Course web page:

1
ECE 746 Secure Telecommunication Systems
Course web page http//ece.gmu.edu/cour
ses/ECE746
ECE web page ? Courses ? Course web pages ? ECE
746
2
Sequence of the ECE cryptography-related courses
Cryptography and Computer Network Security ECE
646
every Fall
Secure Telecommunication Systems ECE 746
Spring or Fall
Computer Arithmetic ECE 645
every Spring
3
ECE 746
Part of
MS in CpE
Network and System Security (required
course) Computer Networks (elective)
MS in EE
Communications (elective)
MS in ISA (elective)
PhD in IT
PhD in ECE
Certificate in Information Systems Security
Certificate in Communications and Networking
4

• NETWORK AND SYSTEM SECURITY
• Concentration advisor Kris Gaj
• ECE 542 Computer Network Architectures and
  Protocols S.-C. Chang, et al.
• ECE 646 Cryptography and Computer Network
  Security J-P. Kaps, K. Gaj lab, project,
  C/C, VHDL, or analytical
• ECE 746 Secure Telecommunication Systems K.
  Gaj, D. Hwang lab, project, C/C, VHDL, or
  analytical
• ISA 666 Internet Security Protocols R. Sandhu

5
Distribution of students as of August 29, 2006
Ph.D. in IT 5
MS in CpE 9
MS in ISA 1
MS in EE 4
6
Kris Gaj

• Research and teaching interests
• cryptography
• network security
• computer arithmetic
• FPGA ASIC design
• Contact
• Science Technology II, room 223
• kgaj_at_gmu.edu, kgaj01_at_yahoo.com,
• (703) 993-1575

Office hours Wednesday, Thursday 730-830
PM and by appointment
7
ECE 746
Lecture
Project
Laboratory
Homework 20 Midterm exam 1 (in class) 20
Midterm exam 2 (take-home) 10
40
10
Specification - 5 Results
- 12 Oral presentation - 10 Written report
- 8 Review - 5
8
depth
9
Lecture

• viewgraphs / chalk blackboard
• viewgraphs (please, extend with your notes)
• books
• 2 required
• articles (CryptoBytes, CHES, CRYPTO, etc.)
• web sites - Crypto Resources
• standards, FAQs, surveys

10
Homework

• reading assignments
• analytical problems
• theoretical problems (may require basics of
• number theory or probability theory)
• problems from the main textbook
• short programs
• literature surveys

11
Midterm exams
multiple choice test short problems
practice exams available on the web midterm exam
review session - optional
Tentative dates
Exam 1 November 1 Exam 2 Sunday, December 10
(take-home)
12
Lecture topics (1)
ALGORITHMS 1. Contest for the new Advanced
Encryption Standard 2. Rijndael AES 3.
Groups, rings, and fields 4. Stream ciphers
5. Review of public key cryptography 6.
Elliptic curve cryptosystems
13
Lecture topics (2)
IMPLEMENTATIONS
7. Smart cards 8. Side channel attacks 9.
Security requirements for cryptographic modules
- FIPS 140-2
14
Lecture topics (3)
KEY MANAGEMENT
10. Random bit generators 11. Secret sharing
15
Lecture topics (4)
SELECTED SECURITY PROTOCOLS
12. Survey of security protocols
SSL, IPSec, IEEE 802.11
16
Lecture topics (5)
ZERO KNOWLEDGE BIOMETRICS

• 13. Zero-knowledge identification schemes
• 14. Biometrics

17
Laboratory

• 3-4 labs
• done at home or in the ECE labs software
  downloaded
• from the web
• based on detailed instructions
• grading based on written reports

18
Typical course
difficulty
time
This course
difficulty
Stream ciphers
ECC
DPA
IPSec
time
19
Project (1)

• depth, originality
• based on additional literature
• you can start in the point where former students
  ended
• based on something you know and are interested
  in
• teams of 1-3 students
• software / hardware / analytical
• may involve experiments
• over 15 project topics suggested by the
  instructor
• you may propose your own topic

20
Project (2)

• about four weeks to choose a topic and write
• the specification
• regular meetings with the instructor/ 3 oral
  progress
• reports
• draft version of viewgraphs due December 6, 7
• discussion of draft reports and viewgraphs
• draft version of final reports due December 12
• final presentations, Monday, December 18
• final written reports due Monday, December 18
• publication of reports and viewgraphs on the web

