Cryptography and Computer Security

Subject description

Information/computer security describes means to control access to information systems and their contents in order to prevent unauthorized use. Cryptography provides maximum security while at the same time preserving the flexibility of digital media. It forms the foundation of an information society, enabling privacy, data integrity, digital authentication/signatures, digital cash, and other goals. It incorporates mathematics, computer science, electrical engineering, finance, policy, defence, etc.

The course will cover the following topics:

• Symmetric cryptography

– Classical ciphers and history of cryptography

– Kerckhoff principle and various attacks on cryptosystems

– Shannon theory of information and entropy

(perfect, computational and provable security)

– Block ciphers (DES/IDEA, AES and finalists, linear and differential analysis)

– Stream ciphers/PRNG (RC4, LFSR and Berlekamp-Massey algorithm, …),

– Cryptoanalysis and statistical methods

Hash functions (MD/SHA, HMAC, …) and authentication codes (MAC), birthday paradox attacks, new attacks, …

• Public-key cryptography (asymmetric aryptography)

– Perfect security (computational, unconditional and provable security)

– Public-key cryptosystems, one-way functions and related problems in number theory (primality testing, integer factorization, discrete logarithm problem)

– Digital signatures (RSA, DSA, one-time, blind, group, etc.)

– Key agreement protocols (Diffie-Hellman, ElGamal, Kerberos, STS)

– Identification schemes for humans and devices (challenge/response, …)

– Other protocols (head/tail over the phone, mental poker, secret sharing schemes, authentication schemes, timestamps, visual cryptography, zero-knowledge proofs)

– Quantum cryptography

• Computer and information security

– Security of programs (bugs, viruses, malicious code)

– Security of databases (anonymization)

– Security of OS (MS Win, Unix/Linux, liveCD)

– Security of network communication (firewalls, VPN, IPSec, SSL)

– Privacy in CS (tokens/smart cards, RFID cards)

– Key management (certificates, CA, PKI, X.509)

– Efficient and secure implementations of cryptosystems (side channel attacks and defenses against them)

– Real time security management (security policy, monitoring)

– Patents and standards (ISO, IEEE, IETF)

The subject is taught in programs

Objectives and competences

Introduction to cryptography and computer security.

Teaching and learning methods

Lectures, tutorials, assignments, projects, office hours, lab work. There will be a special emphasis on real-time studies and team work (tutorials and seminars). We will occasionally watch video material related to the course.

Expected study results

After successful completition of this course the students will be able to:

– master the basic problems of computer security and the detailed structure of the most famous cryptosystems and will be capable to connect these areas, propose specific solutions and implement or maintain cryptosystems,

– apply, i.e., be able to define the problem, correctly evaluate it from a professional point of view (both cryptographic and security) and to propose/evaluate an effective solution,

– understand the connection between theory and practice applied to specific examples of computer security.

This course is a foundation for several courses that study computer systems and networks, telecommunications, digital forensics, electronic and mobile commerce, etc. Students will gain a theoretical foundation for a variety of practical problems that are encountered in the field of computer security and cryptography.

Basic sources and literature

D. Stinson, Cryptography: Theory and Practice, 3rd Ed., Chapman and Hall/CRC, 2006.

A. Menezes, P. van Oorschot in S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997 (peti ponatis 2001).

C.P. Pfleeger in S.L. Pfleeger, Security in Computing, 4th Ed., Prentice Hall, 2006.