SM/0103 - CYBERSECURITY
Academic Year 2022/2023
Free text for the University
MASSIMO BARTOLETTI (Tit.)
- Teaching style
- Lingua Insegnamento
|[60/73] INFORMATICS||[73/00 - Ord. 2017] PERCORSO COMUNE||6||48|
1. Knowledge and comprehension skills.
The course will expose students to the foundations of computer security and to some of its applications. In particular, the student will learn some basic techniques on cryptography, cryptographic protocols, cryptocurrencies and blockchain technologies.
2. Ability to apply knowledge and comprehension.
Students will learn some basic skills on the security analysis of cryptographic primitives and protocols. Furthermore, they will be able to apply the studied techniques to the security analysis of software systems, and will gain some skills on the understanding of cryptocurrencies and blockchain technologies.
3. Making judgments.
The course provides students with the basic skills to apply the techniques described during the course to the solution of technical problems related to the topic of the course.
4. Communication skills.
The lectures will include frequent interactions with students, who will learn how to properly communicate the studied topics. A query/answer forum on the Moodle site of the course will provide students with additional ways to interaction between themselves and with the lecturer.
5. Learning skills.
The course provides students with sufficient skills to understand the scientific literature on the course topic, allowing them to autonomously expand their knowledge.
Some basic knowledge of discrete math, probability theory, algorithms and data structures is useful. The knowledge of at least one programming language is required.
* Introduction to cybersecurity. Formal definition of cipher. Shift cipher. [Stinson 1.1.1]
* Historical ciphers: affine cipher, substitution cipher, Vigenere cipher, permutation cipher. [Stinson 1.1.2-1.1.6]
* Cryptoanalysis of historical ciphers. [Stinson 1.2.1-1.2.4]
* Perfect ciphers. Shift cipher. One-time pad. [Stinson 2.1, 2.2, 2.3]
* Computational complexity. The classes PTIME and PPTIME.
* Computational secrecy: EAV-, CPA-, CCA-security [KL 3.1,3.5]
* Pseudorandom generators. From PRG to EAV-secure encryption schemes [KL 3.3]
* Modes of operation: ECB, CBC, OFB, CTR [KL 3.6]
* Block ciphers. Substitution-Permutation networks [KL 6.2.1]
* Message authentication codes. Replay attacks and side channel attacks. CBC-MAC and insecure variants [KL 4.1, 4.4.1]
* Private-key authentication protocols [Stinson 9.1,9.2]
* Cryptographic hash functions [Stinson 4.1, 4.2, 4.4, KL 5.1]
* Session key distribution schemes. Needham-Schroeder SKDS, Denning-Sacco attack. Kerberos SKDS. Bellare-Rogaway SKDS [Stinson 10.1,10.2,10.5.1,10.5.2]
* Group theory and computationally hard problems [KL 8.1,8.3.1,8.3.2]
* Key exchange. Diffie-Hellman KES [KL 10.3]
* Public-key encryption [KL 11.1-11.1.2]
* RSA encryption [Stinson 5.1, 5.2, 5.3, KL 11.5.1]
* Implementation of RSA: Square-and-multiply
* Digital signatures: general definition, RSA signature scheme, digital signatures and hash functions. [Stinson 7.1,7.2,7.2.1, KL 12.1-12.4]
* Public-key authentication protocols. [Stinson 9.3]
* Station-to-Station KES [Stinson 11.2.1]
The course consists of 48 hours of therretical and practical sessions. The lecturer will support students throughout the whole academic year, either through office hours and the elearning site of the course.
Classes will be given in-person. Lectures could be enriched with audio-visual tools and with streaming.
Verification of learning
The exam consists of a discussion about all the topics presented during the course.
Jonathan Katz, Yehuda Lindell. Introduction to Modern Cryptography. CRC Press (3rd edition).
Douglas Stinson. Cryptography: Theory and Practice. Chapman and Hall/CRC (3rd edition).
William Stallings. Crittografia. Pearson