Basics of Applied Cryptography and Network Security (Fall
2008)
Instructor: Sujata Garera
Office: Wyman Park Room 420
Office hours: 4:30-5:30pm on Wednesday
Email: sgarera@cs.jhu.edu
Course Timing: Tuesday, Wednesday 3-4:15pm
Course Room: Wyman Park Conference Room
Jorge Vasconcelos is collaborating with me on providing reading
material for the class and on the
grading. His email is jorgev@cs.jhu.edu and his office hours are
on Thursday 2-4pm in the MSSI lab
This course will cover some key aspects of applied cryptography. The course
will provide an overview of some early systems in cryptography such as substitution and permutation ciphers. The course will further provide
a thorough understanding of recent topics in applied cryptography.
Topics include algorithms for encryption
and decryption using symmetric key and public key techniques, design
and analysis of block and stream ciphers, pseudo-random number generation,
hash functions and their uses, message authentication codes, authentication
protocols, key establishment, key management, digital signatures and
secret sharing. Students will understand how cryptosystems are designed and
analysed along with specific applications of cryptography.
Prerequisites:
Students are expected to enter this class with knowledge in Number Theory, Algorithms, Probability and Discrete Math. Initial course survey can be found here
Announcements:
Lecture Slides:
Lecture slides can be found here
Assignments:
Course Syllabus:
A detailed description of the course can be found
here . Note that the syllabus may be
subject to change as the semester proceeds
Text Books
Recommended textbooks for this course are
Cryptography and Network Security by William Stallings
Handbook of Applied Cryptography available out here .
Grading Policy:
Midterm : 25%
Final: 30%
In Class Assignments: 20%
Take Home Assignments: 20%
Participation and Surprise Quizzes: 5%
Assignments are due at the beginning of class on the stated due date. In class assignments must be completed within the allocated class time. Late submissions of take home assignments will be penalized 10% points per day. No collaboration is allowed on assignments unless stated otherwise. No collaboration is allowed on exams.
Academic Integerity:
Academic Integrity and Ethical behavior are required in this course, as it is
in all courses at Johns Hopkins University. Academic integrity code for
the Department of Computer Science can be found here.
Syllabus and Readings:
These topics may be subject to change as the course proceeds
Unit 1: Introduction
Computer security definitions and aspects (confidentiality, integrity, authentication, access control, availability, privacy), basic terminology, cryptographic system, classical cryptography, substitution and transposition techniques, statistical attacks, cryptanalysis
Suggested Reading:
--Chapter 2 from Stallings
Unit 2: Block Ciphers and Stream Ciphers
Modes of operation (ECB, CBC, CFB, OFB), multiple encryption, DES, Triple-DES, DES-X, AES, stream ciphers, RC4
Suggested Reading:
--Chapter 3, 5, 6 from Stallings
--Attacks on RC4 and WEP, Fluhrer, Mantin and Shamir available out here
--The Security of DES-X, Phillip Rogaway, available out here
-- On the Security of Multiple Encryption, Merkle, Hellman available out here
-- AES implementation on 8-bit microcontroller here
Unit 3: Key distribution and Random Number Generation
Key distribution, Random and pseudorandom bit generation, statistical tests of randomness,cryptographically secure pseudo-random bit generators
Suggested Reading:
--Chapter 7, 13.2 from stallings, Handbook chapter 5 has good discussion on tests of randomness
--Cryptanalytic Attacks on Pseudorandom Number Generators, John Kelsey, Bruce Schneier, David Wagner and Chris Hall,
available at here
-- This site discusses random numbers based on radioactive decay.
