Course web page:

1
ECE 746 Secure Telecommunication Systems
Course web page http//ece.gmu.edu/cour
ses/ECE746
ECE web page ? Courses ? Course web pages ? ECE
746
2
Sequence of the ECE cryptography-related courses
Cryptography and Computer Network Security ECE
646
every Fall
Secure Telecommunication Systems ECE 746
Spring or Fall
Computer Arithmetic ECE 645
every Spring
3
ECE 746
Part of
MS in CpE
Network and System Security (strongly
suggested) Computer Networks (elective)
MS in EE
Communications (elective)
MS in ISA (elective)
PhD in IT
PhD in ECE
Certificate in Information Systems Security
Certificate in Communications and Networking
4

• NETWORK AND SYSTEM SECURITY
• Concentration advisors Jens-Peter Kaps, Kris Gaj
• ECE 542 Computer Network Architectures and
  Protocols S.-C. Chang, et al.
• ECE 646 Cryptography and Computer Network
  Security J-P. Kaps, D. Hwang, K. Gaj
• lab,
  project, C/C, VHDL, or analytical
• ECE 746 Secure Telecommunication Systems K.
  Gaj, D. Hwang lab, project, C/C, VHDL, or
  analytical
• ISA 656 Network Security A. Stavrou

5
Kris Gaj

• Research and teaching interests
• cryptography
• network security
• computer arithmetic
• FPGA ASIC design
• Contact
• Science Technology II, room 223
• kgaj_at_gmu.edu, kgaj01_at_yahoo.com,
• (703) 993-1575

Office hours Monday, Wednesday
430-530 PM, 600-700 PM and by
appointment
6
ECE 746
Lecture
Project
Laboratory
Homework 15 Midterm exam 1 20 Midterm exam
2 15
40
10
Specification - 5 Results
- 12 Oral presentation - 10 Written report
- 8 Review - 5
7
depth
8
Lecture

• viewgraphs / chalk blackboard
• viewgraphs (please, extend with your notes)
• books
• 2 required
• articles (CryptoBytes, CHES, CRYPTO, etc.)
• web sites - Crypto Resources
• standards, FAQs, surveys

9
Homework

• reading assignments
• analytical problems
• theoretical problems (may require basics of
• number theory or probability theory)
• problems from the main textbook
• short programs
• literature surveys

10
Midterm exams
multiple choice test short problems
practice exams available on the web midterm exam
review session - optional
Tentative dates
Exam 1 March 31 Exam 2 May 5
11
Lecture topics (1)
ALGORITHMS 1. Cryptographic standard
contests 2. AES algorithm 3. Math
background Groups, rings, and fields 4. AES
implementations in software hardware 5.
Stream ciphers 6. Survey of modern public key
cryptosystems 7. Elliptic curve cryptosystems
12
Lecture topics (2)
IMPLEMENTATIONS
8. Implementations of cryptography Smart cards,
FPGAs ASICs 9. Side channel attacks
timing, power, fault, and cache attacks 10.
True random bit/number generators
13
Lecture topics (3)
ADVANCED TOPICS

• 11. Secret sharing
• 12. Zero-knowledge identification schemes
• 13. Biometrics
• 14. Quantum Cryptography Quantum Computing

14
Laboratory

• 2-3 labs
• done at home or in the ECE labs
• based on the following software packages
• Cryptool
• MAGMA
• KRYPTOS
• based on detailed instructions
• grading based on written reports

15
Typical course
difficulty
time
This course
difficulty
Stream ciphers
ECC
Side channel
Zero-knowledge
time
16
Project (1)

• depth, originality
• based on additional literature
• you can start in the point where former students
  ended
• based on something you know and are interested
  in
• teams of 1-3 students
• software / hardware / analytical
• may involve experiments
• several topics suggested by the instructor
• you may propose your own topic

17
Final Project Report
Initial submission Paper for review 15 pages
without counting title page and the list of
references 11 pt font, Times New Roman or
equivalent Title page Title, authors,
abstract Figures included in the text Final
submission Camera-ready copy IEEE format
published on the web
18
Project Report Reviews

