Basics of Applied Cryptography and Network Security (Fall
2008)
Instructor: Sujata Garera
Office: Wyman Park Room 420
Office hours: 4:305:30pm on Wednesday
Email: sgarera@cs.jhu.edu
Course Timing: Tuesday, Wednesday 34:15pm
Course Room: Wyman Park Conference Room
Jorge Vasconcelos is collaborating with me on providing reading
material for the class and on the
grading. His email is jorgev@cs.jhu.edu and his office hours are
on Thursday 24pm in the MSSI lab
This course will cover some key aspects of applied cryptography. The course
will provide an overview of some early systems in cryptography such as substitution and permutation ciphers. The course will further provide
a thorough understanding of recent topics in applied cryptography.
Topics include algorithms for encryption
and decryption using symmetric key and public key techniques, design
and analysis of block and stream ciphers, pseudorandom number generation,
hash functions and their uses, message authentication codes, authentication
protocols, key establishment, key management, digital signatures and
secret sharing. Students will understand how cryptosystems are designed and
analysed along with specific applications of cryptography.
Prerequisites:
Students are expected to enter this class with knowledge in Number Theory, Algorithms, Probability and Discrete Math. Initial course survey can be found here
Announcements:
Lecture Slides:
Lecture slides can be found here
Assignments:
Course Syllabus:
A detailed description of the course can be found
here . Note that the syllabus may be
subject to change as the semester proceeds
Text Books
Recommended textbooks for this course are
Cryptography and Network Security by William Stallings
Handbook of Applied Cryptography available out here .
Grading Policy:
Midterm : 25%
Final: 30%
In Class Assignments: 20%
Take Home Assignments: 20%
Participation and Surprise Quizzes: 5%
Assignments are due at the beginning of class on the stated due date. In class assignments must be completed within the allocated class time. Late submissions of take home assignments will be penalized 10% points per day. No collaboration is allowed on assignments unless stated otherwise. No collaboration is allowed on exams.
Academic Integerity:
Academic Integrity and Ethical behavior are required in this course, as it is
in all courses at Johns Hopkins University. Academic integrity code for
the Department of Computer Science can be found here.
Syllabus and Readings:
These topics may be subject to change as the course proceeds
Unit 1: Introduction
Computer security definitions and aspects (confidentiality, integrity, authentication, access control, availability, privacy), basic terminology, cryptographic system, classical cryptography, substitution and transposition techniques, statistical attacks, cryptanalysis
Suggested Reading:
Chapter 2 from Stallings
Unit 2: Block Ciphers and Stream Ciphers
Modes of operation (ECB, CBC, CFB, OFB), multiple encryption, DES, TripleDES, DESX, AES, stream ciphers, RC4
Suggested Reading:
Chapter 3, 5, 6 from Stallings
Attacks on RC4 and WEP, Fluhrer, Mantin and Shamir available out here
The Security of DESX, Phillip Rogaway, available out here
 On the Security of Multiple Encryption, Merkle, Hellman available out here
 AES implementation on 8bit microcontroller here
Unit 3: Key distribution and Random Number Generation
Key distribution, Random and pseudorandom bit generation, statistical tests of randomness,cryptographically secure pseudorandom bit generators
Suggested Reading:
Chapter 7, 13.2 from stallings, Handbook chapter 5 has good discussion on tests of randomness
Cryptanalytic Attacks on Pseudorandom Number Generators, John Kelsey, Bruce Schneier, David Wagner and Chris Hall,
available at here
 This site discusses random numbers based on radioactive decay.
