Modern Cryptography and Networked Systems Security
Instructors
Prof. Dr.-Ing. Volker Roth
Description
This course gives a modern introduction to cryptography and cryptographic
key management, followed by an introduction to cryptographic protocols and
their applications in distributed systems security. Mathematical
background is developed to the degree reasonable in an introductory
class. In addition to the mathematical underpinnings of cryptographic
primitives the course also touches on the importance of implementation for
a secure system. However, note that this course is not a course on
cryptoanalysis.
Time and Location
Lectures:
- Tuesdays, 16h - 18h, T9/005
- Thursdays, 12h - 14h, T9/005
Recitations (Tutorien):
- Mondays, 16h - 18h, T9/051
Note: The recitations start in the third week of the semester.
Grading
The grade will be computed as a weighted sum as shown below. Passing the
exam is necessary to pass the course.
Active participation requires successful completion of homework
assignments and projects and is graded on a pass / no pass basis. At least
50% of the cumulative score is required to pass.
Exam
The exam will take place on Wednesday, February 20th, from 11am to 1pm in Arnimallee 6, room SR 025/026.
Guest Lecture by Dr. Lutz Jänicke
Dr. Jänicke holds the position of Chief Technology Officer at Innominate
Security Technologies. He is a renowned security expert and
contributed to several Open Source projects. Among other things, he
developed the Postfix/TLS protocol extension for encrypted mail transfer
(RFC2487). He is also a member of the OpenSSL Project development team
and will speak on the SSL protocol and its OpenSSL implementation.
Homework
Below are the homework assignments. Each assignment is given on a Monday,
and is discussed on the Monday two weeks later.
- Homework 1 is discussed on November 19th, 2012
- Homework 2 is discussed on December 3rd, 2012
- Homework 3 is due on January 7th in writing (LaTeX), 2013
Lectures
No lecture on Tuesday October 16, we begin on Tuesday 23th.
No lecture on Thursday October 18, we begin on Tuesday 23th.
Lecture 1, Tuesday October 23
Topics:
- Welcome and administrativa
- Private key encryption
- Historic ciphers and their cryptanalysis
- Principles of modern cryptography
Read: sect. 7.3 of [1]
Lecture 2, Thursday October 25
Topics:
- Perfectly-secret encryption
- Adversarial indistinguishability
- Vernam cipher
- Limitations of perfectly secure encryption
Read: chap. 2 of [2]
Lecture 3, Tuesday October 30
Topics:
- Shannon's Theorem and its proof
- Introduction to computational security
Read: chap. 2 of [2]
Lecture 4, Thursday November 01
Topic:
- Relaxations of perfect secrecy
- Efficient computation and negligible success probability
- Proofs by reduction
- Pseudorandomness and pseudorandom generators
- Indistinguishable encryptions in the presence of an eavesdropper
Read: chap. 3 of [2], the anecdote in [3]
Lecture 5, Tuesday November 06
Topics:
- Handling variable-length messages
- Indistinguishable multiple encryptions in the presence of an eavesdropper
- Probabilistic encryption
- Chosen plaintext attacks
Read: chap. 3 of [2], [4]
Lecture 6, Thursday November 08
Topics:
- Pseudorandom functions
- Pseudorandom permutations
- Indistinguishable encryptions under a chosen plaintext attack
- Block ciphers and operation modes
Read: chap. 3 of [2]
Lecture 7, Tuesday November 13
Topics:
- Counter mode
- Chosen cipher text attacks and non-malleability
Read: chap. 3 of [2]
Lecture 8, Thursday November 15
Topics:
- Encryption versus message authentication
- Message authentication codes
- Existential unforgeability under adaptive-chosen message attacks
- Replay attacks
- Constructions of fixed-length MAC
Read: chap. 4 of [2]
Lecture 9, Tuesday November 20
Topics:
- Constructions of variable-length MAC
- CBC-MAC for fixed-length and variable-length messages
Read: chap. 4 of [2]
Lecture 10, Thursday November 22
Topics:
- Collision resistant hash functions
- Birthday attacks
- Merkle-Damgard transform
Read: chap. 4 of [2]
No lecture on Tuesday November 27, I am traveling to give a talk and to attend a trade fair
This lecture will be given on Monday December 17th in the tutorial
Lecture 11, Thursday November 29
Topics:
- Encryption secure against chosen ciphertext attacks
Read: chap. 4 of [2]
Lecture 12, Tuesday December 04
