Course detail

System and Device Security

FEKT-DKC-BSZAcad. year: 2021/2022

The course deals with the security of embedded systems, smart devices and side-channel cryptanalysis. In particular, these topics are included: authentication systems, authentication tokens (basic types, attacks on smart cards, RFID tags), hardware security modules (HSM), programmable smart cards (.NET Cards, Java Cards, MULTOS cards), the security of smart devices (smartphones, smart watches), security systems using embedded devices (single-chip devices, microcontrollers, sensors), lightweight cryptography for compute-constrained devices, side-channel cryptanalysis, countermeasures against side-channel attacks, reverse engineering, software security (source code security) and safety assessment methodologies.

Language of instruction

Czech

Number of ECTS credits

4

Mode of study

Not applicable.

Learning outcomes of the course unit

Students will obtain theoretical foundations including practical skills in the area of security of embedded system and authentication systems. Students will be familiar with the basic systems, various scenarios, lightweight cryptography and principles of the safe implementation eliminates side-channel attacks. Based on this knowledge, studens will be able to analyze and design security solutions for embeded systems.

Prerequisites

The course requires a basic knowledge in the areas of applied cryptography, (course Cryptographic foundation or Aplied cryptography) operating system security (course ICT Security 1), network security (course ICT Security 2), advanced network security (course ICT Security 3).

Co-requisites

Not applicable.

Planned learning activities and teaching methods

Methods of educations are described in the article 7 of the BUT’s Study and Examination Regulation. Teaching methods include lectures and student projects. Course is taking advantage of e-learning (Moodle) system.

Assesment methods and criteria linked to learning outcomes

The completion of an individual project adds upto 30 points. The requirements on the completion of the tasks in laboratories and projects are described in the annual supervisor’s notice. The maximum of 70 points can be gained during the final exam.

Course curriculum

1. Introduction to embedded system security and tamper-proof devices
2 .Lightweight cryptography for computationally constrained devices
3. Authentication systems and technologies
4. Authentication tokens and hardware security modules
5. Programmable smart cards
6. Security with smart devices
7. Security with single-chip devices and embedded systems and optimization
8. Reverse engineering and software security
9. Side channel cryptanalysis - Introduction
10. Side channel cryptanalysis - power analysis
11 Side channel cryptanalysis - countermeasures
12. Methodology for security assessment of devices and systems
13. Selected topics of device and system security

Work placements

Not applicable.

Aims

The main goal of the course is to familiarize students with the security of embedded systems and devices that are an integral part of ICT. During the course, students are introduced with lightweight cryptography, authentication systems, smart cards, side-channel cryptanalysis and countermeasures preventing side-channel attacks. The course follows up on the knowledge of ICT Security 1, 2, 3 and Applied Cryptography courses and appropriately expands them.

Specification of controlled education, way of implementation and compensation for absences

The conditions for the successful course completion are stated in the yearly updated supervisor’s notice.

Recommended optional programme components

Not applicable.

Prerequisites and corequisites

Not applicable.

Basic literature

BURDA, Karel. Aplikovaná kryptografie. Brno: VUTIUM, 2013. 255 s. ISBN 978-80-214-4612-0. (CS)
MAYES, Keith E.; MARKANTONAKIS, Konstantinos (ed.). Smart cards, tokens, security and applications. Second Edition. Springer International Publishing AG, 2017. 531 s. ISBN: 3319504983 (CS)

Recommended reading

AMBROSE, Jude, Alexandar INGJATOVIC a Sri PARAMESWARAN. Power analysis side channel attacks: the processor design-level context. Saarbrücken: VDM Verlag, 2010, xvi, 277 s. : il. ISBN 978-3-8364-8508-1. (EN)
KLEIDERMACHER, David, KLEIDERMACHER, Mike. Embedded systems security: practical methods for safe and secure software and systems development. Elsevier, 2012. (EN)
MANGARD, Stefan a OSWALD, Elisabeth a POPP, Thomas: Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Secaucus, NJ, USA:Springer-Verlag New York, Inc., 2007, ISBN 0387308571. (EN)
PETERS, Eric: Advanced DPA Theory and Practice: Towards the Security Limits of Secure Embedded Circuits. Springer Publishing Company, 2013, ISBN 1461467829. (EN)
RANKL, Wolfgang, Wolfgang EFFING a Kenneth COX. Smart card handbook. 4th ed. Chichester: John Wiley, 2010, xliv, 1043 s. : il. ISBN 978-0-470-74367-6. (EN)

Classification of course in study plans

  • Programme DKC-IBE Doctoral 0 year of study, summer semester, compulsory

Type of course unit

 

Seminar

39 hod., optionally

Teacher / Lecturer