Course web page: - PowerPoint PPT Presentation

1 / 65

About This Presentation

Title:

Course web page:

Description:

ECE 746 Secure Telecommunication Systems Course web page: http://ece.gmu.edu/courses/ECE746 ECE web page Courses Course web pages ECE 746 – PowerPoint PPT presentation

Number of Views:171

Avg rating:3.0/5.0

Slides: 66

Provided by: Krzysz4

Category:

more less

Transcript and Presenter's Notes

Title: Course web page:

1
ECE 746 Secure Telecommunication Systems
Course web page http//ece.gmu.edu/cour
ses/ECE746
ECE web page ? Courses ? Course web pages ? ECE
746
2
Sequence of the ECE cryptography-related courses
Cryptography and Computer Network Security ECE
646
every Fall
Secure Telecommunication Systems ECE 746
Spring or Fall
Computer Arithmetic ECE 645
every Spring
3
ECE 746
Part of
MS in CpE
Network and System Security (required
course) Computer Networks (elective)
MS in EE
Communications (elective)
MS in ISA (elective)
PhD in IT
PhD in ECE
Certificate in Information Systems Security
Certificate in Communications and Networking
4

NETWORK AND SYSTEM SECURITY
Concentration advisor Kris Gaj
ECE 542 Computer Network Architectures and
Protocols S.-C. Chang, et al.
ECE 646 Cryptography and Computer Network
Security J-P. Kaps, K. Gaj lab, project,
C/C, VHDL, or analytical
ECE 746 Secure Telecommunication Systems K.
Gaj, D. Hwang lab, project, C/C, VHDL, or
analytical
ISA 666 Internet Security Protocols R. Sandhu

5
Distribution of students as of August 29, 2006
Ph.D. in IT 5
MS in CpE 9
MS in ISA 1
MS in EE 4
6
Kris Gaj

Research and teaching interests
cryptography
network security
computer arithmetic
FPGA ASIC design
Contact
Science Technology II, room 223
kgaj_at_gmu.edu, kgaj01_at_yahoo.com,
(703) 993-1575

Office hours Wednesday, Thursday 730-830
PM and by appointment
7
ECE 746
Lecture
Project
Laboratory
Homework 20 Midterm exam 1 (in class) 20
Midterm exam 2 (take-home) 10
40
10
Specification - 5 Results
- 12 Oral presentation - 10 Written report
- 8 Review - 5
8
depth
9
Lecture

viewgraphs / chalk blackboard
viewgraphs (please, extend with your notes)
books
2 required
articles (CryptoBytes, CHES, CRYPTO, etc.)
web sites - Crypto Resources
standards, FAQs, surveys

10
Homework

reading assignments
analytical problems
theoretical problems (may require basics of
number theory or probability theory)
problems from the main textbook
short programs
literature surveys

11
Midterm exams
multiple choice test short problems
practice exams available on the web midterm exam
review session - optional
Tentative dates
Exam 1 November 1 Exam 2 Sunday, December 10
(take-home)
12
Lecture topics (1)
ALGORITHMS 1. Contest for the new Advanced
Encryption Standard 2. Rijndael AES 3.
Groups, rings, and fields 4. Stream ciphers
5. Review of public key cryptography 6.
Elliptic curve cryptosystems
13
Lecture topics (2)
IMPLEMENTATIONS
7. Smart cards 8. Side channel attacks 9.
Security requirements for cryptographic modules
- FIPS 140-2
14
Lecture topics (3)
KEY MANAGEMENT
10. Random bit generators 11. Secret sharing
15
Lecture topics (4)
SELECTED SECURITY PROTOCOLS
12. Survey of security protocols
SSL, IPSec, IEEE 802.11
16
Lecture topics (5)
ZERO KNOWLEDGE BIOMETRICS

13. Zero-knowledge identification schemes
14. Biometrics

17
Laboratory

3-4 labs
done at home or in the ECE labs software
downloaded
from the web
based on detailed instructions
grading based on written reports

18
Typical course
difficulty
time
This course
difficulty
Stream ciphers
ECC
DPA
IPSec
time
19
Project (1)

depth, originality
based on additional literature
you can start in the point where former students
ended
based on something you know and are interested
in
teams of 1-3 students
software / hardware / analytical
may involve experiments
over 15 project topics suggested by the
instructor
you may propose your own topic

