Servizi per la didattica
PORTALE DELLA DIDATTICA

Applied Information Security and Cryptography

01TUWBH

A.A. 2019/20

Course Language

English

Course degree

Master of science-level of the Bologna process in Ict For Smart Societies - Torino

Course structure
Teaching Hours
Lezioni 40
Esercitazioni in laboratorio 20
Teachers
Teacher Status SSD h.Les h.Ex h.Lab h.Tut Years teaching
Bianchi Tiziano   Ricercatore a tempo det. L.240/10 art.24-B ING-INF/03 40 0 20 0 1
Teaching assistant
Espandi

Context
SSD CFU Activities Area context
ING-INF/03 6 D - A scelta dello studente A scelta dello studente
2019/20
This course introduces students to the main technologies dealing with information security. The objectives of the course can be summarized as: i) let the students be aware of the main objectives of information security, namely providing data confidentiality, integrity, and availability; ii) describe in detail the main cryptographic tools that can be used for achieving the above goals; iii) define what is considered secure in modern cryptography; iv) provide the students with the ability to analyze weaknesses in existing schemes and design adequate security solutions. One third of the course will take place in the LAIB laboratories, where the students will have the opportunity to implement and test a subset of the cryptographic techniques explained during lectures.
This course introduces students to the main technologies dealing with information security. The objectives of the course can be summarized as: i) let the students be aware of the main objectives of information security, namely providing data confidentiality, integrity, and availability; ii) describe in detail the main cryptographic tools that can be used for achieving the above goals; iii) define what is considered secure in modern cryptography; iv) provide the students with the ability to analyze weaknesses in existing schemes and design adequate security solutions. One third of the course will take place in the LAIB laboratories, where the students will have the opportunity to implement and test a subset of the cryptographic techniques explained during lectures.
At the end of the course, students will acquire knowledge of the main cryptographic techniques used in security protocols and will understand how they satisfy usual security definitions. In detail: • Knowledge of basic security principles • Knowledge of common security definitions in modern cryptographic (perfect secrecy, computational secrecy) • Knowledge of main cryptographic techniques using symmetric and asymmetric keys • Knowledge of cryptographic hash functions and related authentication techniques • Knowledge of main security protocols for key management, authentication, message confidentiality Moreover, they should acquire the ability to choose and employ the most adequate cryptographic tools according to the security scenario and application needs, and the ability to evaluate the security of a specific protocol. In detail: • Ability to evaluate if a protocol satisfies a given security definition • Ability to design a security protocol providing confidentiality and authentication • Ability to assess the weaknesses of an existing protocol
At the end of the course, students will acquire knowledge of the main cryptographic techniques used in security protocols and will understand how they satisfy usual security definitions. In detail: • Knowledge of basic security principles • Knowledge of common security definitions in modern cryptographic (perfect secrecy, computational secrecy) • Knowledge of main cryptographic techniques using symmetric and asymmetric keys • Knowledge of cryptographic hash functions and related authentication techniques • Knowledge of main security protocols for key management, authentication, message confidentiality Moreover, they should acquire the ability to choose and employ the most adequate cryptographic tools according to the security scenario and application needs, and the ability to evaluate the security of a specific protocol. In detail: • Ability to evaluate if a protocol satisfies a given security definition • Ability to design a security protocol providing confidentiality and authentication • Ability to assess the weaknesses of an existing protocol
The students are expected to know the following concepts: • Probability theory, random variables, conditional probability • Basic algebra concepts (groups, rings, fields) Regarding labs, the students are expected to have a basic knowledge of programming languages (C/C++,Python)
The students are expected to know the following concepts: • Probability theory, random variables, conditional probability • Basic algebra concepts (groups, rings, fields) Regarding labs, the students are expected to have a basic knowledge of programming languages (C/C++,Python)
Security definitions and scenarios (0.3 CFU – 3h theory) • Confidentiality, integrity, availability, authentication, non-repudiation • Kerckhoff's principle • Attack models Security models (1.2 CFU – 9h theory + 3h lab) • Perfect secrecy, Shannon theorem, unicity distance • Computational secrecy • Examples on historical ciphers Symmetric key cryptography (0.9 CFU – 6h theory + 3h lab) • Pseudorandom generators and pseudorandom functions, stream ciphers and block ciphers • Modes of operation • Practical algorithms (DES, 3DES, AES, RC4) Asymmetric key cryptography (1.2 CFU – 9h theory + 3h lab) • Basic notions on number theory • One-way functions, trapdoor functions, factorization, discrete logarithm • Practical algorithms (RSA, El-Gamal, Elliptic Curve) Authentication and integrity (0.9 CFU – 6h theory + 3h lab) • Hash functions • Message authentication codes • Digital signatures Security protocols (1.5 CFU – 9h theory – 6h lab) • Key distribution, certification authorities, public-key infrastructures • Authentication protocols (passwords, second factor, webauthn) • End-to-end encryption
Security definitions and scenarios (0.3 CFU – 3h theory) • Confidentiality, integrity, availability, authentication, non-repudiation • Kerckhoff's principle • Attack models Security models (1.2 CFU – 9h theory + 3h lab) • Perfect secrecy, Shannon theorem, unicity distance • Computational secrecy • Examples on historical ciphers Symmetric key cryptography (0.9 CFU – 6h theory + 3h lab) • Pseudorandom generators and pseudorandom functions, stream ciphers and block ciphers • Modes of operation • Practical algorithms (DES, 3DES, AES, RC4) Asymmetric key cryptography (1.2 CFU – 9h theory + 3h lab) • Basic notions on number theory • One-way functions, trapdoor functions, factorization, discrete logarithm • Practical algorithms (RSA, El-Gamal, Elliptic Curve) Authentication and integrity (0.9 CFU – 6h theory + 3h lab) • Hash functions • Message authentication codes • Digital signatures Security protocols (1.5 CFU – 9h theory – 6h lab) • Key distribution, certification authorities, public-key infrastructures • Authentication protocols (passwords, second factor, webauthn) • End-to-end encryption