21
Final Project Report
Initial submission Paper for review 15 pages
without counting title page and the list of
references 11 pt font, Times New Roman or
equivalent Title page Title, authors,
abstract Figures included in the text Final
submission Camera-ready copy IEEE format
published on the web
22
Project Report Reviews

• Detailed evaluation form published on the web
• Reviews evaluated by the instructor based on
• justification of evaluation scores
• mistakes found (and those overlooked)
• constructive suggestions
• fairness

23
Project Types
Software
Hardware
program in a high-level language (C, C,
Java) or assembly language
behavioral model in HDL (VHDL, Verilog) mapped
into FPGA or ASIC, verified using timing
simulation
Analytical
literature survey comparative analysis of
competing algorithms, protocols, or
implementations
24
IMPORTANT RULE!!!
MS CpE and MS EE Students MUST
choose implementation-oriented projects,
i.e. Software Hardware, or Hybrid SW/HW
25
Software
26
Project topics - Software
Educational software for a cryptographic
laboratory KRYPTOS OPEN SOURCE PROJECT http//www.
kryptosproject.org/
Prerequisites C/C
Idea Develop extensions to the existing GMU
educational software for teaching
cryptography - KRYPTOS
Examples of tasks

• provide a choice of an underlying library
• - currently only Crypto
• - faster libraries available but more
  difficult to integrate
• statistical tests for randomness of input,
  output, and
• intermediate results

27
Comparative Analysis of SoftwareMulti-precision
Arithmetic Librariesfor Public Key Cryptography
Ashraf AbuSharekh MS Thesis, April 2004
28
Statistical Tests for Randomness
Multiple tests for randomness available Public
domain implementations of selected tests exists
- NIST Statistical Test Suite - DIEHARD
battery of randomness tests by Prof.
Marsaglia from University of Florida No clear
consensus which tests should be used for testing
true and pseudorandom number generators NIST
standard in the initial stage of development
29
Projects - Software

• Timing attacks against public key cryptosystems
• Timing cryptanalysis of RSA and ECCs
  implemented using
• public-domain libraries of operations on
  large integers
• Initial implementation developed by Kevin
  Magee as a part of
• ECE 746 scholarly paper

???
Key
Messages
30
Projects - Software

• Cache attacks against secret key cryptosystems
• The attack based on a different access time
• to different levels of memory
• (cache L1, cache L2, RAM, disk)
• The attack breaks
• practical implementations of
• AES, DES, etc.
• within several hours
• SW implemenation by
• Prof. Daniel Bernstein, UIC
• Initial analysis by one of
• the GMU students

Array
addr1
addr2
Different access time
31
Project topics - Software
Generating large primes for cryptographic
applications
Prerequisites C/C or Java
Assumptions

• AKS and Frobenius-Grantham algorithms
• previous-semester implementations in C and
  Java inefficient
• better mathematical analysis required
• better choice of library functions needed
• timing measurements for various prime sizes
• comparative analysis

32
Project topics - Software
Factoring of large numbers using Number Field
Sieve
Prerequisites C/C
Assumptions

• based on a multi-precision arithmetic library
  GMP
• multiple C codes already exists and should be
• used for this project
• optimizations for maximum speed
• close collaboration with the GMU factoring team
• interesting experiments with hard to predict
  results

33
GMU Factoring Team
Mathematicians/ Cryptographers
Software experiments
Soonhak Kwon Ph.D in Mathematics, Johns Hopkins
University Maryland, U.S Visiting professor at
GMU on leave from Sungkyunkwan University, Suwon,
Korea
Patrick Baier D. Phil. in Mathematics, Oxford
University Oxford, U.K Affiliated with George
Washington Univeristy
Paul Kohlbrenner Ph.D student, ECE
Department George Mason University Virginia, U.S
34
GMU Factoring Team
Hardware design
Khaleeluddin Mohammed
Ramakrishna Bachimanchi
Hoang Le
MS in Computer Engineering students ECE
Department George Mason University Virginia,
U.S.A.
35
Number Field Sieve (NFS)
36
Smoothness testing within NFS

• Trial Division
• to get factors up to 210
• Rho Method (one round)
• to get the factors up to 220
• p-1 Method (one round)
• to get the factors up to 230
• ECMElliptic Curve Method (multiple rounds)
• to get the factors up to 240

