|
At the end of the course students can
- explain how smartcards and RFID tags work, and explain their security objectives, and the hardware, software, principles, and techniques used to achieve these;
- explain currently known attacks on smartcards and associated countermeasures;
- build a simple smartcard application from scratch, incl. the associated protocol design and key management;
- carry out SPA and DPA attacks on smartcards.
|
|
Hardware plays an important role in securing many computer systems and applications. Smartcards are the prime example of secure hardware in common use today. In many systems smartcards are used for the secure storage of data and as a secure computing platform for security-critical operations, e.g. in bank cards, electronic passports, mobile phone SIMs, or as trusted elements in larger computing devices. Given their widespread usage and the security interests at stake, techniques for attacks and defensive are highly evolved for smartcards, probably more so than for any other type of computing system.
This course treats all aspects of smartcards and their contactless cousins, RFID tags, incl. hardware, communication standards, and software, the security objectives these are meant to provide, attack techniques and countermeasures, at the level of both hardware and software.
|
|
|
|
 | Literature will be made available through the course webpage. |
• 8 hours computer course
• 4 hours excursion
• 32 hours lecture
• 64 hours group project work without guidance
• 60 hours individual study period
Extra information teaching methods: Weekly lectures and project work.
Largest part of the project work is designing and building a small smartcard application with a group of about 4 students. This includes thinking about security requirements, coming up with a design and being able to motivate this, desigining with the necessary security protocols and key management, implementing this in JavaCard, and getting it to run on actual JavaCard hardware.The rest of the project work consists of three lab sessions in the security lab where students do practical assignments in carrying out side-channel attacks. |
| This course is an optional course in the TRU/e cyber security master specialisation. |
Topics:
• Smartcards & RFID: hardware, operating systems, software, ISO7816, ISO14443;
• Attacks (logical attacks, side-channel attacks, fault injection, invasive attacks) and countermeasures;
• Side-channel analysis: SPA, DPA;
• The JavaCard smartcard platform, secure coding of JavaCard applications;
• Sample applications, such as banking/EMV, e-passports, ov-chipkaart, GSM SIMs. |
| The course will be evaluated on the basis of the project work and assignments. |
| You are expected to have good knowledge of standard cryptography and have some Java programming skills. |
| | Required materialsTo be announced| Literature will be made available through the course webpage. |
|
|
Instructional modesCourse occurrence
| Excursion| Attendance Mandatory | | Yes |
| Lecture| Attendance Mandatory | | Yes |
| Practical computer training| Attendance Mandatory | | Yes |
| Project
| Zelfstudie
|
|
TestsTentamen| Test weight | | 1 |
| Opportunities | | Block KW4, Block KW4 |
|
|
| |