Topics:
- Practical constructions of pseudorandom permutations
- Substitution permutation networks
- Feistel networks
- DES and AES
- 2-DES, meet-in-the-middle attacks, 3-DES
Read: chap. 5 of [2]
Lecture 13, Thursday December 06
Topics:
- Mathematical background for public-key cryptography
Read: chap. 7 of [2]
No lecture on Tuesday December 11, I am temporarily out of operation
No lecture on Thursday December 13, I am temporarily out of operation
No lecture on Monday December 17, I am temporarily out of operation
No lecture on Tuesday December 18, I am temporarily out of operation
No lecture on Thursday December 20, Academic holidays
No lecture on Tuesday December 25, Academic holidays
No lecture on Thursday December 27, Academic holidays
No lecture on Tuesday January 01, Academic holidays
Lecture 14, Thursday January 03
Topics:
- The factoring assumption
- The RSA assumption
- The discrete logarithm assumption
- The DH assumptions
- Factoring and one-way functions
- Discrete logarithms and collision resistant hash functions
Lecture 15, Tuesday January 08
Topics:
- From private key management to public key cryptography
- Diffie-Hellman key exchange
Read: chap. 9 of [2]
Lecture 16, Thursday January 10
Topics:
- Public key encryption
- Public key encryption and indistinguishable encryptions
Read: chap. 10 of [2]
Lecture 17, Tuesday January 15
Topics:
- Hybrid encryptions secure against chosen plaintext atacks
Read: chap. 10 of [2]
Lecture 18, Thursday January 17
Topics:
- Attacks on text book RSA
- Implementation issues
- ElGamal encryption
- Chosen ciphertext attacks against RSA and ElGamal
Read: chap. 10 of [2]
Lecture 19, Tuesday January 22
Topics:
- Digital signature schemes
- The hash and sign paradigm
Read: chap. 12 of [2]
Lecture 20, Thursday January 24
Topics:
- Security in the random oracle model
Read: chap. 13 of [2], [5]
Lecture 21, Tuesday January 29
Topics:
- Homomorphic encryption
- The Paillier encryption scheme
Read: sect. 11.3 of [2], [6], [7]
Lecture 22, Thursday January 31
Topics: Taming the complexity of security proofs
Read: [8]
Lecture 23, Tuesday February 05
Topics:
- Introduction to cryptographic protocols
- Needham Schroeder
- Key management
- Key distribution centers
- Public key directories
- Public Key Infrastructure
- Web of Trust
- Identity
Read: [9], [10], [11], [12], [13]
Lecture 24, Thursday February 07
Topics: TBD
No lecture on Tuesday February 12, I am attending a workshop
This lecture will be held on Thursday, the exam will take place on Wednesday February 20th.
Lecture 25, Thursday February 14
Topics: Guest lecture by Lutz Jänicke, OpenSSL development team
- The SSL protocol and the OpenSSL implementation
Read: [14]
Exam, Wednesday February 20th
Literature
-
Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 2001.
-
Jonathan Katz, Yehuda Lindell. Introduction to Modern Cryptography. Chapman & Hall/CRC, 2008.
-
R. Morris and K. Thompson. Password security: a case history. Commun. ACM 22, 11 (Nov. 1979), 594-597.
-
Hongjun Wu, The Misuse of RC4 in Microsoft Word and Excel. IACR e-print number 007, 2005.
-
Mihir Bellare and Phillip Rogaway. Random Oracles are practical: a paradigm for designing efficient protocols. Proc. ACM Computer and Communications Security, November 1993.
-
Caroline Fontaine and Fabien Galand. A Survey of Homomorphic Encryption for Nonspecialists. EURASIP Journal on Information Security, October 2007.
-
Castelluccia, C., Chan, A. C., Mykletun, E., and Tsudik, G. 2009. Efficient and provably secure aggregation of encrypted data in wireless sensor networks. ACM Trans. Sen. Netw. 5, 3 (May. 2009), 1-36.
-
Victor Shoup. Sequences of Games: A Tool for Taming Complexity in Security Proofs. Cryptology ePrint Archive, 2004.
-
Martin Abadi and Roger Needham. Prudent Engineering Practice for Cryptographic Protocols. Digital Equipment Corporation, November 1995.
-
Loren M. Kohnfelder. Towards a practical public-key cryptosystem. B.Sc. thesis, MIT, May 1978.
-
Carl M. Ellison. Establishing Identity Without Certification Authorities. In Proc. USENIX Security Symposium, July 1996.
-
Moxie Marlinspike. Null Prefix Attacks against SSL/TLS Certificates. Published online.
-
Moxie Marlinspike. Defeating OCSP With the Character '3'. Published online.
-
T. Dierks, E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, IETF, 2010.