Title: Course web page:
1ECE 646 Cryptography and Computer Network
Security
Course web page
ECE web page ? Courses ? Course web pages ? ECE
646
2Kris Gaj
- Research and teaching interests
- cryptography
- network security
- computer arithmetic
- FPGA ASIC design and testing
- Contact
- The Engineering Building, room 3225
- kgaj_at_gmu.edu
Office hours Monday, Tuesday, Wednesday
600-700 PM
3ECE 646
Part of
MS in CpE
Network and System Security (required) Computer
Networks (elective)
MS in EE
Communications Networks (elective)
Ph.D. in Electrical and Computer Engineering
MS in Information Security Assurance
MS in E-Commerce
Certificate in Information Systems Security
Ph.D. in Information Technology
4- NETWORK AND SYSTEM SECURITY
- Concentration advisors Kris Gaj, Jens-Peter Kaps
- ECE 542 Computer Network Architectures and
Protocols S.-C. Chang, et al. - ECE 646 Cryptography and Computer Network
Security K. Gaj, J-P. Kaps lab, project - ECE 746 Advanced Applied Cryptography K. Gaj
lab, project C/C, VHDL, or analytical - ISA 656 Network Security A. Stavrou
- ECE 699 Cryptographic Engineering J.-P. Kaps,
K. Gaj
5ECE 646
Lecture
Laboratory
Project
Homework 15 Quizzes 5 Midterm exams 10
Final Exam 20
15
35
Specification - 5 Results
- 10 Oral presentation - 10 Written report
- 8 Review - 2
6deapth
7Lecture
- viewgraphs / whiteboard
- viewgraphs available on the web
- (please, extend with your notes)
- books
- 1 required (Stallings)
- 1 optional (all chapters available on the
book web page) - articles (CryptoBytes, RSA Data Security Conf.,
CHES, - CRYPTO, etc.)
- web sites - Crypto Resources
- standards, FAQs, surveys
8Distance Learning Mode (1)
- pilot project introduced for the first time
this year - lectures delivered simultaneously in class and
on-line - students joining on-line can actively
participate in - the class (raise a hand, ask questions, etc.)
- minimum preparation required (setting options of
a browser, login to Blackboard, etc.) - on-line sessions can be recorded and replayed
- outside of the class time (in the asynchronous
mode)
9Distance Learning Mode Rules
- this semester done at a specific request of
students interested in attending classes
remotely - requests for on-line delivery should be sent to
the - instructor at least 24 hours before the
beginning of a given class - allow participation in the lectures by students
who are on - travel, sick, or cannot attend the class for
any other serious - reason
- no guarantee of the equivalent quality of
educational experience is provided
10Important Announcement
There will be no class next
Tuesday, September 8 (the instructor attending a
conference in Europe).
