Für diese Seite
Instructors
- Prof. Dr.-Ing. Volker Roth
- Gerrit-Arthur Gruben
Description
This course gives a modern introduction to cryptography and cryptographic
key management, followed by an introduction to cryptographic protocols and
their applications in distributed systems security. Mathematical
background is developed to the degree reasonable in an introductory
class. In addition to the mathematical underpinnings of cryptographic
primitives the course also touches on the importance of implementation for
a secure system.
Time and Location
Lectures:
- Wednesdays, 14h - 16h, T9/005
- Thursdays, 14h - 16h, T9/046
Tutorials:
- Mondays, 16h - 18h, T9/055
Note: The tutorials commence in the second week of the semester.
Grading
The grade will be computed as a weighted sum as shown below. Passing the
exam is necessary to pass the course.
Students will be admitted to the exam if they pass the mid-term exam or
they earn at least 50% of the points in n-2 home work assignments
(where n is the overall number of assignments).
Lectures
Wed Oct 14, 2009
Topics:
- Welcome and administrativa
- Private key encryption
- Historic ciphers and their cryptanalysis
- Principles of modern cryptography
Reading assignments: [1, sect. 7.3]
Thu Oct 15, 2009
Topics:
- Perfectly-secret encryption
- Adversarial indistinguishability
- Vernam cipher
- Limitations of perfectly secure encryption
Homework: 1 (due Friday, October 30, at 12h)
Reading assignments: [2, chap. 2]
Wed Oct 21, 2009
Topics:
- Shannon's Theorem and its proof
- Introduction to computational security
Reading assignments: [2, chap. 2]
Thu Oct 22, 2009
Topic:
- Relaxations of perfect secrecy
- Efficient computation and negligible success probability
- Proofs by reduction
- Pseudorandomness and pseudorandom generators
- Indistinguishable encryptions in the presence of an eavesdropper
- Handling variable-length messages
Reading assignments: [2, chap. 3] [3, read the anecdote]
Wed Oct 28, 2009
Topics:
- Indistinguishable multiple encryptions in the presence of an eavesdropper
- Probabilistic encryption
- Chosen plaintext attacks
- Psedurorandom functions
- Indistinguishable encryptions under a chosen plaintext attack
Reading assignments: [2, chap. 3] [4]
Thu Oct 29, 2009
Topics:
- Pseudorandom permutations
- Block ciphers and operation modes
- Counter mode
- Chosen cipher text attacks and non-malleability
Homework: 2 (due Friday, November 13, at 12h)
Reading assignments: [2, chap. 3]
Wed Nov 4, 2009
Topics:
- Encryption versus message authentication
- Message authentication codes
- Existential unforgeability under adaptive-chosen message attacks
- Replay attacks
- Constructions of fixed-length MAC
- Constructions of variable-length MAC
Reading assignments: [2, chap. 4]
Thu Nov 5, 2009
Topics:
- CBC-MAC for fixed-length and variable-length messages
- Collision resistant hash functions
- Birthday attacks
- Merkle-Damgard transform
Reading assignments: [2, chap. 4]
Wed Nov 11, 2009
Topics:
- Encryption secure against chosen ciphertext attacks
Reading assignments: [2, chap. 4]
Thu Nov 12, 2009
Topics:
- Practical constructions of pseudorandom permutations
- Substitution permutation networks
- Feistel networks
- DES and AES
- 2-DES, meet-in-the-middle attacks, 3-DES
Homework: 3 (due Friday, November 27, at 12h)
Reading assignments: [2, chap. 5]
Wed Nov 18, 2009
Topics:
- Introduction to number theory
- Primes and divisibility
- Bezou's Lemma and the extended Euclidean algorithm
- Modular arithmetic
- Cyclic groups
Reading assignments: [2, chap. 7]
Thu Nov 19, 2009
Topics:
- The factoring assumption
- The RSA assumption
- The discrete logarithm assumption
- The DH assumptions
- Factoring and one-way functions
- Discrete logarithms and collision resistant hash functions
Reading assignments: [2, chap. 7]
Wed Nov 25, 2009
Topics:
- From private key management to public key cryptography
- Diffie-Hellman key exchange
Reading assignments: [2, chap. 9]
Thu Nov 26, 2009