20
Project (2)

about four weeks to choose a topic and write
the specification
regular meetings with the instructor/ 3 oral
progress
reports
draft version of viewgraphs due December 6, 7
discussion of draft reports and viewgraphs
draft version of final reports due December 12
final presentations, Monday, December 18
final written reports due Monday, December 18
publication of reports and viewgraphs on the web

21
Final Project Report
Initial submission Paper for review 15 pages
without counting title page and the list of
references 11 pt font, Times New Roman or
equivalent Title page Title, authors,
abstract Figures included in the text Final
submission Camera-ready copy IEEE format
published on the web
22
Project Report Reviews

Detailed evaluation form published on the web
Reviews evaluated by the instructor based on
justification of evaluation scores
mistakes found (and those overlooked)
constructive suggestions
fairness

23
Project Types
Software
Hardware
program in a high-level language (C, C,
Java) or assembly language
behavioral model in HDL (VHDL, Verilog) mapped
into FPGA or ASIC, verified using timing
simulation
Analytical
literature survey comparative analysis of
competing algorithms, protocols, or
implementations
24
IMPORTANT RULE!!!
MS CpE and MS EE Students MUST
choose implementation-oriented projects,
i.e. Software Hardware, or Hybrid SW/HW
25
Software
26
Project topics - Software
Educational software for a cryptographic
laboratory KRYPTOS OPEN SOURCE PROJECT http//www.
kryptosproject.org/
Prerequisites C/C
Idea Develop extensions to the existing GMU
educational software for teaching
cryptography - KRYPTOS
Examples of tasks

provide a choice of an underlying library
- currently only Crypto
- faster libraries available but more
difficult to integrate
statistical tests for randomness of input,
output, and
intermediate results

27
Comparative Analysis of SoftwareMulti-precision
Arithmetic Librariesfor Public Key Cryptography
Ashraf AbuSharekh MS Thesis, April 2004
28
Statistical Tests for Randomness
Multiple tests for randomness available Public
domain implementations of selected tests exists
- NIST Statistical Test Suite - DIEHARD
battery of randomness tests by Prof.
Marsaglia from University of Florida No clear
consensus which tests should be used for testing
true and pseudorandom number generators NIST
standard in the initial stage of development
29
Projects - Software

Timing attacks against public key cryptosystems
Timing cryptanalysis of RSA and ECCs
implemented using
public-domain libraries of operations on
large integers
Initial implementation developed by Kevin
Magee as a part of
ECE 746 scholarly paper

???
Key
Messages
30
Projects - Software

Cache attacks against secret key cryptosystems
The attack based on a different access time
to different levels of memory
(cache L1, cache L2, RAM, disk)
The attack breaks
practical implementations of
AES, DES, etc.
within several hours
SW implemenation by
Prof. Daniel Bernstein, UIC
Initial analysis by one of
the GMU students

Array
addr1
addr2
Different access time
31
Project topics - Software
Generating large primes for cryptographic
applications
Prerequisites C/C or Java
Assumptions

AKS and Frobenius-Grantham algorithms
previous-semester implementations in C and
Java inefficient
better mathematical analysis required
better choice of library functions needed
timing measurements for various prime sizes
comparative analysis

32
Project topics - Software
Factoring of large numbers using Number Field
Sieve
Prerequisites C/C
Assumptions

based on a multi-precision arithmetic library
GMP
multiple C codes already exists and should be
used for this project
optimizations for maximum speed
close collaboration with the GMU factoring team
interesting experiments with hard to predict
results

33
GMU Factoring Team
Mathematicians/ Cryptographers
Software experiments
Soonhak Kwon Ph.D in Mathematics, Johns Hopkins
University Maryland, U.S Visiting professor at
GMU on leave from Sungkyunkwan University, Suwon,
Korea
Patrick Baier D. Phil. in Mathematics, Oxford
University Oxford, U.K Affiliated with George
Washington Univeristy
Paul Kohlbrenner Ph.D student, ECE
Department George Mason University Virginia, U.S
34
GMU Factoring Team
Hardware design
Khaleeluddin Mohammed
Ramakrishna Bachimanchi
Hoang Le
MS in Computer Engineering students ECE
Department George Mason University Virginia,
U.S.A.
35
Number Field Sieve (NFS)
36
Smoothness testing within NFS

