Servizi per la didattica
PORTALE DELLA DIDATTICA

Applied Information Security and Cryptography

01TUWBH

A.A. 2021/22

Course Language

Inglese

Course degree

Master of science-level of the Bologna process in Ict For Smart Societies (Ict Per La Societa' Del Futuro) - Torino

Course structure
Teaching Hours
Lezioni 40
Esercitazioni in laboratorio 20
Teachers
Teacher Status SSD h.Les h.Ex h.Lab h.Tut Years teaching
Bianchi Tiziano   Professore Associato ING-INF/03 40 0 20 0 4
Teaching assistant
Espandi

Context
SSD CFU Activities Area context
ING-INF/03 6 D - A scelta dello studente A scelta dello studente
2021/22
This course introduces students to the main technologies dealing with information security. The objectives of the course can be summarized as: i) let the students be aware of the main objectives of information security, namely providing data confidentiality, integrity, and availability; ii) describe in detail the main cryptographic tools that can be used for achieving the above goals; iii) define what is considered secure in modern cryptography; iv) provide the students with the ability to analyze weaknesses in existing schemes and design adequate security solutions. One third of the course will take place in the LAIB laboratories, where the students will have the opportunity to implement and test a subset of the cryptographic techniques explained during lectures.
Information security is essential for all ICT technologies dealing with data management and represents a key competence for engineers working with large and complex systems integrating different ICT tools. This course introduces students to the main technologies dealing with information security. The objectives of the course can be summarized as: i) let the students be aware of the main objectives of information security, namely providing data confidentiality, integrity, and availability; ii) describe in detail the main cryptographic tools that can be used for achieving the above goals; iii) explain how those tools are used to implement relevant security protocols in ICT; iv) provide the students with the ability to recognise weaknesses in existing ICT tools and design adequate security solutions. One third of the course will consist in lab activities, where the students will have the opportunity to implement and test a subset of the cryptographic techniques explained during lectures.
At the end of the course, students will acquire knowledge of the main cryptographic techniques used in security protocols and will understand how they satisfy usual security definitions. In detail: • Knowledge of basic security principles • Knowledge of common security definitions in modern cryptographic (perfect secrecy, computational secrecy) • Knowledge of main cryptographic techniques using symmetric and asymmetric keys • Knowledge of cryptographic hash functions and related authentication techniques • Knowledge of main security protocols for key management, authentication, message confidentiality Moreover, they should acquire the ability to choose and employ the most adequate cryptographic tools according to the security scenario and application needs, and the ability to evaluate the security of a specific protocol. In detail: • Ability to evaluate if a protocol satisfies a given security definition • Ability to design a security protocol providing confidentiality and authentication • Ability to assess the weaknesses of an existing protocol
At the end of the course, students will acquire knowledge of the main cryptographic techniques used in security protocols and will understand how they satisfy usual security definitions. In detail: • Knowledge of basic security principles • Knowledge of common security definitions in modern cryptographic (perfect secrecy, computational secrecy) • Knowledge of main cryptographic techniques using symmetric and asymmetric keys • Knowledge of cryptographic hash functions and related authentication techniques • Knowledge of main security protocols for key management, authentication, message confidentiality Moreover, they should acquire the ability to choose and employ the most adequate cryptographic tools according to the security scenario and application needs, and the ability to evaluate the security of a specific protocol. In detail: • Ability to evaluate if a protocol satisfies a given security definition • Ability to design a security protocol providing confidentiality and authentication • Ability to assess the weaknesses of an existing protocol
The students are expected to know the following concepts: • Probability theory, random variables, conditional probability • Basic algebra concepts (groups, rings, fields) Regarding labs, the students are expected to have a basic knowledge of programming languages (C/C++,Python)
The students are expected to know the following concepts: • Probability theory, random variables, conditional probability • Basic algebra concepts (groups, rings, fields) Regarding labs, the students are expected to have a basic knowledge of Python programming language.
Security definitions and scenarios (0.3 CFU – 3h theory) • Confidentiality, integrity, availability, authentication, non-repudiation • Kerckhoff's principle • Attack models Security models (1.2 CFU – 9h theory + 3h lab) • Perfect secrecy, Shannon theorem, unicity distance • Computational secrecy • Examples on historical ciphers Symmetric key cryptography (0.9 CFU – 6h theory + 3h lab) • Pseudorandom generators and pseudorandom functions, stream ciphers and block ciphers • Modes of operation • Practical algorithms (DES, 3DES, AES, RC4) Asymmetric key cryptography (1.2 CFU – 9h theory + 3h lab) • Basic notions on number theory • One-way functions, trapdoor functions, factorization, discrete logarithm • Practical algorithms (RSA, El-Gamal, Elliptic Curve) Authentication and integrity (0.9 CFU – 6h theory + 3h lab) • Hash functions • Message authentication codes • Digital signatures Security protocols (1.5 CFU – 9h theory – 6h lab) • Key distribution, certification authorities, public-key infrastructures • Authentication protocols (passwords, second factor, webauthn) • End-to-end encryption
