WPI Workshop Aims to Solve Security Technology Problems

By Daniel V. Bailey
Contact: Arlie Corday WPI Media & Community Relations

Alfred Menezes of the University of Waterloo, Canada (right) presenter at one of the invited talks at the CHES 2000 (Cryptographic Hardware and Embeded Systems) workshop is shown with workshop organizers (from left) Cetin Koc of Oregon State University and Christof Paar of WPI.

WORCESTER, Mass. - The practical application of cryptography and other security technologies to secure e-commerce is the focus of this year's Cryptographic Hardware and Embedded Systems (CHES) 2000 workshop, held at Worcester Polytechnic Institute Aug. 17-18. In contrast to other conferences specializing in cryptography, CHES offers a practice-oriented approach to solving the real hurdles confronting e-commerce today.

Today's model of electronic commerce focuses on the personal computer as the human interface. As new devices offering Internet access emerge, such as enhanced wireless phones, personal digital assistants such as the enormously popular Palm Pilot, and even video game systems such as the forthcoming Sony Playstation 2, consumers will naturally demand to use these devices to conduct electronic commerce, just as they have embraced the PC.

One thing all these devices have in common, however, is the lack of processing power relative to a traditional PC. While today's desktop computers are more than powerful enough to perform the complicated mathematical operations required for modern cryptography, these new devices are designed for low cost and low power consumption, at the expense of processing power. CHES focuses on addressing this pressing need in the expansion of e-commerce.

David Naccache, director of information technology at Gemplus, a smart card maker in France, will talk about smart card security issues. These credit-card sized computers offer perhaps the least processing power in any modern system. This low-cost design, however, allows them to be deployed on the extremely large scale used in issuing credit cards. His talk, "How to Explain Side Channel Leakage to Your Kids," promises to be an informative and entertaining approach to explaining some of the more esoteric concepts in smart card security.

Adi Shamir, a co-inventor of the RSA code used to secure electronic commerce, whose presentation last year on a new factoring method was a highlight of CHES '99, will speak this year on the smart card theme. He has developed a new approach to securing smart cards from hackers.

Some attackers are able to use information gained from observing the power supply applied to a smart card to thwart security mechanisms. Shamir's new approach may well spell the end of such attacks.

One popular method of securing the new generation of devices is the elliptic curve cryptosystem. This type of code is quite complex to employ, making its efficient implementation an active area of research. Alfred Menezes, a professor at the University of Waterloo in Canada, has been a leading researcher in this area for many years. At CHES, he will present the results of a detailed efficient implementation of the elliptic curve cryptosystems proposed for use in a new federal government standard. This work will allow builders of wireless devices to easily integrate security into their products.

In addition to the work on wireless devices, some papers at CHES will deal with the implementation of codes on special hardware devices called FPGAs. These unique blends of hardware and software allow for the efficiencies of hardware while maintaining the flexibility of software. This property is quite important since the large computers that direct Internet traffic must deal with many kinds of data and the efficient processing of many types of code. Papers in this area include a fast implementation of the U.S. government's Data Encryption Standard, which can process 12 billion bits of information per second, and an elliptic curve cryptosystem implementation far faster than any seen before.

In all, the CHES 2000 conference, chaired by professors Cetin Koc of Oregon State University and Christof Paar of WPI, continues the tradition of excellence set by the inaugural meeting in 1999. Further details and a program of events are available at http://www.ece.wpi.edu/Research/crypt/ches/index. The conference proceedings will be published in Springer-Verlag's Lecture Notes in Computer Science series.

Founded in 1865, WPI enrolls 2,700 undergraduate and 1,000 graduate students in science, engineering, management, humanities and arts, and social sciences.

Daniel V. Bailey, of Wilmington, Delaware, received bachelor's and master's degrees from WPI's Department of Computer Science in '98 and '00, conducting research in WPI's Cryptography and Information Security Lab under Professor Christof Paar. He is now pursuing a Ph.D. in computer science at Brown University.