:
The main goal of the introductory part is to overview existing secure hardware devices. This is leading us toward the area of side channels. A statement that implementation of a device without a side channel is infeasible is guiding us through topics of their seriousness and evaluation. The following part is dedicated to two important attacks on side channels: timing and power analyses. Timing analysis is applicable not only on secure devices but also on software implementations of security protocols. The simplest secure devices are smart-cards and we go through their design, electrical properties, communication protocols, and overall security. Power and fault analyses are two other very powerful attacks on smart-cards and we dedicate a couple of lectures to their theoretical descriptions and examples of results obtainable through these techniques. The topic of mitigation of side-channels' capacities and especially TEMPEST follow. The last logical part of the lectures belongs to hardware security modules: evolution, principal applications, definition of API, and attacks on API with demonstrations of common errors.
Subject specific learning outcomes and competences:
Theoretical and practical proficiency in design of secure information systems based on secure hardware devices. Ability to integrate secure devices (from smart-cards to hardware security modules) and identify weaknesses. Skill in thinking from an attacker's point of view and ability to use it for IS design. Theoretical and practical knowledge of essential attack categories.
Generic learning outcomes and competences:
Students start looking at information systems from an attacker's point of view. They also learn to identify potentially disasterous parts of information systems.
Syllabus of lectures:
  1. Introduction to secure hardware devices mentioning evolution, architectures, and applications.
  2. Side channels - their importance from the viewpoint of implementations, evaluations, and possible classification.
  3. Timing analysis from its beginning in 1996 till actual implementations and performed attacks including detailed descriptions and definitions of the conditions necessary for its application.
  4. Smart-cards - a separate lecture covering their design, electrical properties, communication protocols.
  5. Power and fault analyses represent powerful attacks on side channels available on smart-cards.
  6. Protection of devices against side channels, various approaches to protection, principles, influence on functionality of the devices.
  7. TEMPEST - description of the program, principles, evolution, results.
  8. Hardware security modules (HSM) and their evolution, main applications including examples of deployment and design of protocols based on HSMs.
  9. Definition of API, attacks on API - part I will follow attacks on basic cryptographic interfaces.
  10. Definition of API, attacks on API - part II oriented primarily toward banking applications and specialised functions.
  11. Definition of API, attacks on API - part III will cover asymmetric cryptography and its implementations (e.g. PKCS#11) and known attacks.
  12. How to design API, demonstration of errors and the course wrapping-up.
Syllabus - others, projects and individual work of students:
3 projects solved in singles:
  1. timing analysis
  2. fault analysis
  3. an attack on API
Fundamental literature:
  1. Menezes, A.J., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography, CRC Press Series on Discrete Mathematics and Its Applications, Hardcover, 816 pages, CRC Press, 1997.
  2. Bond, M. K.: Understanding Security APIs, PhD. thesis, Cambridge 2004.
  3. Rankl, W., Effing, W.: Smart Card Handbook, John Wiley and Sons, pp. 1120, 3rd edition, 2004.
Study literature:
  1. Hanacek, P., Staudek, J.: Bezpecnost informacnich systemu, USIS, Praha, 2000, s. 127, ISBN 80-238-5400-3.
  2. Menezes, A.J., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography, CRC Press Series on Discrete Mathematics and Its Applications, Hardcover, 816 pages, CRC Press, 1997, available on http://www.cacr.math.uwaterloo.ca/hac/
  3. Savard, J. J. G.: A Cryptographic Compendium, 2000, available on WWW.
Progress assessment:
Control of the study is performed via mid-term exam, completion of due course projects, and final exam. Evaluation of projects is based on the completeness and correctness of the delivered solutions.