-- Randomness Recommendations for Security here
-- Creating Cryptographic-Quality Random Numbers here
-- Prudent Engineering Practice for Cryptographic Protocols here
Unit 4: Hash Functions and MAC
Properties of hash functions, birthday attack, hash-cash, Message Authentication Code Algorithms, MAC protocols, HMAC, CBC-MAC
Suggested Reading:
--Chapter 11,12 from Stallings (whatever pertains to lectures)
--Chaffing and Winnowing: Confidentiality without Encryption by Rivest available here
Unit 5: Public Key Cryptography
Diffie Hellman, Attacks on Diffie Hellman, Diffie Hellman problem, Vanilla RSA and OAEPRSA, Attacks on RSA, ElGamal, Semantic Security
Suggested Reading:
-- Chapter 8 from the Handbook as reference [8.2 for RSA,8.4 Elgamal]
-- Stallings 10.1, 10.2, 17.2 (whatever pertains to lectures)
-- Handbook number theoretic problems discusses DHP
-- New Directions in Cryptography, Whitefield Diffie and Martin Hellman, IEEE Transactions
on Information Theory 1976, available out here
-- A Cost-Based Security Analysis of Symmetric and Asymmetric Key Lengths available out here
-- New public key cryptosystems based on the dependant RSA problem by David Pointcheval available out here
Unit 6: Digital Signatures
Classification of signature schemes, RSA signature, Digital Signature
Standard, one time signature schemes, attacks on Digital Signatures, Blind Signatures
Suggested Reading:
-- Chapter 11 from the Handbook
-- Blind signatures for untraceable payments, David Chaum, Crypto 1982, available out here
Unit 7: Key Management and Authentication Protocols
Techniques for distributing confidential and public keys, session keys, Needham-Schroeder,
Otaway-Rees, Kerberos
Suggested Reading:
-- Chapter 13 from the Handbook
-- Using Encryption for Authentication in Large Networks of Computers, Roger Needham,
Michael Schroeder, CACM1978, available out here
-- Designing an Authentication System: a Dialogue in Four Scenes, Bill Bryant 1988,
available out here
Unit 8: Secret Sharing
Shamir's Secret Sharing scheme, Verifiable Secret Sharing, Threshold RSA, Visual Cryptography
Suggested Reading:
-- How to Share a Secret, Adi Shamir CACM 1979, available out here
-- A Simplified Approach to Threshold and Proactive RSA, Tal Rabin Crypto 1998,
available out here
-- Visual cryptography and threshold schemes, Doug Stinson, available out here
Schedule (some are tentative)
| Date |
Lecture Slides |
Comments |
| 9/9/08 |
Lecture 1 |
Introduction, Course Description, Basics, Shift Ciphers, Substitution Ciphers, Survey |
| 9/10/08 |
Lecture 2 |
Cryptanalysis of Vigenere, Perfect Secrecy
Perfect secrecy from Stinson |
| 9/16/08 |
Lecture 3 |
Perfect secrecy, Block Ciphers, DES |
| 9/17/08 |
Lecture 4 |
Modes of operation, Cryptanalysis of DES, DESX, Number theory started |
| 9/23/08 |
Lecture 5 |
Number Theory (Fields, Polynomial Arithmetic) |
| 9/24/08 |
Lecture 6 |
AES |
| 9/30/08 |
|
In class Assignment 1 |
10/1/08 |
Lecture 7 |
RC4,FMS attack |
| 10/7/08 |
Lecture 8 |
Key distribution |
| 10/8/08 |
Lecture 9 |
Authentication protocol, Random number generation |
| 10/14/08 |
Lecture 10 |
Random number generation, Hash Functions |
| 10/15/08 |
Lecture 11 (continuation of 10) |
Hash Functions continued and suprise quiz |
| 10/21/08 |
Review |
AES, authentication protocol |
| 10/22/08 |
Midterm |
|
| 10/28/08 |
Lecture 12 |
Message Authentication Codes |
| 10/29/08 |
Lecture 13 |
Public Key Cryptography, Diffie Hellman, Attacks, Auth DH |
| 11/4/08 |
Lecture 14 |
DH in SSL, RSA |
| 11/5/08 |
Lecture 15 |
RSA, OAEP-RSA, Semantic Security |
| 11/11/08 |
Lecture 16 |
OAEP reviewed, Semantic security, Elgamal |
| 11/12/08 |
Lecture 17 |
Digital signatures, DSA, Blind Signature applications |
| 11/18/08 |
|
In class assignment 2 |
|
| 11/19/08 |
Lecture 18 |
Secret Sharing and applications |
| 11/25/08 |
Lecture 19 |
Visual Cryptography and applications |
| 12/2/08 |
Review |
Review |
| 12/3/08 |
Final |
Final Examination |