Course web page:

1
ECE 646 Cryptography and Computer Network
Security
Course web page http//ece.gmu.edu/courses/EC
E543
ECE web page ? Courses ? Course web pages ? ECE
646
2
Kris Gaj
Assistant Professor at GMU since Fall 1998

• Research and teaching interests
• cryptography
• network security
• computer arithmetic
• VLSI design and testing
• Contact
• Science Technology II, room 223
• kgaj_at_gmu.edu, (703) 993-1575

Office hours Tuesdays, after the class
Monday, 500-600 PM (at GMU)
3
ECE 646
Part of
MS in Information Security and Assurance
MS in CpE
Network and System Security Computer Networks
MS in EE
MS in E-Commerce
Certificate in Information Systems Security
4
ECE 646
Lecture
Laboratory
Project
Homework 25 Midterm exams 20
in class 10 take home
10
35
Specification - 5 Results
- 12 Oral presentation - 10 Written report
- 8
5
(No Transcript)
6
Lecture

• viewgraphs / chalk blackboard
• viewgraphs available on the web
• (please, extend with your notes)
• books
• 1 required (Stallings)
• 2 optional (available on reserve in the
  Johnson Center)
• articles (CryptoBytes, RSA Data Security Conf.,
  CHES,
• CRYPTO, etc.)
• web sites - Crypto Resources
• standards, FAQs, surveys

7
Homework (1)

• reading assignments
• theoretical problems (may require basics of
• number theory or probability theory)
• problems from the main textbook
• short programs
• literature surveys

8
Homework (2)

• optional assignments

short programs vs. analytical problems or HDL
codes

• More time consuming
• Most time spent
• on debugging
• Relatively straightforward

• Typically less
• time consuming
• More thinking
• Little writing

9
Midterm exam 1

• 3 hours

• multiple choice test short problems
• open-books, open-notes

• practice exams available on the web

Tentative date
Tuesday, November 9th
10
Midterm Exam 2

• take-home
• 24 hours
• literature search analytical problems

Tentative date
Sunday, December 12th
11
Laboratory

• 3-4 labs
• based on the GMU educational software,
• public domain cryptographic programs
  libraries,
• or evaluation versions of commercial products
• done at home software downloaded from the web
• based on detailed instructions
• grading based on written reports (answers to
• questions included in the instructions)

12
Tentative list of laboratory topics

• 1. Properties of classical cryptosystems
• Properties of public key cryptosystems
• Properties of hash functions
• 4. Secure e-mail Pretty Good Privacy and S/MIME

13
Project (1)

• depth, originality
• based on additional literature
• you can start in the point where former students
  ended
• based on something you know and are interested
  in
• software / hardware / analytical
• teams of 1-3 students
• may involve experiments
• several project topics proposed by the
  instructor
• you can propose your own topic

14
Project (2)

• two weeks to choose a topic and write
• the corresponding specification
• regular meetings with the instructor
• 3-4 oral progress reports based on Power Point
  slides
• draft final presentation due at the last
  progress report
• Tuesday, December 7
• written report/article, 15-page IEEE style
• due Saturday December 11
• short conference-style oral presentations
• Tuesday, December 21
• contest for the best presentation
• publication of reports and viewgraphs on the web

15
Project (3)

• Project reports/articles requirements
• - IEEE style
• - 15 pages maximum
• - appendices possible but do not influence
• the evaluation
• - source codes made available to the instructor
• Review of project reports
• reviews done by your fellow students
• reviews due Tuesday, December 14

16
Project Types
Software
Hardware
program in a high-level language (C, C,
Java) or assembly language
RTL model in HDL(VHDL, Verilog) mapped into FPGA
or ASIC, verified using timing simulation
Analytical
comparative analysis of competing algorithms,
protocols, or implementations
survey of the market
17
Follow-up courses
Cryptography and Computer Network Security
ECE 646
Secure Telecommunication Systems ECE 746
Computer Arithmetic ECE 645
18
Cryptography and Computer Network
Security
Secure Telecommunication Systems
Operations in the Galois Fields GF(2n)
Modular integer arithmetic

• AES
• Stream ciphers
• Elliptic curve cryptosystems
• Random number generators
• Smart cards
• Attacks against implementations
• (timing, power analysis)
• Efficient and secure
• implementations of cryptography
• Security in various kinds of
• networks (IPSec, wireless)
• Zero-knowledge identification
• schemes

• Historical ciphers
• Classical encryption
• (DES, IDEA, RC5, AES)
• Public key encryption
• (RSA, DH, DSA)
• Hash functions and MACs
• Digital signatures
• Public key certificates
• Secure Internet Protocols
• - e-mail PGP and S-MIME
• - www SSL
• Cryptographic standards

19
Typical course
difficulty
time
This course
difficulty
time
20
Project topics - Software
Educational software for a cryptographic
laboratory
Prerequisites C/C
Idea Develop extensions to the existing GMU
educational software for teaching
cryptography - KRYPTOS
Examples of tasks

• provide a choice of an underlying library
• - currently only Crypto
• - faster libraries available but more
  difficult to integrate
• statistical tests for randomness of input,
  output, and
• intermediate results
• turning an internal project into an open-source
  project

