Hardware and Operating Systems Security

Hardware and Operating Systems Security, autumn 2011

Lectures are on Mondays, 15:30-17:30, in HG00.068.

A preliminary schedule is below. We might still shift a bit depending on how fast we go, the availability of some guest speakers and possible excursion, and the need for Q&A sessions to help with the practical aspects of the project, notably getting the smartcards to work.

slides

nr. day literature
1. 29 Aug This course
Smartcards intro Keith Mayes, An Introduction to Smart Cards

2. 5 Sept Project assignment and see here
ISO 7816, APDUs, smartcard operating systems Marc Witteman, Advances in Smartcard Security

3 12 Sept Intro Side-Channel Attacks (SPA) and Inspector Michael Tunstall, Smart Card Security

4 19 Sept! no lecture
Side-Channel Practicum (session 1) Remind yourself of DES (Sect 7.4.2)

5. 26 Sept Group presentations

6. 3 Oct no lecture
Side-Channel Practicum (session 1) Remind yourself of DES (Sect 7.4.2)

7 10 Oct Java Card [More JavaCard hints] [Java Crypto Extension]

8 17 Oct Advanced Side Channel Attacks (DPA)

24 Oct! no lecture - midterm lecture-free period
31 Oct! no lecture - midterm lecture-free period
9 7 Nov lecture: RFID; case study: the electronic passport

10. 14 Nov! no lecture: Side-channel lab

11 21 Nov lecture: EMV

12. 28 Nov! lecture: physical attacks and Defensive Coding
5 Dec deadline code of your project

13 5 Dec NB we start at 13:45!
Lecture: low-power crypto and group demos (groups 2, 1, 4)

8 Dec Afternoon excursion to Riscure.

12 Dec deadline project report

14 12 Dec Remaining group demos (group 3,5,6). Group presentations (group 1,4,6)

15 19 Dec! NB we start at 13:45!
Group presentations (group 2,3,5?)

nr.	day	literature
1.	29 Aug	This course Smartcards intro	Keith Mayes, An Introduction to Smart Cards
2.	5 Sept	Project assignment and see here ISO 7816, APDUs, smartcard operating systems	Marc Witteman, Advances in Smartcard Security
3	12 Sept	Intro Side-Channel Attacks (SPA) and Inspector	Michael Tunstall, Smart Card Security
4	19 Sept!	no lecture Side-Channel Practicum (session 1)	Remind yourself of DES (Sect 7.4.2)
5.	26 Sept	Group presentations
6.	3 Oct	no lecture Side-Channel Practicum (session 1)	Remind yourself of DES (Sect 7.4.2)
7	10 Oct	Java Card [More JavaCard hints] [Java Crypto Extension]
8	17 Oct	Advanced Side Channel Attacks (DPA)
	24 Oct!	no lecture - midterm lecture-free period
	31 Oct!	no lecture - midterm lecture-free period
9	7 Nov	lecture: RFID; case study: the electronic passport
10.	14 Nov!	no lecture: Side-channel lab
11	21 Nov	lecture: EMV
12.	28 Nov!	lecture: physical attacks and Defensive Coding
	5 Dec	deadline code of your project
13	5 Dec	NB we start at 13:45! Lecture: low-power crypto and group demos (groups 2, 1, 4)
	8 Dec	Afternoon excursion to Riscure.
	12 Dec	deadline project report
14	12 Dec	Remaining group demos (group 3,5,6). Group presentations (group 1,4,6)
15	19 Dec!	NB we start at 13:45! Group presentations (group 2,3,5?)

Possible additional topics, if there is time, include EMV (Europay/Mastercard/Visa), defensive smartcard coding, and voting machines.

Literature

Some chapters of Ross Anderson's excellent book on Security Engineering, are required reading. There are two editions of the book. The first edition is on-line, of the second edition just a few chapters are on-line. In the first edition you should read

In the second edition

Chapter 10: Banking and Bookkeeping
Chapters 11: Physical Protection and 12. Monitoring and Metering.
Chapter 16: Physical Tamper Resistance
Chapter 17: Emission Security
Chapter 20: Telecom System Security

The book is in the Nijmegen library. Note that the whole book is interesting (and entertaining) to read, and extremely good value for money, so it's worthwhile to buy a copy.