Cryptography and Computer Security

Information/computer security describes means to control access to information systems and their contents in order to prevent unauthorized use. Cryptography provides maximum security while at the same time preserving the flexibility of digital media. It forms the foundation of an information society, enabling privacy, data integrity, digital authentication/signatures, digital cash, and other goals. It incorporates mathematics, computer science, electrical engineering, finance, policy, defence, etc.

The course will cover the following topics:

• Symmetric cryptography

– Classical ciphers and history of cryptography

– Kerckhoff principle and various attacks on cryptosystems

– Shannon theory of information and entropy

(perfect, computational and provable security)

– Block ciphers (DES/IDEA, AES and finalists, linear and differential analysis)

– Stream ciphers/PRNG (RC4, LFSR and Berlekamp-Massey algorithm, …),

– Cryptoanalysis and statistical methods

• Hash functions (MD/SHA, HMAC, …) and authentication codes (MAC), birthday paradox attacks, new attacks, …

• Public-key cryptography (asymmetric aryptography)

– Perfect security (computational, unconditional and provable security)

– Public-key cryptosystems, one-way functions and related problems in number theory (primality testing, integer factorization, discrete logarithm problem)

– Digital signatures (RSA, DSA, one-time, blind, group, etc.)

– Key agreement protocols (Diffie-Hellman, ElGamal, Kerberos, STS)

– Identification schemes for humans and devices (challenge/response, …)

– Other protocols (head/tail over the phone, mental poker, secret sharing schemes, authentication schemes, timestamps, visual cryptography, zero-knowledge proofs)

– Quantum cryptography

• Computer and information security

– Security of programs (bugs, viruses, malicious code)

– Security of databases (anonymization)

– Security of OS (MS Win, Unix/Linux, liveCD)

– Security of network communication (firewalls, VPN, IPSec, SSL)

– Privacy in CS (tokens/smart cards, RFID cards)

– Key management (certificates, CA, PKI, X.509)

– Efficient and secure implementations of cryptosystems (side channel attacks and defenses against them)

– Real time security management (security policy, monitoring)

– Patents and standards (ISO, IEEE, IETF)

Introduction to cryptography and computer security.

Lectures, tutorials, assignments, projects, office hours, lab work. There will be a special emphasis on real-time studies and team work (tutorials and seminars). We will occasionally watch video material related to the course.