21
Comparative Analysis of SoftwareMulti-precision
Arithmetic Librariesfor Public Key Cryptography
Ashraf AbuSharekh MS Thesis, April 2004
22
CAMERA v1.0 by Mike Lyons Instructor in the BS IT
and MS TCOM programs
Design philosophy Enable experiential
learningby creating an interactive environment-
learn by doing Make it visual- images reinforce
concepts- color and movement are attractive,
(especially to young students)
23

• User experience
• Based on a graphical user interface (GUI)-
  windows, draggable icons, mouse-driven-
  look-and-feel is native to the platform
• The user creates modelsby connecting icons
  representing processes
• When the model is run,the processes are
  executedand data is passed between
  them,according to the users design
• The user controls executionand can examine and
  change data

24
Project topics - Software
Analysis and profiling of available commercial
and public domain implementations of AES
Prerequisites C/C
Assumptions

• analysis of several available implementations
• optimization techniques
• relative performance on various platforms
• determining the most time critical phase of the
  algorithm

25
Project topics - Software
Analysis of capabilities and performance of Java
Cryptography Extension (JCE)
Prerequisites Java
Assumptions

• scope of the library
• analysis of performance
• comparison with C/C and ASM implementations
• practical applications of the library

26
Project topics - Software
Generating large primes for cryptographic
applications
Prerequisites C/C
Assumptions

• analysis of several available algorithms
• choice of the multi-precision arithmetic library
• implementation of at least two algorithms
• (e.g., one deterministic and one probabilistic)
• timing measurements for various prime sizes
• comparative analysis

27
Project topics - Hardware
Implementation of a selected secret-key
cipher Implementation of a selected public-key
system, e.g., NTRU using FPGA devices.
Prerequisites VHDL or Verilog, FPGA or
semi-custom ASIC design
Assumptions

• design in a hardware description language at the
  RTL level
• optimization for maximum speed, minimum area, or
  minimum power
• verification using available tools
• logic synthesis to the gate/standard cell level
• static timing analysis and timing simulation

28
Project topics - Hardware
Porting NSA and other public domain VHDL codes
for AES candidates to Field Programmable Gate
Arrays
Prerequisites VHDL, FPGA design
Assumptions

• starting from the NSA VHDL codes available in
  public domain
• adjusting the codes so they compile using
  available FPGA tools
• functional verification using test vectors
• logic synthesis, mapping, placing, and routing
• static timing analysis and timing simulation

29
Project topics Hardware
Encryption and authentication of an FPGA bitstream
Prerequisites FPGA technology, VHDL or Verilog
30
Secure Remote Upgrade
Network
Designer/Vendor should be able to remotely -
modify the configuration without revealing
intellectual property (such as unique
architecture or proprietary/classified
algorithm)
Need for encryption and authentication of
configuration
31
Possible Attacks (1)
Network

• eavesdropping configuration during an upgrade
• modifying configuration during an upgrade

32
Possible Attacks (2)
Network

• impersonating the designer/vendor in order to
• disrupt the operation of the device (denial of
  service)
• get access to cryptographic keys stored in the
  device

33
Protecting an FPGA bitstream
DISABLE
EPROM or transmission
FPGA
. . .
Decryption Authentication
MAC
MAC
Configuration Area
EKEY
. . .
AKEY
MAC
Auth Enc SW
ROLLBACK
EKEY
AKEY
Regular bitstream
34
Decryption and authentication of the bitstream
Encryption

• protects intellectual property
• protects classified algorithms

Authentication

• prevents against programming user logic
• with unauthorized, corrupted, or random
  bitstream
• prevents against reading out cryptographic keys
• by reprogramming user logic
• rollback mechanism required in case of
• an authentication failure

35
Project topics - Analytical
Comparison of the ASIC-, FPGA-, and
microprocessor-based implementations of classical
cryptosystems.
Prerequisites basics of cryptography, general
knowledge of various
semiconductor technologies and implementation
approaches
Assumptions

• extensive literature and market study
• detailed metrics used for comparison
• - security, performance, cost
• comparative analysis
• recommendations and predictions

36
Projects - Analytical
Survey of Cryptographic Chips and IP
cores Survey of commercially available
integrated circuits implementing cryptographic
algorithms Survey of commercially available FPGA
IP cores implementing cryptographic algorithms
37
Partial list of encryption chipmakers
AEP Systems Corrent Motorola Layer N
Networks NetContinuum NetOctave Philips
Semiconductors
Broadcom HiFn Cavium SafeNet Intel
38
Selected ASIC Security Chips
39
Selected ASIC Security Chips
40
Families of Cavium chips Nitrox Lite, Nitrox,
Nitrox II
41
Projects - Analytical
Cryptographic capabilities of Network Processors
Example Intel IXP 2850
42
(No Transcript)
43
Survey
44
Security of RFIDs

• Challenge
• Cryptographic operations need to be
• implemented using up to 1000 gates
• new algorithms
• new protocols
• Protection of privacy

45
Projects - Analytical
Key management Survey of software packages
supporting Public Key Infrastructure Report on
commercial Certification Authorities
46
Projects - Analytical

• Security Protocols
• Secure e-mail
• Analysis of existing implementations of S/MIME
• Secure WWW servers
• Security options in the WWW browsers

• Secure Voice over IP (VoIP)