course-details-portlet

TTM4205 - Secure Cryptographic Implementations

About

Examination arrangement

Examination arrangement: Portfolio assessment
Grade: Letter grades

Evaluation Weighting Duration Grade deviation Examination aids
Portfolio assessment 100/100

Course content

The course covers how to implement, analyse, attack, protect and securely compose cryptographic algorithms in practice. It goes in depth on how to implement computer arithmetic, attacking implementations using side-channel attacks and fault injection, exploit padding oracles and low-entropy randomness, utilise techniques to defend against these attacks, and how to securely design misuse-resistant APIs.

This course involves security of cryptographic software used in critical digital infrastructure across all of society, building up under the UN Sustainability Development Goals, by enabling financial services (8.10), facilitate resilient infrastructure (9.a), enhance scientific research and upgrade technological capabilities (9.5), ensure public access to information and protect fundamental freedoms (16.10), and enhance the use of enabling technology (17.8).

Learning outcome

A. Knowledge: Advanced knowledge about the mathematical building blocks underlying modern cryptography, properties of and applications of cryptographic primitives, challenges and common mistakes when implementing cryptography, side-channel attacks and countermeasures, and high level design principles for secure use of cryptography in practice.

B. Skills: Able to implement the underlying mathematics and high-level protocols used in symmetric key and public key cryptosystems, perform simple side-channel attacks and implement countermeasures, analyse side-channel countermeasures and design misuse resistant APIs for cryptography.

C. General competence: Experience on how to organise projects in small groups, conduct experiments, and write academic reports.

Learning methods and activities

Lectures, invited lectures, group projects and laboratory exercises.

Further on evaluation

Portfolio assessment is the basis for the grade in this course. The portfolio consists of one or more projects covering implementation, analysis, attacks and protection of cryptographic primitives. This will be announced at the beginning of the term.

The work on all tasks composes 100% of the final grade. The results for the projects are given in points and in %-scores. The entire portfolio is assigned a letter grade. All assignments will be given in English only and reports must be submitted in English.

If a student has the final grade F/failed, the student must repeat the entire course. Also in the case a student wants to improve their grade, they must repeat the entire course.

Course materials

To be announced at the beginning of the term. The main course material will be given in the form of slides, notes, manuals, research papers, books and recordings.

Useful course material:

  • ChipWhisperer: https://www.newae.com/chipwhisperer
  • "Serious Cryptography" by Jean-Philippe Aumasson
  • "Real World Cryptography" by David Wong
  • "The Hardware Hacking Handbook" by Jasper van Woudenberg and Colin O'Flynn

Facts

Version: 1
Credits:  7.5 SP
Study level: Second degree level

Coursework

Term no.: 1
Teaching semester:  AUTUMN 2024

Language of instruction: English

Location: Trondheim

Subject area(s)
  • Safety and Reliability
  • Telematics
  • Information Security
  • Communication Technology
  • Technological subjects
Contact information
Course coordinator: Lecturer(s):

Department with academic responsibility
Department of Information Security and Communication Technology

Examination

Examination arrangement: Portfolio assessment

Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
Autumn ORD Portfolio assessment 100/100
Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
Examination

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU