| |
|
This course is an introduction to the basic
theory and practice of cryptographic techniques used in computer
security. The course is intended for advanced undergraduates and
graduate students.
The following is a tentative list of topics. Next to each
topic we list some related readings in the textbook.
S31-34
means pages 31 to 34 in the second edition of
Stinson's book.
S31-34 refers to the third edition.
Note: Students are responsible for all
the material covered during the lectures. The textbooks do not cover
everything said in class.
Topics - tentative
Introduction
- History. Overview of cryptography. S1-13, S25-34
Basic Secret Key Encryption (security against
eavesdropping)
- Information theoretic security. One time pad. Perfect secrecy.
Stream ciphers. RC4.
S45-54, S21-24
S45-54, S21-25
- Feistel networks. DES. Using block ciphers (basic modes of operation).
S95-112
S95-112
- Strengthening DES: DESX and 3DES.
Attacks on block ciphers: Time-space tradeoffs, Differential &
Linear cryptanalysis, Meet-in-the-middle. The AES cipher.
S79-88
S79-88
- Semantic security. Pseudo Random Permutations.
Luby-Rackoff. Analysis of counter mode.
Message Integrity (Hashing)
- Non keyed hash functions. Motivation and applications.
Merkle-Damgard and Davies-Meyer.
S117-136
S119-120, S129-139
- Message Authentication Codes (MAC).
Applications.
Constructions: CBC-MAC, HMAC.
S136-141
S140-144
More Secret Key Stuff
- Authenticated encryption: properly combining basic encryption and
integrity.
How not to do it: 802.11b encryption
(WEP).
Basic key distribution using online Trusted Third Parties.
Public Key Encryption
- Arithmetic modulo primes. Algorithms: bignum arithmetic,
repeated squaring.
- Cryptography using arithmetic modulo primes:
Discrete log. Diffie-Hellman Key Exchange.
ElGamal encryption. Random self reductions.
S226-239, S261-267
S233-235, S268-273
- Arithmetic modulo composites.
S157-166
S161-177, S201-210
- RSA and Rabin encryption. PKCS1 vs. OAEP vs. OAEP+.
S167-171, 194-218
S218-224
Performance of RSA. How to use RSA. Hybrid encryption.
- Vulnerabilities: Unpadded RSA is insecure. Small private key.
Random padding. Timing attacks. Fault attacks.
Digital Signatures
- Definition of secure signature schemes. Lamport and Merkle schemes.
S274-280, S292-296
S281-285, S304-306
- How to sign using RSA. Brief overview of the Digital
Signature Standard (DSS).
S297-300
Crypto in the Real World
- Trust management: Certificates. Certificate chains. Cross
certification. Certificate revocation.
- SSL, SSH, IPsec.
Authentication and Key Exchange
- UNIX/NT Passwords, salts. One time passwords.
S/Key and SecurID.
Challenge response authentication.
Encrypted Key Exchange (EKE).
- Kerberos. The Needham-Schroeder protocol.
A bit of Zero knowledge proofs of knowledge.
Final Lecture
|