
|
ECE 5520: Secure Hardware Design Spring 2010
Instructor: Patrick Schaumont
Prerequisites: ECE 4514 (or equivalent). Students need an
understanding of contemporary digital design using a hardware
description language.
Syllabus (spring 2010)
Summary: Design and implementation of secure hardware
at multiple levels of abstraction, covering cryptographic
hardware primitives, cryptographic modules, and trusted
platforms. Reverse engineering of cryptographic modules using
passive attacks, active attacks, and cryptanalytic
techniques. Countermeasures against reverse engineering. The
course uses case studies and literature surveys to reflect on
the state-of-the-art in secure hardware
implementation. Cryptography theory is covered on an as-needed
basis.
Text Book:
This course is based in part on the following references.
-
Understanding Cryptography
[Online Version]
by C. Paar and J. Pelzl (Springer 2009)
-
Cryptographic Algorithms on Reconfigurable Hardware
[Online Version]
by F. Rodriguez-Henriquez, N. A. Saqib, A. Diaz-Perez, and C. K. Koc (Springer 2007)
- Cryptographic
Engineering
[Online Version]
by Cetin Kaya Koc, Ed. (Springer 2009)
- Power Analysis Attacks:
Revealing the secrets of smartcards,
[Online Version]
by Stefan Mangard,
Elisabeth Oswald, Thomas Popp (Springer 2007).
- Secure Telecommunication Systems,
Course notes and slides by Kris Gaj, George Mason University
- Cryptography and Computer Network Security,
Course notes and slides by Kris Gaj, George Mason University
Additional References:
- Synthesis
of Arithmetic Circuits: FPGAs, ASICs, and Embedded Systems
by Jean-Pierre Deschamps, Gery Bioul, Gustavo Sutter
(Wiley 2006).
- Synthesis
of Arithmetic Circuits: FPGAs, ASICs, and Embedded Systems
by Jean-Pierre Deschamps, Gery Bioul, Gustavo Sutter
(Wiley 2006).
-
Cryptography Engineering,
by Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno
(Wiley 2010).
- Handbook of Applied Cryptography,
by A.J. Menezes, P.C. van Oorschot, S.A. Vanstone, CRC Press, 1996.
-
Guide to Elliptic Curve Cryptogrpahy
by Darrel Hankerson, Scott Vanstone and Alfred Menezes (Springer 2004)
-
A Classical Introduction to Cryptography
by S. Vaudenay (Springer 2006)
- Elementary Number Theory, Cryptography and Codes
by M. W. Baldoni, C. Ciliberto and G. M. P. Cattaneo (Springer 2009)
- Encyclopedia of Cryptography and Security
by H. van Tilborg, Ed. (Springer 2005)
- Cryptography in C and C++
by M. Welschenbach (Springer 2005)
Questions? Contact the instructor at schaum@vt.edu
|
|
|
Slides spring 2010
|
|
Lecture 1
|
Introduction
- What is Secure Hardware Design?
- The Clipper Chip
- Basic Crypto Ideas
|
|
Lecture 2
|
Random Number Generators (Principles of Design)
- Standard requirements for RNG
- Classification of RNG: Deterministic and Non-deterministic
- Design of Deterministic RNG
- Design of Non-deterministic RNG: Entropy, Compression Function, Sources of Entropy
|
|
Lecture 3
|
Random Number Generators (Testing and Examples)
- Tests on Random Number Generator
- Probability density function
- Hypothesis test = statistic + significance
- Example statistic: Freq test, Runs test
- Test Suites: DIEHARD, NIST
- Random Number generator Design
- DRNG: LCG, RSA
- TRNG: Epstein, Ring Oscillator, Vasyltsov
|
|
Lecture 4
|
Prime Field Arithmetic: Part 1: Introduction
- Modular Arithmetic
- Finite Fields
- Prime Fields
- Multiprecision Arithmetic: Multiplication and Squaring
- Reduction Techniques
|
|
Lecture 5
|
Prime Field Arithmetic Part 2: Montgomery Multiplication & Exponentiation
- Exponentiation
- Montgomery Multiplication
- Montgomery Exponentiation
- NIST Primes
|
|
Lecture 6
|
Binary Field Arithmetic Part 1: Introduction
- Polynomial Basis
- Primitve Polynomial
- Addition
- Reduction
- Multiplication
|
|
Lecture 7
|
Binary Field Arithmetic Part 2: Faster Multiplication
- Bit-parallel Multiplication
- Karatstuba Offman Decomposition
- Montgomery Multiplication
- Other representations - Normal Basis
- Summary of Finite Field Arithmetic
|
|
Lecture 8
|
Elliptic Curve Cryptography: The Point Multiplication
- Elliptic Curves
- EC Group Structure
- Adding and Doubling of Points
- Point Coordinate Systems
- The Point Multiplication
|
|
Lecture 9
|
Elliptic Curve Cryptography: Efficient Implementation
- Making signatures with a point multiplication
- High-speed Point Multiplication on FPGA
- Hardware-supported ECC Cryptanalysis
|
|
Lecture 10
|
Hash Functions: Design
- Hash function concepts
- Merkle-Damgard construction
- Block-cipher based hash
- Applications
- Implementation Example: MD5
|
|
Lecture 11
|
Hash Functions: Implementation
- Hasing History, SHA-3
- Design Example: Whirlpool
- Hash Module Interfaces
|
|
Lecture 12
|
Block Ciphers: Overview
- Pipelining/Retiming: Recap
- Block Cipher Structure: SP Network, Feistel Network, Key Schedule
- High-throughput Implementation
|
|
Lecture 13
|
Block Ciphers: AES
- AES History
- AES Round definition
- Standard Hardware Mapping
- SBox Optimization
- Compact Implementation
|
|
Lecture 14
|
Basics of Side-channel Analysis
- Logical vs Physical Attacks
- Timing
- Power Dissipation: Sources and Models
- Taking and Using Measurements
|
|
Lecture 15
|
Advanced Side-channel Analysis
- Simple Power Analysis
- Differential Power Analysis
- Example: DPA on AES Hardware
- Example: DPA on AES Software
- Multi-bit DPA (CPA)
- Power Models
|
|
Lecture 16
|
Fault Attacks
- Types of Faults
- Fault Models
- Fault Attacks on Symmetric-Key Algorithms
- Implementation Atatcks - Summary
|
|
Lecture 17
|
Countermeasures against SCA: Hiding
- SPA, DPA
- Hiding: WDDL
- Implementation Issues: ASIC, FPGA
|
|
Lecture 18
|
Side Channel Countermeasures: Masking
- SCA Countermeasures: Hiding and Masking
- Masking Operation
- Masked Functions
- Secret Sharing
- Perfect masking
- Masked Logic Styles: RSL, MDPL
|
|
Lecture 19
|
Fault-Attacks and Side-channel Analysis on ECC
- Plain Point Multiplication
- Double-Add-Always Point Multiplication
- Doubling Attack
- Randomized Double-Add-Always Point Multiplication
- C-Safe Error Attack
- Montgomery Powering Ladder Point Multiplication
- Trade-offs between Attacks and Countermeasures
|
|
Lecture 20
|
Secure Processors: Three Examples
- IBM 4758
- AEGIS
- ARM Trustzone
|
|
|
|