Studiegids

nl en

Cryptographic Engineering

Vak
2023-2024

Admission requirements

Assumed prior knowledge

This course aims at students who want to gain a deep understanding of the engineering aspects of cryptography, namely on the design of cryptographic hardware and software, and on implementation attacks and countermeasures. We expect that students already have some background knowledge in security (e.g. have taken the Security course at the Bachelor level) and digital design (e.g. have taken the Fundamentals of Digital Systems Design course at the Bachelor level). We expect that students also have experience and skills in scientific writing, presenting, and collaborative research project management.

Description

One part of this course will concentrate on the implementation aspects of cryptographic algorithms and protocols. Design constraints on resource utilization, energy consumption and performance will be taken into account in the design of cryptographic hardware and software.

Another part of the course explains how attacks can be mounted that specifically target weaknesses in the implementation of the cryptographic algorithms. Countermeasures against these implementation attacks and their effect on the resource utilization, the energy consumption and the performance will also be covered in the course.

Course objectives

After this course, you will have knowledge about the design of cryptographic hardware and software, and you will be able to make basic implementations yourself, taking into account the different constraints on hardware and (embedded) software. You will learn about implementation attacks and countermeasures, and you will have hands-on experience with mounting an attack and implementing countermeasures.

After this course, you will be able to:

  • Explain a chosen concept related to the course topics (cryptographic hardware and software, implementation attacks and countermeasures)

  • Summarize the latest research results on a chosen concept related to the course topics based on at least two representative articles

  • Compare the representative articles based on self-chosen relevant metrics

  • Validate the Chipwhisperer side-channel and fault analysis board and the existing labs/tutorials

  • Create a new experiment with the Chipwhisperer board that is not identical to the experiments reported in the existing labs/tutorials (e.g. different cryptographic algorithm, different implementation of the cryptographic algorithm, different analysis method)

  • Perform a presentation of the results of the assignments with a good structure, grammar and spelling, with attractive slides, within the allotted time

  • Write a report on the results of the assignments with a good structure, grammar and spelling.

Timetable

The most recent timetable can be found at the Computer Science (MSc) student website.

You will find the timetables for all courses and degree programmes of Leiden University in the tool MyTimetable (login). Any teaching activities that you have sucessfully registered for in MyStudyMap will automatically be displayed in MyTimeTable. Any timetables that you add manually, will be saved and automatically displayed the next time you sign in.

MyTimetable allows you to integrate your timetable with your calendar apps such as Outlook, Google Calendar, Apple Calendar and other calendar apps on your smartphone. Any timetable changes will be automatically synced with your calendar. If you wish, you can also receive an email notification of the change. You can turn notifications on in ‘Settings’ (after login).

For more information, watch the video or go the the 'help-page' in MyTimetable. Please note: Joint Degree students Leiden/Delft have to merge their two different timetables into one. This video explains how to do this.

Mode of instruction

Lectures, peer presentation classes, workshops, self-study and group work

Course load

Total hours of study: 168 hrs. (= 6 EC). Of those (ca.):

  • 12 hrs of lectures

  • 8 hrs of peer presentations

  • 42 hrs of research literature analysis

  • 106 hrs of project work

Assessment method

The assessment is based on two assignments.
Final grade = 30% grade Assignment 1 + 70% grade Assignment 2

Assignment 1

Task: Make a critical analysis and comparison of at least 2 research papers on a selected topic. Write a report (50% of the grade for Assignment 1) and give a presentation (50% of the grade for Assignment 1) on your findings. Work in a group of 2-3 students. The papers/topics are proposed by the lecturers and shared in Brightspace.

Guidelines for the report: The report you write should be around 4 pages. It should start with an introduction to the topic and it should end with a conclusion. It is not enough to summarize what is written in the papers that you analyze. You should compare those papers based on relevant metrics that you derive from the papers, and you should give a critical reflection on the content of the papers.

The assessment will be based on the quality of:

  • Introduction and conclusion

  • Exposition of the research papers analysed

  • Exposition and justification of the considered metrics

  • Structure, grammar & spelling

  • Answers to questions (assessed in presentation only)

  • Use of allotted time (assessed in presentation only)

  • Attractiveness of the slides (assessed in presentation only)

Assignment 2

Task: Execute a side-channel or fault analysis attack on a program that is running on a Chipwhisperer board. Write a report and give a presentation on your findings. Work in a group of 2-3 students. Projects are defined by students jointly with lecturers.

Additional guidelines:
An experiment consists of

  • a certain algorithm under attack,

  • a specific implementation of that algorithm,

  • and an analysis of the measured power traces or timing (in case of a side-channel attack) or an analysis of the faulty output values (in case of a fault injection attack).

We expect you to either

  • improve one of the implementations covered in the available Chipwhisperer tutorials/labs and/or

  • evaluate implementations that were not covered in the practical sessions (no need to implement from scratch, a lot of implementations are published online) and/or

  • apply an analysis approach not covered in the practical sessions to implementations covered in the practical sessions.

There is no upper or lower bound for the number of pages in the report, but we suggest to have around 4 pages.

The assessment will be based on:

  • 50% project work

    • difficulty of the project
    • practical approach
    • achieved results
  • 30% presentation

    • introduction and motivation of the topic
    • structure of the presentation
    • practical demonstration
  • 20% report

    • description of the project work and results
    • critical analysis of the results
    • writing quality

Reading list

There is no textbook. Recommended readings (research papers, etc.) will be announced on Brightspace.

Registration

From the academic year 2022-2023 on every student has to register for courses with the new enrollment tool MyStudyMap. There are two registration periods per year: registration for the fall semester opens in July and registration for the spring semester opens in December. Please see this page for more information.

Please note that it is compulsory to both preregister and confirm your participation for every exam and retake. Not being registered for a course means that you are not allowed to participate in the final exam of the course. Confirming your exam participation is possible until ten days before the exam.

Extensive FAQ's on MyStudymap can be found here.

Contact

  • Contact the lecturer via email.

Remarks

None.