Course - Secure Cryptographic Implementations - TTM4205
TTM4205 - Secure Cryptographic Implementations
About
Examination arrangement
Examination arrangement: Portfolio assessment
Grade: Letter grades
Evaluation | Weighting | Duration | Grade deviation | Examination aids |
---|---|---|---|---|
Portfolio assessment | 100/100 |
Course content
The course covers how to implement, analyse, attack, protect and securely compose cryptographic algorithms in practice. It goes in depth on how to implement computer arithmetic, attacking implementations using side-channel attacks and fault injection, exploit padding oracles and low-entropy randomness, utilise techniques to defend against these attacks, and how to securely design misuse-resistant APIs.
This course involves security of cryptographic software used in critical digital infrastructure across all of society, building up under the UN Sustainability Development Goals, by enabling financial services (8.10), facilitate resilient infrastructure (9.a), enhance scientific research and upgrade technological capabilities (9.5), ensure public access to information and protect fundamental freedoms (16.10), and enhance the use of enabling technology (17.8).
Learning outcome
A. Knowledge: Advanced knowledge about the mathematical building blocks underlying modern cryptography, properties of and applications of cryptographic primitives, challenges and common mistakes when implementing cryptography, side-channel attacks and countermeasures, and high level design principles for secure use of cryptography in practice.
B. Skills: Able to implement the underlying mathematics and high-level protocols used in symmetric key and public key cryptosystems, perform simple side-channel attacks and implement countermeasures, analyse side-channel countermeasures and design misuse resistant APIs for cryptography.
C. General competence: Experience on how to organise projects in small groups, conduct experiments, and write academic reports.
Learning methods and activities
Lectures, invited lectures, group projects and laboratory exercises.
Further on evaluation
Portfolio assessment is the basis for the grade in this course. The portfolio consists of one or more projects covering implementation, analysis, attacks and protection of cryptographic primitives. This will be announced at the beginning of the term.
The work on all tasks composes 100% of the final grade. The results for the projects are given in points and in %-scores. The entire portfolio is assigned a letter grade. All assignments will be given in English only and reports must be submitted in English.
If a student has the final grade F/failed, the student must repeat the entire course. Also in the case a student wants to improve their grade, they must repeat the entire course.
Recommended previous knowledge
The following courses are recommended: TMA4140 Discrete Mathematics, TDT4100 Object-Oriented Programming, TDT4120 Algorithms and Data Structures, TTM4135 Applied Cryptography and Network Security, or equivalent courses. It is also recommended to take TMA4160 Cryptography prior to or at the same time as this course.
Course materials
To be announced at the beginning of the term. The main course material will be given in the form of slides, notes, manuals, research papers, books and recordings.
Useful course material:
- ChipWhisperer: https://www.newae.com/chipwhisperer
- "Serious Cryptography" by Jean-Philippe Aumasson
- "Real World Cryptography" by David Wong
- "The Hardware Hacking Handbook" by Jasper van Woudenberg and Colin O'Flynn
Version: 1
Credits:
7.5 SP
Study level: Second degree level
Term no.: 1
Teaching semester: AUTUMN 2024
Language of instruction: English
Location: Trondheim
- Safety and Reliability
- Telematics
- Information Security
- Communication Technology
- Technological subjects
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination arrangement: Portfolio assessment
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
- Autumn ORD Portfolio assessment 100/100
-
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"