37
Rho Algorithm- Floyds Method

• f(x)x2a with a?-2,0
• No. of iterations tlt100vqmax(qmax is the maximum
  factor we can find from Rho method)
• We choose random x0 in the range(0,N-1) and
  x1f(x0)
• x0
• ? d1
• x2 ? x1 dd(x2-x1)
• ?f(f()) ?f()
• x4 x2 dd(x4-x2)
• ? ?
• x6 x3 dd(x6-x3)
• .. .
• .
• .
• xt xt/2 dd(xt-xt/2)
• ? ?
• xt2 x(t2)/2 dd(xt2-x(t2)/2)
• ..
• . .
• x2i xi dd(x2i-xi)

Without optimization
38
Platforms
COPACOBANA from Ruhr University of Bochum,
Germanywith 120 Spartan 3 FPGAs
SRC 6 fromSRC Computers with 4 Virtex II FPGAs
http//www.copacobana.org
http//www.srccomputers.com/
39
Example of an experiment Percentage of 200-bit
numbers factored as a function of the number of
runs of Elliptic Curve Method
40
Interesting subtask
Generation of truly random numbers with known
factorization

• Two known methods by
• Kalai
• Bach
• Trade-offs in terms of
• difficulty of implementation
• expected running time
• Task
• Efficient implementation and comparison in
  terms of
• development time
• running time
• randomness of generated numbers

41
Project topics - Software
Efficient implementation of Elliptic Curve
Cryptosystems over binary Galois Fields, GF(2m)
in polynomial bases, based on special
polynomials (trinomials and pentanomials)
Efficient implementation of Elliptic Curve
Cryptosystems over binary Galois Fields, GF(2m)
in normal bases
42
Elliptic Curve Cryptosystems - ECC
? a true alternative for RSA ? several times
shorter keys ? fast and compact implementations,
in particular in hardware ? a family of
cryptosystems, instead of a single
cryptosystem
43
Hierarchy of operations in the implementation of
Elliptic Curve Cryptosystems
Elliptic Curve Cryptosystems
Level 4
Scalar multiplication
Level 3
kP
Elliptic curve point operations
Level 2
PQ
2P
Point addition
Point doubling
Level 1
x-1
xy
x2
x ? y
Field operations
Inversion
Multiplication
Squaring
Addition/Subtraction
44
Finite Fields Galois Fields
p prime pm number of elements in
the field
GF(pm)
GF(2m)
GF(p)
Most significant special cases
Arithmetic operations present in many libraries
Normal basis representation
Polynomial basis representation
Fast in hardware
Fast squaring
45
Basic operations of ECC
Basic operations in Galois Field GF(2m)

• addition and subtraction (xor) xy, x-y (XOR)

• multiplication, squaring x ? y, x2
• inversion x-1

Basic operations on points of an Elliptic Curve

• addition of points P Q
• doubling a point
  2 P

Complex operations on points of an Elliptic Curve

• scalar multiplication k ? P P P
  P

k times
46
Elements of the Galois Field GF(2m)
Binary representation (used for storing and
processing in computer systems)
A (am-1, am-2, , a2, a1, a0)
ai ? 0, 1
Polynomial representation (used for the
definition of basic arithmetic operations)
m-1
A(x) ? ai?xi am-1?xm-1 am-2?xm-2 a2?x2
a1?xa0
i0
? multiplication addition modulo 2 (XOR)
47
Addition and Multiplication in the Galois Field
GF(2m)
Inputs
A (am-1, am-2, , a2, a1, a0) B (bm-1, bm-2,
, b2, b1, b0)
ai , bi ? 0, 1
Output
C (cm-1, cm-2, , c2, c1, c0)
ci ? 0, 1
48
Addition in the Galois Field GF(2m)
Addition
A ? A(x) B ? B(x) C ? C(x)
A(x) B(x)
(am-1bm-1)?xm-1 (am-2bm-2)?xm-2
(a2b2)?x2 (a1b1)?x (a0b0)
cm-1?xm-1 cm-2?xm-2
c2?x2 c1?xc0
? multiplication addition modulo 2 (XOR)
ci ai bi ai XOR bi C A XOR B
49
Multiplication in the Galois Field GF(2m)
Multiplication
A ? A(x) B ? B(x) C ? C(x)
A(x) ? B(x) mod P(X)
cm-1?xm-1 cm-2?xm-2 c2?x2 c1?xc0
P(x) - irreducible polynomial of the degree
m P(x) pm?xm pm-1?xm-1 p2?x2 p1?xp0
50
Galois Field Operation - Multiplication
Special polynomials
General polynomials
Inputs A ? A(x) B ? B(x) Outputs C ? C(x)
A(x) ? B(x) mod P(x)
Inputs A ? A(x) B ? B(x) P ? P(x) Outputs C ?
C(x) A(x) ? B(x) mod P(x) P variable P(x)
pnxm pn-1xm-1p1xp0
P(x) - irreducible constant polynomial
of the degree m P(x) xmxk1(trinomial)
or P(x) xmxk1xk2xk31(pentanomial) depending
on n . k, k1, k2, k3 are chosen to be as small as
possible to simplify calculations
51
5 Special Field Polynomials Recommended by NIST
P163(x) x163 x7 x6 x3 1 P233(x) x233
x74 1 P283(x) x283 x12 x7 x5
1 P409(x) x409 x87 1 P571(x) x571 x10
x5 x2 1
There always exists an irreducible trinomial or
pentanomial for a field degree, mlt10,000
52
Problem
Known libraries do not support operations using
special polynomials (trinomials, pentanomials)
Project
Implement and optimize Galois Field operations
using special polynomials (C/C, possibly
assembly language) and compare the results vs.
results for several major libraries and public
domain implementations. Implement selected ECC
schemes based on the optimized library.
53
Hardware
54
Project topics - Hardware
Implementation of selected candidates competing
in the eSTREAM contest for the stream cipher
standard
Prerequisites VHDL or Verilog, FPGA or
semi-custom ASIC design
Assumptions

