SM/0103 - CYBERSECURITY
Academic Year 2019/2020
Free text for the University
MASSIMO BARTOLETTI (Tit.)
- Teaching style
- Lingua Insegnamento
|[60/73] INFORMATICS||[73/00 - Ord. 2017] PERCORSO COMUNE||6||48|
1. Knowledge and comprehension skills.
The course will expose students to the foundations of computer security and to some of its applications. In particular, the student will learn some basic techniques on cryptography, cryptographic protocols, cryptocurrencies and blockchain technologies.
2. Ability to apply knowledge and comprehension.
Students will learn some basic skills on the security analysis of cryptographic primitives and protocols. Furthermore, they will be able to apply the studied techniques to the security analysis of software systems, and will gain some skills on the understanding of cryptocurrencies and blockchain technologies.
3. Making judgments.
The course provides students with the basic skills to apply the techniques described during the course to the solution of technical problems related to the topic of the course.
4. Communication skills.
The lectures will include frequent interactions with students, who will learn how to properly communicate the studied topics. A query/answer forum on the Moodle site of the course will provide students with additional ways to interaction between themselves and with the lecturer.
5. Learning skills.
The course provides students with sufficient skills to understand the scientific literature on the course topic, allowing them to autonomously expand their knowledge.
Some basic knowledge of discrete math, probability theory, algorithms and data structures is useful.
The knowledge of at least one programming language is required.
Part 1: Cryptography
* Introduction to cybersecurity. Formal definition of cipher. Shift cipher. [Stinson 1.1.1]
* Historical ciphers: affine cipher, substitution cipher, Vigenere cipher, permutation cipher, Hill's cipher. [Stinson 1.1.2-1.1.6]
* Cryptoanalysis of historical ciphers. [Stinson 1.2.1-1.2.4]
* Block ciphers. Substitution-Permutation networks. Meet-in-the-middle attack. Modes of operation: ECB, CBC, OFB, CTR. [Stinson 3.2,3.7]
* Shannon Theory. Perfect ciphers. Shift cipher. One-time pad. [Stinson 2.1, 2.2, 2.3]
* Asymmetric cryptography. Modular algebra. Euler theorem. RSA cipher. [Stinson 5.1, 5.2, 5.3]
* Implementation of RSA: Square-and-multiply. Extended Euclid algorithm. Miller-Rabin algorithm.
Part 2: Cryptographic Protocols
* Digital signatures: definition, RSA signature scheme, taxonomy and examples of attacks. Digital signatures and hash functions. [Stinson 7.1,7.2,7.2.1]
* Hash functions. Random oracle model. Computational complexity of brute-force search for the preimage, second preimage, and collision problems. [Stinson 4.1, 4.2]
* Birthday attack. Message authentication codes. CBC-MAC. Brute-force attack to CBC-MAC [Stinson 4.4]
* The identification problem. Challenge-response identification protocols based on MAC. Identification protocols based on digital signatures. [Stinson 9.1,9.2,9.3]
* Key distribution schemes. Insecure protocols for session key distribution. The Needham-Schroeder protocols, the Denning-Sacco attack, Kerberos protocol, Bellare-Rogaway protocol. [Stinson 10.1,10.2,10.5]
* Key agreement schemes: Diffie-Hellman, Station-to-Station. [Stinson 11.1,11.2.1]
* Cryptography for cryptocurrencies and blockchain technologies.
The course consists of 24 classes, of 2 hours each (48 lecturing hours in total). These lectures include theoretical and practical topics, either in class or in the laboratory. The lab lectures allow students to apply the techniques studied during the course, and to experiment with tools and platforms for cybersecurity.
The lecturer will support students throughout the whole academic year, either through office hours and the elearning site of the course.
Verification of learning
The exam is organised in three mandatory parts, 2 written and 1 oral part. Each part, either written or oral, is evaluated up to 10 points. The written parts correspond to the two parts of the course, and they are given through a series of quizzes on the the elearning platform. The oral part concerns the whole course, and it can be given only after one has obtained at least 12 points on the two written parts.
During the course some optional exercises can be proposed. They evaluations are added to those of the three mandatory parts.
The final marking is the sum of the markings of the mandatory parts, plus the bonus points obtained through the optional exercises. The marking is considered sufficient if the total on all the parts is at least 18 points.
The partial evaluations obtained in the current Academic Year are reset with the start of the subsequent Academic Year.
[Stinson] Douglas Stinson. Cryptography: Theory and Practice. Chapman and Hall/CRC (3rd edition).
This is the main reference textbook for the first two parts of the course.
[CRC Handbook] CRC Handbook of Applied Cryptography
This is a general reference text on cryptography.
[Anderson] Ross Anderson. Security Engineering. Wiley, 2008
This is a general reference book on a variety of topics in cybersecurity.
[Bitcoin] Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller & Steven Goldfeder. Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, 2016
This is an introductory text on Bitcoin and blockchain technologies