# CSE 127: Lecture 4

The topics covered in this lecture are modular exponentiation algorithm, smart cards, assignment 1.

## Modular Exponentiation Algorithm

```Integer mod_exp(Integer m)
{
Integer r, x;
int i;
extern int e[]; /* binary array 0,..., k-1 of exponent */
extern int k; /* number of bits in modulus and exponent */
extern Integer n; /* modulus */

r = 1; x = m;
for (i = 0; i < k; i++) {
if (1 == e[i]) {
r = r * x % n;
}
x = x * x % n;
}
return r;
}
```

## Smart Cards

Smart cards contain an embedded microprocessor. They contain EEPROM for code and data, and sometimes include a cryptographic accelerator which helps to implements operations like block ciphers or modular multiplication.

In class we discussed some ways that smart cards may be attacked. We will continue on this next lecture.

## Assignment 1

Select your work or home as the domain to be protected. Identify assets, estimate their cost to you (this may exceed the replacement cost; for example, replacing a PC on which you have your course projects will cost more than simply replacing it with a similiarly configured machine, since you will have to reconstruct your code). Identify potential attacks -- external break in, theft, destruction, confidentiality loss, etc -- and provide an educated guess for the probability that an attack will be successful. Compute expected annual loss, identify methods of reducing your risk, and discuss their cost effectiveness.

If you choose to use your work place, you should get permission of your supervisor(s). You should feel free to anonymize the identity of the work place or details of your home and/or change the details as long as it does not affect the analysis substantially. I don't really want to know this information, and you may wish to include the risks of the exposure of such a report in your analysis.

Turn in your report by email. The subject of the email should be simply "Assignment 1". The report should be in plain text. If you wish to PGP encrypt this email, you may, but if you properly changed the details you shouldn't have to. See my homepage for my public key. Be concise: I expect about 2 screens of text. This assignment is due Jan 22, 2003.