# CSE 127: Lecture 4

The topics covered in this lecture are
modular exponentiation algorithm,
smart cards,
assignment 1.
Integer mod_exp(Integer m)
{
Integer r, x;
int i;
extern int e[]; /* binary array 0,..., k-1 of exponent */
extern int k; /* number of bits in modulus and exponent */
extern Integer n; /* modulus */
r = 1; x = m;
for (i = 0; i < k; i++) {
if (1 == e[i]) {
r = r * x % n;
}
x = x * x % n;
}
return r;
}

Smart cards contain an embedded microprocessor. They contain EEPROM
for code and data, and sometimes include a cryptographic accelerator
which helps to implements operations like block ciphers or modular
multiplication.
In class we discussed some ways that smart cards may be attacked. We
will continue on this next lecture.

Select your work or home as the domain to be protected. Identify assets,
estimate their cost to you (this may exceed the replacement cost; for
example, replacing a PC on which you have your course projects will
cost more than simply replacing it with a similiarly configured
machine, since you will have to reconstruct your code). Identify
potential attacks -- external break in, theft, destruction,
confidentiality loss, etc -- and provide an educated guess for the
probability that an attack will be successful. Compute expected
annual loss, identify methods of reducing your risk, and discuss their
cost effectiveness.
If you choose to use your work place, you should get permission of
your supervisor(s). You should feel free to anonymize the identity of
the work place or details of your home and/or change the details as
long as it does not affect the analysis substantially. I don't really
want to know this information, and you may wish to include the risks
of the exposure of such a report in your analysis.

Turn in your report by
email. The subject of the
email should be simply "Assignment 1". The report should be in plain
text. If you wish to PGP encrypt this email, you may, but if you
properly changed the details you shouldn't have to. See
my homepage for my public key.
Be concise: I expect about 2 screens of text. This assignment is due
Jan 22, 2003.

## Links

These are links additional security-related information. Exploring
them is optional unless otherwise stated.

[
search CSE |
CSE |
bsy's home page |
links |
webster |
MRQE |
google |
yahoo |
citeseer |
pgp certserver |
openpgp certserver
]

bsy+cse127.w03@cs.ucsd.edu, last updated Wed Jan 15 19:32:50 PST 2003. Copyright 2003 Bennet Yee.

email bsy.