Secure Systems Design Ramesh Karri Office Hours: Tues/Wed/Thurs: 12:00- 1:30 in LC 001
Security and Privacy Data confidentiality Data confidentiality Data integrity Data integrity Authentication Authentication Non-repudiation Non-repudiation Applications Applications smartcards, securid, smart tokens, GSM SIM etc… smartcards, securid, smart tokens, GSM SIM etc… VPN Gateways, Secure Routers, …. VPN Gateways, Secure Routers, …. Cryptography is the fundamental building block Cryptography is the fundamental building block
Data confidentiality Symmetric block ciphers Symmetric block ciphers Encrypt (plaintext block, key)= ciphertext block Encrypt (plaintext block, key)= ciphertext block Decrypt (ciphertext block, key)= plaintext block Decrypt (ciphertext block, key)= plaintext block Encryption key = Decryption key Encryption key = Decryption key Advanced Encryption Standard (AES)Advanced Encryption Standard (AES) 128-bit plaintext block, 128-bit secret key 128-bit plaintext block, 128-bit secret key Stream ciphers Stream ciphers Key stream generator; encryption is a simple xor operationKey stream generator; encryption is a simple xor operation Cipher feedback mode of AES etc..Cipher feedback mode of AES etc.. Output feedback mode of AES etc..Output feedback mode of AES etc..
Symmetric Block Cipher
Data Integrity Message authentication code Message authentication code Detect modification to messagesDetect modification to messages Cipher block chaining mode of AES,DESCipher block chaining mode of AES,DES
Design of High Speed Encryption Devices Message Authentication Codes Message Authentication Codes Previous: 600 MbpsPrevious: 600 Mbps Our research: GbpsOur research: Gbps 2004 IEEE DAC/ISSSC Best Design Contest, 3 rd Prize2004 IEEE DAC/ISSSC Best Design Contest, 3 rd Prize Ongoing research: Encryption and its various modes of operation Ongoing research: Encryption and its various modes of operation Arbitrary Block LengthArbitrary Block Length Authenticated EncryptionAuthenticated Encryption Opportunity to make a dramatic impactOpportunity to make a dramatic impact
Testing of Encryption Devices Are secure against mathematics based attacks Are secure against mathematics based attacks Differential CryptanalysisDifferential Cryptanalysis Linear CryptanalysisLinear Cryptanalysis Are not secure against implementation attacks Are not secure against implementation attacks Differential Power analysisDifferential Power analysis Differential Timing analysisDifferential Timing analysis Differential Fault analysisDifferential Fault analysis Our research: Design against DFA Our research: Design against DFA Developed a patented techniqueDeveloped a patented technique Alexander Von Humboldt FellowshipAlexander Von Humboldt Fellowship Working on several new techniques (extremely low cost)Working on several new techniques (extremely low cost)
Reverse Engineering Encryption Device Implementations Scan chains based attack Scan chains based attack DES, AES, etc… DES, AES, etc… Secure hardware design methodology Secure hardware design methodology Break AES encryption algorithm using a combination of mathematical analysis and side channel information Break AES encryption algorithm using a combination of mathematical analysis and side channel information Become famous Become famous
Contact Bo Yang, Nikhil Joshi or Ramesh Karri in LC 001 (basement) Contact Bo Yang, Nikhil Joshi or Ramesh Karri in LC 001 (basement)