Hardware Security, Spring 2017

[ main | schedule & slides | cases | smartcard practicalities | project work | side-channel lab ]

Lectures are on Mondays, from 10:30-12:30, in HG00.622, HG00.062, or HG00.071.

Schedule and Steps

To get started:
  1. Form a group with (ideally) 4 students. Pick one of the 4 topics: e-Purse, Card Rental, Loyalty Card, or Petrol Rationing.
    Once you have formed a group, email Niels, telling him your group and topic. Niels will then give each group a smartcard reader and smartcard.
  2. Read up on the info on the JavaCard project webpage, esp. the design phase.

Course content (lectures slides and reading material)

day slides background reading
Jan 30 No lecture because TU/e semester starts a week later
Feb 6 (HG00.622) This course;
Embedded Security & Smartcards intro
Feb 13 (HG00.622) The JavaCard group project
ISO 7816 and smart card OSs
Read JavaCard Project Information sheet with tips and pitfalls, plus other info on project webpage.
Feb 20 (HG00.622) Overview of smartcard attacks Background reading: Physical Tamper Resistance, Chapter 16 of Security Engineering by Ross Anderson and Advances in Smartcard security by Marc Witteman
Feb 27 No lecture because of Carnaval
Feb 27 Deadline design document for project
March 6 (HG00.622) Side Channel Analysis (I) To read: DPA Tutorial
March 13 (HG00.622) Java Card More pointers and sample code on smartcard practicalities webpage
March 20 (HG00.622) Side Channel Analysis (II)
March 27 (HG00.622) Tutorial lecture by Kostas
April 3mid-term exam period - no lecture
April 10 (HG00.062) RFID Movies on Mifare Classic and car immobilisers
Easter and spring holiday - no lecture
May 1 (HG00.062) Example application: EMV
May 8 (HG00.071) Side Channel Analysis (III)
May 15 (HG00.062) Trusted Execution Environments Felten's Understanding Trusted Computing is a good short intro to the classic TPM-based approach to Trusted Computing.
Section 3 of Vasudevan et al.'s Trustworthy Execution on Mobile Devices is a good intro to the newer TEE approaches.
May 16, afternoon Excursion to Riscure, starting 13:15
May 22 (HG00.071) Ilya's demo of side channel attacks on white box crypto
Defensive coding against faults;
Row Hammer attack on mainstream hardware
May 29 (HG00.071) No lecture, to give you a chance to visit the EIPSI symposium in Eindhoven.
Pentecost - no lecture
June 12 (HG00.062) No lecture. (There will be a lecture for Crypto Engineering in this slot.)
June 12: deadline JavaCard project: code & final design document
to be scheduled Individual sessions per group to demo your project and answer questions about the design


Miscellaneous other stuff, incl. some slides on organisational issues that will appear in the video recordings of the lecture


Some chapters of Ross Anderson's excellent book on Security Engineering are relevant for this course. Two chapters are required reading, namely Some chapters which provide some more general background are chapters 10, 11, 12, and 20. Note that the whole book is interesting and entertaining to read, and extremely good value for money, so it's worthwhile to buy a copy.