Course detail

Secure Hardware Devices

FIT-BZAAcad. year: 2019/2020

The main goal of the introductory part is to overview existing secure hardware devices. This is leading us toward the area of side channels. A statement that implementation of a device without a side channel is infeasible is guiding us through topics of their seriousness and evaluation. The following part is dedicated to two important attacks on side channels: Timing and power analyses. Timing analysis is applicable not only on secure devices but also on software implementations of security protocols. The simplest secure devices are smart-cards and we go through their design, electrical properties, communication protocols, and overall security. Power and fault analyses are two other very powerful attacks on smart-cards and we dedicate a couple of lectures to their theoretical descriptions and examples of results obtainable through these techniques. The topic of mitigation of side-channels' capacities and especially TEMPEST follow. The last logical part of the lectures belongs to hardware security modules: Evolution, principal applications, definition of API, and attacks on API with demonstrations of common errors.

Language of instruction

Czech

Number of ECTS credits

5

Mode of study

Not applicable.

Learning outcomes of the course unit

Theoretical and practical proficiency in design of secure information systems based on secure hardware devices. Ability to integrate secure devices (from smart-cards to hardware security modules) and identify weaknesses. Skill in thinking from an attacker's point of view and ability to use it for IS design. Theoretical and practical knowledge of essential attack categories.
Students start looking at information systems from an attacker's point of view. They also learn to identify potentially disasterous parts of information systems.

Prerequisites

Not applicable.

Co-requisites

Not applicable.

Planned learning activities and teaching methods

Not applicable.

Assesment methods and criteria linked to learning outcomes

Control of the study is performed via mid-term exam, completion of due course projects, and final exam. Evaluation of projects is based on the completeness and correctness of the delivered solutions.

Course curriculum

Not applicable.

Work placements

Not applicable.

Aims

The course applies knowledge acquired in the courses of Cryptography and Security of Information Systems (although they are not necessary prerequisite) in a particular area. It exends students' proficiency in implementation of secure and cryptographic devices. The goal is to make students search and analyse side-channels (unintended sources of information).

Specification of controlled education, way of implementation and compensation for absences

Not applicable.

Recommended optional programme components

Not applicable.

Prerequisites and corequisites

Not applicable.

Basic literature

Not applicable.

Recommended reading

Bond, M. K.: Understanding Security APIs, PhD. thesis, Cambridge 2004.
Cetin Kaya Koc: Cryptographic Engineering, Springer Publishing Company, 2008, ISBN: 0387718168 9780387718163
Debdeep Mukhopadhyay, Rajat Subhra Chakraborty: Hardware Security: Design, Threats, and Safeguards, Chapman and Hall/CRC, 2014, ISBN 9781439895832
Menezes, A.J., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography, CRC Press Series on Discrete Mathematics and Its Applications, Hardcover, 816 pages, CRC Press, 1997.
Menezes, A.J., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography, CRC Press Series on Discrete Mathematics and Its Applications, Hardcover, 816 pages, CRC Press, 1997, available on http://www.cacr.math.uwaterloo.ca/hac/
Rankl, W., Effing, W.: Smart Card Handbook, John Wiley and Sons, pp. 1120, 3rd edition, 2004.

Classification of course in study plans

  • Programme IT-MSC-2 Master's

    branch MMI , 0 year of study, summer semester, elective
    branch MBI , 0 year of study, summer semester, elective
    branch MSK , 0 year of study, summer semester, elective
    branch MMM , 0 year of study, summer semester, elective
    branch MBS , 0 year of study, summer semester, compulsory-optional
    branch MPV , 0 year of study, summer semester, elective
    branch MIS , 2 year of study, summer semester, compulsory-optional
    branch MIN , 0 year of study, summer semester, compulsory-optional
    branch MGM , 0 year of study, summer semester, elective

  • Programme MITAI Master's

    specialization NSEC , 2 year of study, summer semester, compulsory
    specialization NIDE , 0 year of study, summer semester, compulsory
    specialization NBIO , 0 year of study, summer semester, elective
    specialization NSEN , 0 year of study, summer semester, elective
    specialization NVIZ , 0 year of study, summer semester, elective
    specialization NGRI , 0 year of study, summer semester, elective
    specialization NISD , 0 year of study, summer semester, elective
    specialization NCPS , 0 year of study, summer semester, elective
    specialization NHPC , 0 year of study, summer semester, elective
    specialization NNET , 0 year of study, summer semester, elective
    specialization NMAL , 0 year of study, summer semester, elective
    specialization NVER , 0 year of study, summer semester, elective
    specialization NEMB , 0 year of study, summer semester, elective
    specialization NSPE , 0 year of study, summer semester, elective
    specialization NADE , 0 year of study, summer semester, elective
    specialization NMAT , 0 year of study, summer semester, elective
    specialization NISY , 0 year of study, summer semester, elective

Type of course unit

 

Lecture

39 hod., optionally

Teacher / Lecturer

Syllabus

  • Introduction to secure hardware devices mentioning evolution, architectures, and applications. Random number generators (HW + SW).
  • Smart-cards - a lecture covering their design, electrical properties, communication protocols. Followed by their security properties and API security.
  • Side channels - their importance from the viewpoint of implementations, evaluations, and possible classification.
  • Timing analysis from its beginning in 1996 till actual implementations and performed attacks including detailed descriptions and definitions of the conditions necessary for its application.
  • Power and fault analyses represent powerful attacks on side channels available on smart-cards.
  • IoT security.
  • Half-term exam.
  • Nonarchitectural Attacks - Specter, Meltdown, Cache Abuse, Predictors, etc.
  • Student presentations on selected topics.
  • LFSR.
  • Protection of devices against side channels, various approaches to protection, principles, influence on the functionality of the devices.
  • Reverse Engineering - Techniques, Instruments, Examples.
  • Hardware security modules (HSM) and their evolution, main applications including examples of deployment and design of protocols based on HSMs.

Project

13 hod., compulsory

Teacher / Lecturer