The course is based on lectures (42 hours) and computer labs (18 hours). Computer labs will be organized in the different areas of the course, including basic security principles, symmetric and asymmetric cryptography, authentication, security protocols. Each computer lab will last at least 3 hours. Some more complex activities may be distributed over the span of 2 labs. During computers labs, students will implement the algorithms discussed during lectures using Python and will test them in different application scenarios. Students are organized in groups of no more than three people. For each computer lab, the group must write a report; reports are evaluated and concur to determine the final grade.
The course is based on lectures (42 hours) and computer labs (18 hours). Computer labs will be organized in the different areas of the course, including basic security principles, symmetric and asymmetric cryptography, authentication, security protocols. Each computer lab will last at least 3 hours. Some more complex activities may be distributed over the span of 2 labs. During computers labs, students will implement the algorithms discussed during lectures using Python and will test them in different application scenarios. Students are organized in groups of no more than three people. For each computer lab, the group must write a report; reports are evaluated and concur to determine the final grade.
Main textbook: • William Stallings, “Cryptography and Network Security: Principles and Practice”, Pearson, 2016. Additional readings: • Jonathan Katz, Yehuda Lindell, “Introduction to Modern Cryptography”, Chapman and Hall/CRC, 2014. • Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, “Handbook of Applied Cryptography”, CRC Press, 2001. Other available material includes the slides used during the lectures and the material for the computer labs. The material will be available on the web.
Main textbook: • William Stallings, “Cryptography and Network Security: Principles and Practice”, Pearson, 2016. Additional readings: • Jonathan Katz, Yehuda Lindell, “Introduction to Modern Cryptography”, Chapman and Hall/CRC, 2014. • Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, “Handbook of Applied Cryptography”, CRC Press, 2001. Other available material includes the slides used during the lectures and the material for the computer labs. The material will be available on the web.
Modalità di esame: prova scritta; elaborato scritto prodotto in gruppo;
The final exam is a written test consisting in three open questions covering different course topics. The students have 2 hours to write their answers. Students cannot use books, slides, notes or any other teaching materials during the exam. Also, the use of any device able to connect to the Internet is strictly forbidden. The test aims at assessing the student’s knowledge of the different topics, by evaluating the ability to describe technological solutions, their merits and limitation, their applicability to practical scenarios. The students receive a score for each answer, depending on the difficulty of the topic and the level of correctness, clarity, accurate terminology of their answers. Reports should be delivered to the course instructor at least a week before the date of the first exam. Evaluation of the reports is based on their clarity, technical correctness, ability of the students to properly describe and comment the results of the experiments. Reports should not merely list results, but demonstrate understanding of the concepts learned during the course. Student self-assessment will also be used to generate the computer lab score, i.e. students are going to score the contribution of other students in the same group towards achieving the objectives of the computer labs; sending self-assessments to the course instructor is mandatory in order to obtain a score for the computer labs. The final grade depends on the sum of scores of the written exam (up to 24 points) and on the evaluation of the reports of the computer labs (up to 6 additional points). A perfect written exam with perfect lab reports is evaluated 30/30 cum laude; the minimum mark students have to achieve in order to pass the exam is 18/30. While the exam is typically written, the course instructor reserves the right to perform an oral examination in specific cases.
Exam: written test; group essay;
The final exam is a written test consisting in three open questions covering different course topics. The students have 2 hours to write their answers. Students cannot use books, slides, notes or any other teaching materials during the exam. Also, the use of any device able to connect to the Internet is strictly forbidden. The test aims at assessing the student’s knowledge of the different topics, by evaluating the ability to describe technological solutions, their merits and limitation, their applicability to practical scenarios. The students receive a score for each answer, depending on the difficulty of the topic and the level of correctness, clarity, accurate terminology of their answers. Reports should be delivered to the course instructor at least a week before the date of the first exam. Evaluation of the reports is based on their clarity, technical correctness, ability of the students to properly describe and comment the results of the experiments. Reports should not merely list results, but demonstrate understanding of the concepts learned during the course. Student self-assessment will also be used to generate the computer lab score, i.e. students are going to score the contribution of other students in the same group towards achieving the objectives of the computer labs; sending self-assessments to the course instructor is mandatory in order to obtain a score for the computer labs. The final grade depends on the sum of scores of the written exam (up to 24 points) and on the evaluation of the reports of the computer labs (up to 6 additional points). A perfect written exam with perfect lab reports is evaluated 30/30 cum laude; the minimum mark students have to achieve in order to pass the exam is 18/30. While the exam is typically written, the course instructor reserves the right to perform an oral examination in specific cases.


© Politecnico di Torino
Corso Duca degli Abruzzi, 24 - 10129 Torino, ITALY
m@il