This course provides an introduction to the topic of information security in the context of network communication.
The goal of the course is to provide you with a foundation for identifying, analyzing, and making appropriate security decisions when designing information systems. In this course we're less interested in memorizing the nitty gritty details of how algorithm x works than we are in reasoning about how, when, and where it's appropriate to use said algorithm. To that end we will continuously be asking ourselves the following questions:
Cryptography is fascinating because of its game-like adversarial nature. A good cryptographer rapidly changes sides back and forth in his or her thinking, from attacker to defender and back. Just as in a game of chess, sequences of moves and counter-moves must be considered until the current situation is understood. Unlike chess players, cryptographers must also consider all the ways an adversary might try to gain by breaking the rules or violating expectations.Ron Rivest. Foreword. Handbook of Applied Cryptography.. 1996.
No right of private conversation was enumerated in the constitution. I don't suppose it occurred to anyone at the time that it could be prevented.Whitfield Diffie on the Clipper Chip. US Senate Testimony. (1993)
Please consult the course outline for policies relating to this course.
|Sept 9||Introduction to information security. Old school crypto.||2.2-2.4|
|Week of Sept 12||Security goals. Adversarial models. Formal security notions.||1.1, 1.1 — 18.1 (Smart)|
|Week of Sept 19||Formal security notions cont'd.||18.1 (Smart)|
|Week of Sept 26||Symmetric-key encryption, block ciphers, modes of operation, the DES and AES ciphers||3.1, 6.2, 6.3, 6.6 — 5.1-5.4|
|Week of Oct 3||Hash functions. Security properties of hash functions. Uses of hash functions. The SHA hash function family.||11.1, 11.3, 11.5|
|Week of Oct 10 -- No class Monday (Thanksgiving)||Message authentication codes, their security properties and uses. Padding oracle attacks. Authenticated encryption. The AES-GCM authenticated encryption mode.||7.1, 7.4, 7.5|
|Week of Oct 17||Public-key cryptography. Key agreement. The Diffie-Hellman key agreement protocol. Elliptic curve cryptography. Ephemeral keys. ECDHE key agreement.||9.1, 8.5, 10.1, 10.3, 10.4|
|Week of Oct 24 -- Midterm Monday. No class Friday (Study break)||Midterm test in Monday's class. No class Friday.|
|Week of Oct 31||Digital Signatures. RSA and ECDSA signature schemes. Digital Certificates.||13.1, 13.4, 13.5, 8.2, 9.2, 13.6 — 10.3, 10.4, 13.5 — 14.3, 14.4|
|Week of Nov 7||Public-key infrastructure on the web. Certificate authorities, certificate chains, trust stores, revocation.||14.3, 14.5|
|Week of Nov 14||The Transport Layer Security (TLS) protocol. Secure shell (SSH).||17.1-17.5 — RFC 5346|
|Week of Nov 21||Randomness and pedudo-randomness. Key generation. Current recommended minimum acceptable key lengths.||7.1-7.3, 7.6 — NIST SP 800-131A|
|Week of Nov 28||Secure password generation and storage.||22.3|
|Dec 5th||Exam Review|
|Assignment 1||10%||Friday, October 7th||Submit via OWL||
|Assignment 2||10%||Nov 18th||Submit via OWL|
|Assignment 3||10%||Submit via OWL|
|Midterm Test||20%||Monday, Oct 24th.||In class|
|Final Examination||50%||Tuesday, December 13th, 2:00-5:00pm||WSC 55|