• design in a hardware description language at the
  RTL level
• optimization for maximum speed, minimum area, or
  minimum power
• verification using available tools
• logic synthesis to the gate/standard cell level
• static timing analysis and timing simulation
• possible experimental testing using the SRC
  reconfigurable computer

55
Contest for the new stream cipher standard
PROFILE 1

• Stream cipher suitable for
• software implementations optimized for high
  speed
• Key size - 128 bits
• Initialization vector 64 bits or 128 bits

PROFILE 2

• Stream cipher suitable for
• hardware implementations with limited memory,
• number of gates, or power supply
• Key size - 80 bits
• Initialization vector 32 bits or 64 bits

56
Contest for the new stream cipher standard
Schedule of the contest
November 2004 Request for proposals 29 April
2005 Deadline for submissions 26-27 May
2005 Stream Cipher Workshop, Danmark March 2006
End of Phase I September 2007 End of
Phase II January 2008 Final report
time
http//www.ecrypt.eu.org/stream/
57
Project topics - Software

• Implementation of selected candidates competing
• in the eSTREAM contest for the stream cipher
  standard
• in
• assembly language
• Java
• Comparison with the optimized C implementations
• submitted by the authors of the algorithms.

58
Project topics - Hardware
Implementation of a selected new mode of
operation of a secret-key cipher providing both
encryption and authentication (e.g., GCM, CCM,
OCB, EAX)
Initial work Milind Parelkar, Authenticated
Encryption in Hardware, MS Thesis, ECE
Department, GMU, Dec. 2005.
Prerequisites VHDL or Verilog, FPGA or
semi-custom ASIC design
Assumptions

• design in a hardware description language at the
  RTL level
• optimization for maximum speed, minimum area, or
  minimum power
• verification using available tools
• logic synthesis to the gate/standard cell level
• static timing analysis and timing simulation

59
Project topics - Hardware
Critical analysis of the existing implementations
of AES
Prerequisites basic understanding of hardware
and FPGA and ASIC
design technologies

• There exists easily over 20 different
• academic and commercial implementations of AES
• in hardware
• Limited number of distinctly different
  architectures
• and implementation tricks
• Analyze and compare existing implementations and
  determine
• which factors influence most the performance of
  the
• given implementation and how they can be fairly
  compared
• against each other

60
Kinds of Random Number Generators
61
Analysis of existing implementations of True
Random Number Generators

• internal vs. external
• hardwired vs. soft
• source of randomness
• principle for extracting randomness
• speed
• interface to user logic
• production test
• runtime test
• self-test
• validation/certificate
• reproducibility
• resistance to attacks

62
Analysis of countermeasures against side-channel
attacks based on power analysis
16 rounds of DES
DPA Differential Power Analysis The most
successful practical attack against
implementations of cryptography. Existing
countermeasures offer limited protection.
63
Analytical
64

• Preferred topics related to your
• Ph.D. research
• MS Thesis

65
Examples of analytical projects related to this
class

• Evolution of protocols and products for
• Secure Wireless
  Communication
• algorithms, modes of operation, key
  management, etc.
• 2. Certification of cryptographic modules
  according
• to FIPS 140-2 and/or Common Criteria
• case study of FPGA-based products and/or
  smart cards
• 3. Survey of patents related to cryptographic
  algorithms
• and their implementations