• Detailed evaluation form published on the web
• Reviews evaluated by the instructor based on
• justification of evaluation scores
• mistakes found (and those overlooked)
• constructive suggestions
• fairness

19
Project Types
Software
Hardware
program in a high-level language (C, C, Java,
C) or assembly language
RTL model in HDL (VHDL, Verilog) mapped into FPGA
or ASIC, verified using timing simulation
Analytical
comparative analysis of competing algorithms,
protocols, architectures, or implementations pra
ctical case study
20
Software
21
Extensions to Cryptoolpublic domain educational
programfor learning cryptography
22
(No Transcript)
23
Project topics - Software
Factoring of large numbers using Number Field
Sieve
Prerequisites C/C
Assumptions

• several public domain source codes already
  exists and may be
• used for this project
• MAGMA can be used for experiments and debugging
• four major steps that may be coded separately
• multiple versions for each step
• e.g. linear sieving vs. lattice sieving
• Lancos vs. Block-Wiedemanm linear
  algebra
• distributed implementation capable of running on
  multiple
• cores, multiple machines, and on supercomputers
• close collaboration with the GMU factoring team
• interesting experiments with hard to predict
  results

24
Projects - Software

• Timing attacks against public key cryptosystems
• Timing cryptanalysis of RSA and ECCs
  implemented using
• public-domain libraries of operations on
  large integers
• Initial implementation developed by Kevin
  Magee as a part of
• ECE 746 scholarly paper

???
Key
Messages
25
Statistical Tests for Randomness
Multiple tests for randomness available Public
domain implementations of selected tests exists
- NIST Statistical Test Suite - DIEHARD
battery of randomness tests by Prof.
Marsaglia from University of Florida No clear
consensus which tests should be used for testing
true and pseudorandom number generators NIST
standard in the initial stage of development
26
Project topics - Software
Generating large primes for cryptographic
applications
Prerequisites C/C or Java
Assumptions

• AKS and Frobenius-Grantham algorithms
• previous-semester implementations in C and
  Java inefficient
• better mathematical analysis required
• better choice of library functions needed
• timing measurements for various prime sizes
• comparative analysis

27
Generation of truly random numbers with known
factorization

• Two known methods by
• Kalai
• Bach
• Trade-offs in terms of
• difficulty of implementation
• expected running time
• Task
• Efficient implementation and comparison in
  terms of
• development time
• running time
• randomness of generated numbers

28
Experiments with eBATS eCRYPT
Benchmarking of AsymmeTric Systems
29
eBATS
eCRYPT Benchmarking of AsymmeTric Systems
New eCRYPT project to measure differences
among speed and memory usage for various
public-key cryptosystems (signature
systems, encryption systems, secret-sharing
systems)
30
eBATS
Creators
Daniel Bernstein - University of Illinois at
Chicago, USA Tanja Lange - Technische
Universiteit Eindhoven,
Holandia
Beginning
end of 2006
URL
http//ebats.cr.yp.to
31
eBATS
Goal

• Measuring
• time and the amount of memory
• required by
• asymmetric cryptosystems
• digital signatures
• encryption / key exchange
• secret sharing

