Secure Hardware Devices
BZA Acad. year 2006/2007 Summer semester 5 credits
Language of instruction
Subject specific learning outcomes and competences
Generic learning outcomes and competences
- Hanacek, P., Staudek, J.: Bezpecnost informacnich systemu, USIS, Praha, 2000, s. 127, ISBN 80-238-5400-3.
- Menezes, A.J., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography, CRC Press Series on Discrete Mathematics and Its Applications, Hardcover, 816 pages, CRC Press, 1997, available on http://www.cacr.math.uwaterloo.ca/hac/
- Savard, J. J. G.: A Cryptographic Compendium, 2000, available on WWW.
- Menezes, A.J., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography, CRC Press Series on Discrete Mathematics and Its Applications, Hardcover, 816 pages, CRC Press, 1997.
- Bond, M. K.: Understanding Security APIs, PhD. thesis, Cambridge 2004.
- Rankl, W., Effing, W.: Smart Card Handbook, John Wiley and Sons, pp. 1120, 3rd edition, 2004.
Syllabus of lectures
- Introduction to secure hardware devices mentioning evolution, architectures, and applications.
- Side channels - their importance from the viewpoint of implementations, evaluations, and possible classification.
- Timing analysis from its beginning in 1996 till actual implementations and performed attacks including detailed descriptions and definitions of the conditions necessary for its application.
- Smart-cards - a separate lecture covering their design, electrical properties, communication protocols.
- Power and fault analyses represent powerful attacks on side channels available on smart-cards.
- Protection of devices against side channels, various approaches to protection, principles, influence on functionality of the devices.
- TEMPEST - description of the program, principles, evolution, results.
- Hardware security modules (HSM) and their evolution, main applications including examples of deployment and design of protocols based on HSMs.
- Definition of API, attacks on API - part I will follow attacks on basic cryptographic interfaces.
- Definition of API, attacks on API - part II oriented primarily toward banking applications and specialised functions.
- Definition of API, attacks on API - part III will cover asymmetric cryptography and its implementations (e.g. PKCS#11) and known attacks.
- How to design API, demonstration of errors and the course wrapping-up.
Syllabus - others, projects and individual work of students
- timing analysis
- fault analysis
- an attack on API