Topics:
- Public key encryption
- Public key encryption and indistinguishable encryptions
Reading assignments: [2, chap. 10]
Wed Dec 2, 2009
Topics:
- Hybrid encryptions secure against chosen plaintext atacks
Reading assignments: [2, chap. 10]
Thu Dec 3, 2009
Topics:
- Attacks on text book RSA
- Implementation issues
- ElGamal encryption
- Chosen ciphertext attacks against RSA and ElGamal
Reading assignments: [2, chap. 10]
Wed Dec 9, 2009
Topics:
- Digital signature schemes
- The hash and sign paradigm
Reading assignments: [2, chap. 12]
Thu Dec 10, 2009
Topics:
- Security in the random oracle model
Reading assignments: [2, chap. 13] [5]
Wed Dec 16, 2009
Topics:
- Homomorphic encryption
- The Paillier encryption scheme
Reading assignments: [2, chap. 11.3] [6] [7]
Thu Dec 17, 2009
Mid-term exam
Wed Jan 6, 2010
Guest speaker: Dr. Kim Nguyen, Bundesdruckerei GmbH
Topic:
- Introduction to elliptic curves
- Groups based on elliptic curves
- Elliptic curve cryptography
- Applications
Thu Jan 7, 2010
Topics:
- Key management
- Key distribution centers
- Public key directories
- Public Key Infrastructure
- Web of Trust
- Identity
Reading assignments: [8] [9]
Wed Jan 13, 2010
Topics:
- Introduction to cryptographic protocols
- Needham Schroeder
- Kerberos
Reading assignments: [10]
Thu Jan 14, 2010
Topics:
- Secure Sockets Layer
- Secure Shell
- Short authenticated strings
Reading assignments: [11] [12] [13] [14] [15]
Wed Jan 20, 2010
Topics:
- Wide area routing security
- Secure BGP
- Onion routing
Thu Jan 21, 2010
Topics:
- Bit committment
- Flipping coins over the telephone
Wed Jan 27, 2010
Topics:
- Oblivious transfer
- Playing poker over the telephone
Thu Jan 28, 2010
Guest speaker: Dr. Walter Fumy, Bundesdruckerei GmbH
Topics:
- The security of the electronic passport
- Overview over the protocols
Wed Feb 3, 2010
Topics:
- Dining cryptographers
- Secret sharing
Thu Feb 4, 2010
Guest speaker: Carsten Schwarz, Bundesdruckerei GmbH
Topics:
- Password Authentication Connection Establishment
- Protocol design considerations and history
Wed Feb 10, 2010
Class project presentations
Thu Feb 11, 2010
Final exam
Literature
-
Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 2001.
-
Jonathan Katz, Yehuda Lindell. Introduction to Modern Cryptography. Chapman & Hall/CRC, 2008.
-
R. Morris and K. Thompson. Password security: a case history. Commun. ACM 22, 11 (Nov. 1979), 594-597.
-
Hongjun Wu, The Misuse of RC4 in Microsoft Word and Excel. IACR e-print number 007, 2005.
-
Mihir Bellare and Phillip Rogaway. Random Oracles are practical: a paradigm for designing efficient protocols. Proc. ACM Computer and Communications Security, November 1993.
-
Caroline Fontaine and Fabien Galand. A Survey of Homomorphic Encryption for Nonspecialists. EURASIP Journal on Information Security, October 2007.
-
Castelluccia, C., Chan, A. C., Mykletun, E., and Tsudik, G. 2009. Efficient and provably secure aggregation of encrypted data in wireless sensor networks. ACM Trans. Sen. Netw. 5, 3 (May. 2009), 1-36.
-
Loren M. Kohnfelder. Towards a practical public-key cryptosystem. B.Sc. thesis, MIT, May 1978.
-
Carl M. Ellison. Establishing Identity Without Certification Authorities. In Proc. USENIX Security Symposium, July 1996.
-
Martin Abadi and Roger Needham. Prudent Engineering Practice for Cryptographic Protocols. Digital Equipment Corporation, November 1995.
-
D. Brumley and D. Boneh. Remote timing attacks are practical. In Proc. 12th Usenix Security Symposium, 2003.
-
Paul C. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Proc. CRYPTO (1996). Lecture Notes In Computer Science, vol. 1109. Springer-Verlag, London, 104-113.
-
T. Dierks and C. Allen. The TLS Protocol Version 1.0. Internet Engineering Task Force Request for Comments 2246, January 1999.
-
Moxie Marlinspike. Null Prefix Attacks against SSL/TLS Certificates. Published online.
-
Moxie Marlinspike. Defeating OCSP With the Character '3'. Published online.