32
eBATS is based on public submissions of
BATs - Benchmarkable Asymmetric Tools
BAT is an implementation of a public key
cryptosystem using several functions with a
standard interface For example keypair()
- key generation ciphertext() -
encryption plaintext() - decryption
33
BATMAN
Benchmarking of Asymmetric Tools on Multiple
Architectures, Non-Interactively
Time and memory use measurements are performed
automatically on multiple computers
using programming environment called
BATMAN
34
BATMAN results show which cryptosystem is
faster on a given computer
Cryptosystem ? SFLASH
RSA 2048 Time clock cycles - key
generation 462 090 336 2 467 681 772 -
signature generation 1 908 060
63 607 084 - signature verification
667 684 575 108 Size bytes -
private key 2823 2048
- public key
19 266 256 -
signature 66
256
35
BATMAN Results show which implementation of a
given cryptosystem is better on a given computer
Cryptosystem RSA 2048 Signature generation
time clock cycles
Implementation
Time clock cycles
Name Language Library
claus-1 C OpenSSL 29 646 848 claus-1 C
NTL 21 324 260 claus-1 C GMP 13
919 316
36
BATMAN Results show which computeris faster for
a given implementation of a certaincryptosystem
RSA 2048 Implementation claus-1, C, GMP
Signature generation time clock cycles
Time clock cycles
Computer
Intel Pentium 1 52c 28 981 828 Motorola
PowerPC G4 27 069 568 Intel Pentium 4 f12
13 919 316 Sun UltraSPARC IV 11 306 413
AMD Athlon 622 9 892 179 AMD Athlon 64
X2 fb1 3 273 274 DEC Alpha 21264 EV6
3 082 045
37
Computers used to taking measurements for all
submitted BATs (22 computers, as of 06/24/2007)
Architecture MHz Cores CPU
Owner Name amd64 2000 2 AMD
Athlon 64 UIC mace amd64 2137 2
Intel Core 2 Duo (6f6) UIC katana
amd64 2192 2 AMD Opteron 250
(f58) HP td189 amd64 2390 2
AMD Opteron 250 (f5a) HP td159
amd64 3000 1 Intel Pentium 4 (f43)
TU/e pclin153 ia64 900 2 HP
Itanium II HP td156 ia64 1500 16
HP Itanium II HP td178 ppc32 533
2 Motorola PowerPC G4 UIC gggg
sparcv9 1050 48? Sun UltraSPARC IV DTU
hald x86 133 1 Intel
Pentium (52c) UIC cruncher x86 800
1 Intel Pentium M (6d8) DJB atlas
x86 900 1 AMD Athlon (622) UIC
thoth x86 1000 2 Intel Pentium III
(68a) UIC neumann x86 1400 2
Intel Pentium III (6b1) HP td152 x86
1400 2 Intel Pentium III (6b1)
HP td158
.
38
CAVE
Comparison And Visualization Environment
After timing measurements BATS get to the CAVE
39
Comparative Analysis of SoftwareMulti-precision
Arithmetic Librariesfor Public Key Cryptography
Possible topic extension to eBATS
Ashraf AbuSharekh MS Thesis, April 2004
40
Other possible topics

• Developing eBATS based on the new
• ECC library developed at GMU
• as a part of ECE 746 in Fall 2006
• ECClib
• Extending eBATs to support new
• emerging class of public key cryptosystems
  called pairing-based
• cryptosystems

41
Hardware
42
Comparative analysis of various AES hardware
architectures

• AES covered in detail in the first part of
• the course
• The detailed description of all architectures,
  including their block diagrams included in the
  chapter of the new (and yet unpublished) textbook
  on Cryptographic Engineering entitled
• FPGA and ASIC Implementations of AES
• by Kris Gaj and Pawel Chodowiec

43
Interesting architecture comparisons

• S-box vs. T-box based iterative architecture
• Fully pipelined implementations with
• a speed exceeding 20 Gbit/s with
• S-boxes implemented using logic only
• (instead of look-up tables)
• Compact architectures with a data path
• width equal to 8-bits, 32-bits, 64-bits, 128-bits

44
eBATS counterpart forFPGAs

• standard interfaces of cryptographic modules
• hardware BATS
• scripts for an automated comparison of various
• - block ciphers
• - stream ciphers
• - public-key cryptosystems
• for
• - multiple families of FPGA devices, e.g.
  Xilinx and Altera
• - devices within a given family, e.g.
  Spartan 3 vs. Virtex 5
• Should allow for an easy comparison of
• - various architectures of the same cryptosystem
• - suitability of a multiple FPGAs for a given
  architecture

45
Analytical
46

• Preferred topics related to your
• Ph.D. research
• MS Thesis

47
Examples of analytical projects related to this
class

• Analysis of various proposed designs for
• True Random Number Generators
• 2. Analysis of countermeasures against
  side-channel attacks
• based on power analysis
• 3. Certification of cryptographic modules
  according
• to FIPS 140-2 and/or Common Criteria
• case study of FPGA-based products and/or
  smart cards
• 4. Survey of patents related to cryptographic
  algorithms
• and their implementations