Instead, we will hold a make-up lecture in
class Columbus Day, Monday, Oct. 12
on-line per your request
11Homework (1)
- reading assignments
- theoretical problems (may require basics of
- number theory or probability theory)
- problems from the main textbook
- short programs
- literature surveys
12Homework (2)
short programs vs. analytical problems or HDL
codes
- More time consuming
- Most time spent
- on debugging
- Relatively straightforward
- Typically less
- time consuming
- More thinking
- Little writing
13Midterm exam
- multiple choice test short problems
- open-books, open-notes
- practice exams available on the web
- midterm exam review session - optional
Tentative date
Tuesday, October 27th
14Quizzes
- one-two questions related to the most recent
lectures - closed-books, closed-notes
15Final exam
2 hours 45 minutes
Multiple choice several problems
Tuesday, December 15 730 1015 PM
16Laboratory
- 4 labs based on three major software packages
- CrypTool
- GnuPG for Linux or GnuPG for Windows
- MAGMA Computational Algebra System
- done at home or in the ECE labs
- software downloaded from the web
- based on detailed instructions
- grading based on written reports (answers to
- questions included in the instructions)
17Tentative list of laboratory topics
- Secure e-mail Pretty Good Privacy - GnuPG
- Historical ciphers - CrypTool
- 3. Properties of classical cryptosystems -
CrypTool - 4. Properties of public key cryptosystems -
Magma
18Project (1)
- depth, originality
- based on additional literature
- you can start at the point where former students
ended - based on something you know and are interested
in - software or hardware
- may involve experiments
- teams of 1-3 students
19Project (2)
- about three weeks to choose a topic and write
- the corresponding specification
- regular meetings with the instructor
- a few oral progress reports based on Power Point
slides - draft final presentation due at the last
progress report - written report/article, IEEE style
- due Tuesday December 1
- short conference-style oral presentations
- Tuesday, December 8
- contest for the best presentation
- publication of reports and viewgraphs on the web
20Project (3)
- Project reports/articles requirements
- - IEEE style
- - 15 pages maximum
- - appendices possible but do not influence
- the evaluation
- Review of project reports
- reviews done by your fellow students
- reviews due, Saturday, December 5, midnight
- final version of the report due Monday,
- December 7, midnight
21Project (4)
- Project presentations (Tuesday, December 8,
730-1000PM) - - conference style
- - open to general public (in particular,
- students from previous years), ECE
seminar credit - - 10 minutes for the presentation 5 minutes
for QA - - time strictly enforced
22This Years Project Theme
- Benchmarking (comparing)
- cryptographic algorithms
- cryptographic libraries and open-source
- implementations (software and hardware)
- platforms
- tools
23Motivation (1)
- multitude of implementations of cryptographic
algorithms available in public domain - (50 open-source software libraries,
- gt20 open-source hardware cryptographic cores)
How do they compare against each other? Which
one to use when implementing a particular
cryptographic system?
24Motivation (2)
- general-purpose microprocessors (e.g., Pentium
4, Core i7, etc.) - microcontrollers (TI MSP 430, MicroChip PIC18)
- Digital Signal Processors
- FPGAs (from Xilinx, Altera, Actel, etc.)
- ASICs (based on various libraries of standard
cells) - processors embedded in FPGAs (PicoBlaze,
MicroBlaze, - Nios II)
25Motivation (3)
- multitude of languages and tools
- C, C, Java, Python, C, assembly language,
etc. - VHDL, Verilog, AHDL, etc.
- multiple compilers for software codes
- multiple synthesis tools for hardware codes
26Motivation (4)
- multitude of cryptographic algorithms
- secret-key block ciphers
- secret-key stream ciphers
- public-key ciphers
- hash functions
- message authentication codes
- digital signature schemes
- key agreement schemes
27Common benchmarking pitfalls
- taking credit for improvements in technologye.g.
comparing Bob's AES in Virtex 5 vs. Alice's AES
in Virtex 2 Pro - choosing a convenient performance measure
- comparing designs with different functionality
- e.g., encryptiondecryption vs. encryption only
- comparing the speed of different operations
- e.g., comparing the combined speed of encrypting
8 messages in parallel vs. the speed of
encrypting a single long message - designs optimized using different optimization
criteria - e.g., speed only or the ratio of speed to
cost - using different input/output interfaces
28Previous Work Comparative Analysis of
SoftwareMulti-precision Arithmetic Librariesfor
Public Key Cryptography
Ashraf AbuSharekh MS Thesis, April 2004
29Previous work
- eBACS ECRYPT Benchmarking of Cryptographic
Systemshttp//bench.cr.yp.to - Project to compare software implementations of
cryptographic algorithms - Developed by Daniel J. Bernstein and Tanja Lange
(2006-present) - Activity of VAMPIRE Virtual Application and
Implementation REsearch Lab - Integrates
- eBATS ECRYPT Benchmarking of Asymmetric Systems
- eBASC ECRYPT Benchmarking of Stream Ciphers
- eBASH ECRYPT Benchmarking of All Submitted
Hashes - Extends earlier software evaluation projects
developed by different groups - within NESSIE and eSTREAM.