Trial Division
to get factors up to 210
Rho Method (one round)
to get the factors up to 220
p-1 Method (one round)
to get the factors up to 230
ECMElliptic Curve Method (multiple rounds)
to get the factors up to 240

37
Rho Algorithm- Floyds Method

f(x)x2a with a?-2,0
No. of iterations tlt100vqmax(qmax is the maximum
factor we can find from Rho method)
We choose random x0 in the range(0,N-1) and
x1f(x0)
x0
? d1
x2 ? x1 dd(x2-x1)
?f(f()) ?f()
x4 x2 dd(x4-x2)
? ?
x6 x3 dd(x6-x3)
.. .
.
.
xt xt/2 dd(xt-xt/2)
? ?
xt2 x(t2)/2 dd(xt2-x(t2)/2)
..
. .
x2i xi dd(x2i-xi)

Without optimization
38
Platforms
COPACOBANA from Ruhr University of Bochum,
Germanywith 120 Spartan 3 FPGAs
SRC 6 fromSRC Computers with 4 Virtex II FPGAs
http//www.copacobana.org
http//www.srccomputers.com/
39
Example of an experiment Percentage of 200-bit
numbers factored as a function of the number of
runs of Elliptic Curve Method
40
Interesting subtask
Generation of truly random numbers with known
factorization

Two known methods by
Kalai
Bach
Trade-offs in terms of
difficulty of implementation
expected running time
Task
Efficient implementation and comparison in
terms of
development time
running time
randomness of generated numbers

41
Project topics - Software
Efficient implementation of Elliptic Curve
Cryptosystems over binary Galois Fields, GF(2m)
in polynomial bases, based on special
polynomials (trinomials and pentanomials)
Efficient implementation of Elliptic Curve
Cryptosystems over binary Galois Fields, GF(2m)
in normal bases
42
Elliptic Curve Cryptosystems - ECC
? a true alternative for RSA ? several times
shorter keys ? fast and compact implementations,
in particular in hardware ? a family of
cryptosystems, instead of a single
cryptosystem
43
Hierarchy of operations in the implementation of
Elliptic Curve Cryptosystems
Elliptic Curve Cryptosystems
Level 4
Scalar multiplication
Level 3
kP
Elliptic curve point operations
Level 2
PQ
2P
Point addition
Point doubling
Level 1
x-1
xy
x2
x ? y
Field operations
Inversion
Multiplication
Squaring
Addition/Subtraction
44
Finite Fields Galois Fields
p prime pm number of elements in
the field
GF(pm)
GF(2m)
GF(p)
Most significant special cases
Arithmetic operations present in many libraries
Normal basis representation
Polynomial basis representation
Fast in hardware
Fast squaring
45
Basic operations of ECC
Basic operations in Galois Field GF(2m)

addition and subtraction (xor) xy, x-y (XOR)