 Randomness Recommendations for Security here
 Creating CryptographicQuality Random Numbers here
 Prudent Engineering Practice for Cryptographic Protocols here
Unit 4: Hash Functions and MAC
Properties of hash functions, birthday attack, hashcash, Message Authentication Code Algorithms, MAC protocols, HMAC, CBCMAC
Suggested Reading:
Chapter 11,12 from Stallings (whatever pertains to lectures)
Chaffing and Winnowing: Confidentiality without Encryption by Rivest available here
Unit 5: Public Key Cryptography
Diffie Hellman, Attacks on Diffie Hellman, Diffie Hellman problem, Vanilla RSA and OAEPRSA, Attacks on RSA, ElGamal, Semantic Security
Suggested Reading:
 Chapter 8 from the Handbook as reference [8.2 for RSA,8.4 Elgamal]
 Stallings 10.1, 10.2, 17.2 (whatever pertains to lectures)
 Handbook number theoretic problems discusses DHP
 New Directions in Cryptography, Whitefield Diffie and Martin Hellman, IEEE Transactions
on Information Theory 1976, available out here
 A CostBased Security Analysis of Symmetric and Asymmetric Key Lengths available out here
 New public key cryptosystems based on the dependant RSA problem by David Pointcheval available out here
Unit 6: Digital Signatures
Classification of signature schemes, RSA signature, Digital Signature
Standard, one time signature schemes, attacks on Digital Signatures, Blind Signatures
Suggested Reading:
 Chapter 11 from the Handbook
 Blind signatures for untraceable payments, David Chaum, Crypto 1982, available out here
Unit 7: Key Management and Authentication Protocols
Techniques for distributing confidential and public keys, session keys, NeedhamSchroeder,
OtawayRees, Kerberos
Suggested Reading:
 Chapter 13 from the Handbook
 Using Encryption for Authentication in Large Networks of Computers, Roger Needham,
Michael Schroeder, CACM1978, available out here
 Designing an Authentication System: a Dialogue in Four Scenes, Bill Bryant 1988,
available out here
Unit 8: Secret Sharing
Shamir's Secret Sharing scheme, Verifiable Secret Sharing, Threshold RSA, Visual Cryptography
Suggested Reading:
 How to Share a Secret, Adi Shamir CACM 1979, available out here
 A Simplified Approach to Threshold and Proactive RSA, Tal Rabin Crypto 1998,
available out here
 Visual cryptography and threshold schemes, Doug Stinson, available out here
Schedule (some are tentative)
Date 
Lecture Slides 
Comments 
9/9/08 
Lecture 1 
Introduction, Course Description, Basics, Shift Ciphers, Substitution Ciphers, Survey 
9/10/08 
Lecture 2 
Cryptanalysis of Vigenere, Perfect Secrecy
Perfect secrecy from Stinson 
9/16/08 
Lecture 3 
Perfect secrecy, Block Ciphers, DES 
9/17/08 
Lecture 4 
Modes of operation, Cryptanalysis of DES, DESX, Number theory started 
9/23/08 
Lecture 5 
Number Theory (Fields, Polynomial Arithmetic) 
9/24/08 
Lecture 6 
AES 
9/30/08 

In class Assignment 1 
10/1/08 
Lecture 7 
RC4,FMS attack 

10/7/08 
Lecture 8 
Key distribution 
10/8/08 
Lecture 9 
Authentication protocol, Random number generation 
10/14/08 
Lecture 10 
Random number generation, Hash Functions 
10/15/08 
Lecture 11 (continuation of 10) 
Hash Functions continued and suprise quiz 
10/21/08 
Review 
AES, authentication protocol 
10/22/08 
Midterm 

10/28/08 
Lecture 12 
Message Authentication Codes 
10/29/08 
Lecture 13 
Public Key Cryptography, Diffie Hellman, Attacks, Auth DH 
11/4/08 
Lecture 14 
DH in SSL, RSA 
11/5/08 
Lecture 15 
RSA, OAEPRSA, Semantic Security 
11/11/08 
Lecture 16 
OAEP reviewed, Semantic security, Elgamal 
11/12/08 
Lecture 17 
Digital signatures, DSA, Blind Signature applications 
11/18/08 

In class assignment 2 

11/19/08 
Lecture 18 
Secret Sharing and applications 
11/25/08 
Lecture 19 
Visual Cryptography and applications 
12/2/08 
Review 
Review 
12/3/08 
Final 
Final Examination 