30SUPERCOP
- System for Unified Performance Evaluation Related
to Cryptographic Operations and Primitives - toolkit developed by the VAMPIRE lab for
measuring the performance of cryptographic
software - measures the performance of
- hash functions
- secret-key stream ciphers
- public-key encryption systems
- public-key signature systems
- public-key secret-sharing systems
- output is an extensive set of measurements in a
form suitable for easy computer processing
31SUPERCOP
- measurements on multiple machines (currently over
70)and machine-ABI (application binary
interface) combinations (currently over 100) - each implementation is recompiled multiple times
(currently over 1200 times) with various compiler
options to identify best working options for
implementation, machine - time measured in clock cycles/byte for multiple
input/output sizes - median, lower quartile (25th percentile), and
upper quartile (75th percentile) reported - standardized function arguments (may be
implemented using wrappers)
32GMU Tool
- ATHENa Automated Tool for Hardware EvaluatioN
Set of scripts written in Perl aimed at an
AUTOMATED generation of OPTIMIZED results for
MULTIPLE hardware platforms
Currently under development at George Mason
University. First version to be released this
Fall.
33ATHENa Major Features
- running all steps of synthesis, implementation,
and timing analysis in the batch mode - support for devices and tools of multiple FPGA
vendors
Xilinx, Altera, Actel - generation of results for multiple families of
FPGAs of a given vendor - automated choice of a device within a given
family of FPGAa assuming that the resource
utilization does not exceed a certain limit,
e.g., 80 of CLB slices, or 70 of BRAM - choice of multiple optimization criteria (speed,
area, ratio speed/area) - heuristic optimization algorithms aimed at
maximizing the performance measures (e.g., speed)
based on checking multiple options, and multiple
target clock frequencies
34ATHENa Additional Features
- automated verification of the design through
simulation, run in the batch mode based on the
provided testbench (optional) - Functional
- Post-synthesis
- Timing
- support for Windows and Linux
- Graphical User Interface
- Requirements
- interpreter of Perl
- FPGA tools free, educational, or commercial
versions
35ATHENa Input/Output
- Input
- synthesizable source files
- configuration files (text files)
- testbench (optional)
- constraint files (optional)
- Output
- result summary (human readable)
- database entries (suitable for computer
postprocessing)
36Basic Dataflow of ATHENa
FPGA Synthesis and Implementation
User
6
5
3
2
Ranking of designs
Database query
Result Summary Database Entries
HDL scripts configuration files
ATHENa Server
1
HDL FPGA Tools
Download scripts andconfiguration files8
4
Designer
Database Entries
37Draft Specification due in two weeks
- Specification should include the choice of
- software vs. hardware
- software cryptographic libraries
- or
- hardware cryptographic cores
- languages
- platforms
- tools
- list of cryptographic algorithms included in
comparison (common for selected libraries)
38Follow-up courses
Cryptography and Computer Network Security
ECE 646
Digital System Design with VHDL ECE 545
Advanced Applied Cryptography ECE 746
Computer Arithmetic ECE 645
39Cryptography and Computer Network
Security
Advanced Applied Cryptography
Operations in the Galois Fields GF(2n)
Modular integer arithmetic
- AES
- Stream ciphers
- Elliptic curve cryptosystems
- Random number generators
- Smart cards
- Attacks against implementations
- (timing, power, fault analysis)
- Efficient and secure
- implementations of cryptography
- Security in various kinds of
- networks (IPSec, wireless)
- Zero-knowledge identification
- schemes
- Historical ciphers
- Classical encryption
- (DES, IDEA, RC5, AES)
- Public key encryption
- (RSA, DH, DSA)
- Hash functions and MACs
- Digital signatures
- Public key certificates
- Secure Internet Protocols
- - e-mail PGP and S-MIME
- - www SSL
- Cryptographic standards
40Typical course
difficulty
time
This course
difficulty
time