multiplication, squaring x ? y, x2
inversion x-1

Basic operations on points of an Elliptic Curve

addition of points P Q
doubling a point
2 P

Complex operations on points of an Elliptic Curve

scalar multiplication k ? P P P
P

k times
46
Elements of the Galois Field GF(2m)
Binary representation (used for storing and
processing in computer systems)
A (am-1, am-2, , a2, a1, a0)
ai ? 0, 1
Polynomial representation (used for the
definition of basic arithmetic operations)
m-1
A(x) ? ai?xi am-1?xm-1 am-2?xm-2 a2?x2
a1?xa0
i0
? multiplication addition modulo 2 (XOR)
47
Addition and Multiplication in the Galois Field
GF(2m)
Inputs
A (am-1, am-2, , a2, a1, a0) B (bm-1, bm-2,
, b2, b1, b0)
ai , bi ? 0, 1
Output
C (cm-1, cm-2, , c2, c1, c0)
ci ? 0, 1
48
Addition in the Galois Field GF(2m)
Addition
A ? A(x) B ? B(x) C ? C(x)
A(x) B(x)
(am-1bm-1)?xm-1 (am-2bm-2)?xm-2
(a2b2)?x2 (a1b1)?x (a0b0)
cm-1?xm-1 cm-2?xm-2
c2?x2 c1?xc0
? multiplication addition modulo 2 (XOR)
ci ai bi ai XOR bi C A XOR B
49
Multiplication in the Galois Field GF(2m)
Multiplication
A ? A(x) B ? B(x) C ? C(x)
A(x) ? B(x) mod P(X)
cm-1?xm-1 cm-2?xm-2 c2?x2 c1?xc0
P(x) - irreducible polynomial of the degree
m P(x) pm?xm pm-1?xm-1 p2?x2 p1?xp0
50
Galois Field Operation - Multiplication
Special polynomials
General polynomials
Inputs A ? A(x) B ? B(x) Outputs C ? C(x)
A(x) ? B(x) mod P(x)
Inputs A ? A(x) B ? B(x) P ? P(x) Outputs C ?
C(x) A(x) ? B(x) mod P(x) P variable P(x)
pnxm pn-1xm-1p1xp0
P(x) - irreducible constant polynomial
of the degree m P(x) xmxk1(trinomial)
or P(x) xmxk1xk2xk31(pentanomial) depending
on n . k, k1, k2, k3 are chosen to be as small as
possible to simplify calculations
51
5 Special Field Polynomials Recommended by NIST
P163(x) x163 x7 x6 x3 1 P233(x) x233
x74 1 P283(x) x283 x12 x7 x5
1 P409(x) x409 x87 1 P571(x) x571 x10
x5 x2 1
There always exists an irreducible trinomial or
pentanomial for a field degree, mlt10,000
52
Problem
Known libraries do not support operations using
special polynomials (trinomials, pentanomials)
Project
Implement and optimize Galois Field operations
using special polynomials (C/C, possibly
assembly language) and compare the results vs.
results for several major libraries and public
domain implementations. Implement selected ECC
schemes based on the optimized library.
53
Hardware
54
Project topics - Hardware
Implementation of selected candidates competing
in the eSTREAM contest for the stream cipher
standard
Prerequisites VHDL or Verilog, FPGA or
semi-custom ASIC design
Assumptions

design in a hardware description language at the
RTL level
optimization for maximum speed, minimum area, or
minimum power
verification using available tools
logic synthesis to the gate/standard cell level
static timing analysis and timing simulation
possible experimental testing using the SRC
reconfigurable computer

55
Contest for the new stream cipher standard
PROFILE 1

Stream cipher suitable for
software implementations optimized for high
speed
Key size - 128 bits
Initialization vector 64 bits or 128 bits

PROFILE 2

Stream cipher suitable for
hardware implementations with limited memory,
number of gates, or power supply
Key size - 80 bits
Initialization vector 32 bits or 64 bits

56
Contest for the new stream cipher standard
Schedule of the contest
November 2004 Request for proposals 29 April
2005 Deadline for submissions 26-27 May
2005 Stream Cipher Workshop, Danmark March 2006
End of Phase I September 2007 End of
Phase II January 2008 Final report
time
http//www.ecrypt.eu.org/stream/
57
Project topics - Software

Implementation of selected candidates competing
in the eSTREAM contest for the stream cipher
standard
in
assembly language
Java
Comparison with the optimized C implementations
submitted by the authors of the algorithms.

58
Project topics - Hardware
Implementation of a selected new mode of
operation of a secret-key cipher providing both
encryption and authentication (e.g., GCM, CCM,
OCB, EAX)
Initial work Milind Parelkar, Authenticated
Encryption in Hardware, MS Thesis, ECE
Department, GMU, Dec. 2005.
Prerequisites VHDL or Verilog, FPGA or
semi-custom ASIC design
Assumptions

design in a hardware description language at the
RTL level
optimization for maximum speed, minimum area, or
minimum power
verification using available tools
logic synthesis to the gate/standard cell level
static timing analysis and timing simulation

59
Project topics - Hardware
Critical analysis of the existing implementations
of AES
Prerequisites basic understanding of hardware
and FPGA and ASIC
design technologies

There exists easily over 20 different
academic and commercial implementations of AES
in hardware
Limited number of distinctly different
architectures
and implementation tricks
Analyze and compare existing implementations and
determine
which factors influence most the performance of
the
given implementation and how they can be fairly
compared
against each other

60
Kinds of Random Number Generators
61
Analysis of existing implementations of True
Random Number Generators

internal vs. external
hardwired vs. soft
source of randomness
principle for extracting randomness
speed
interface to user logic
production test
runtime test
self-test
validation/certificate
reproducibility
resistance to attacks

62
Analysis of countermeasures against side-channel
attacks based on power analysis
16 rounds of DES
DPA Differential Power Analysis The most
successful practical attack against
implementations of cryptography. Existing
countermeasures offer limited protection.
63
Analytical
64