Security definitions and scenarios (0.3 CFU – 3h theory) • Confidentiality, integrity, availability, authentication, non-repudiation • Kerckhoff's principle • Attack models Security models (1.2 CFU – 9h theory + 3h lab) • Examples on historical ciphers • Perfect secrecy, Shannon theorem, unicity distance • Computational secrecy Symmetric key cryptography (0.9 CFU – 6h theory + 3h lab) • Pseudorandom generators and pseudorandom functions, stream ciphers and block ciphers • Modes of operation • Practical algorithms (AES, Salsa20, ChaCha20) Asymmetric key cryptography (1.2 CFU – 9h theory + 3h lab) • Basic notions on number theory • One-way functions, trapdoor functions, factorization, discrete logarithm • Practical algorithms (RSA, Diffie-Hellman, Elliptic Curve) Authentication and integrity (0.9 CFU – 6h theory + 3h lab) • Hash functions (SHA2, SHA3) • Message authentication codes and authenticated encryption (HMAC, GCM) • Digital signatures (RSA, Schnorr, DSA/ECDSA) Security protocols (1.5 CFU – 9h theory – 6h lab) • Key distribution, public-key certificates, public-key infrastructures • Authentication protocols (passwords, second factor, challenge-response) • Transport Layer Security
The course is based on lectures (42 hours) and computer labs (18 hours). Computer labs will be organized in the different areas of the course, including basic security principles, symmetric and asymmetric cryptography, authentication, security protocols. Each computer lab will last at least 3 hours. Some more complex activities may be distributed over the span of 2 labs. During computers labs, students will implement the algorithms discussed during lectures using Python and will test them in different application scenarios. Students are organized in groups of no more than three people. For each computer lab, the group must write a report; reports are evaluated and concur to determine the final grade.
The course is based on lectures (42 hours) and computer labs (18 hours). Computer labs will be organized in the different areas of the course, including basic security principles, symmetric and asymmetric cryptography, authentication, security protocols. Each computer lab will last at least 3 hours. Some more complex activities may be distributed over the span of 2 labs. During computers labs, students will implement the algorithms discussed during lectures using Python and will test them in different application scenarios. Students are organized in groups of no more than three people. For each computer lab, the group must write a report; reports are evaluated and concur to determine the final grade.
Main textbook: • William Stallings, “Cryptography and Network Security: Principles and Practice”, Pearson, 2016. Additional readings: • Jonathan Katz, Yehuda Lindell, “Introduction to Modern Cryptography”, Chapman and Hall/CRC, 2014. • Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, “Handbook of Applied Cryptography”, CRC Press, 2001. Other available material includes the slides used during the lectures and the material for the computer labs. The material will be available on the web.
Main textbooks: • William Stallings, “Cryptography and Network Security: Principles and Practice”, Pearson, 2016. • Jonathan Katz, Yehuda Lindell, “Introduction to Modern Cryptography”, Chapman and Hall/CRC, 2014. Additional readings: • Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, “Handbook of Applied Cryptography”, CRC Press, 2001. Other available material includes the slides used during the lectures, video recording of lectures, and the material for the computer labs. The material will be available on the web.
Modalità di esame: Prova orale obbligatoria; Elaborato scritto prodotto in gruppo;
Exam: Compulsory oral exam; Group essay;
The final exam is a written test consisting in three open questions covering different course topics. The students have 2 hours to write their answers. Students cannot use books, slides, notes or any other teaching materials during the exam. Also, the use of any device able to connect to the Internet is strictly forbidden. The test aims at assessing the student’s knowledge of the different topics, by evaluating the ability to describe technological solutions, their merits and limitation, their applicability to practical scenarios. The students receive a score for each answer, depending on the difficulty of the topic and the level of correctness, clarity, accurate terminology of their answers. Reports should be delivered to the course instructor at least a week before the date of the first exam. Evaluation of the reports is based on their clarity, technical correctness, ability of the students to properly describe and comment the results of the experiments. Reports should not merely list results, but demonstrate understanding of the concepts learned during the course. Student self-assessment will also be used to generate the computer lab score, i.e. students are going to score the contribution of other students in the same group towards achieving the objectives of the computer labs; sending self-assessments to the course instructor is mandatory in order to obtain a score for the computer labs. The final grade depends on the sum of scores of the written exam (up to 24 points) and on the evaluation of the reports of the computer labs (up to 6 additional points). A perfect written exam with perfect lab reports is evaluated 30/30 cum laude; the minimum mark students have to achieve in order to pass the exam is 18/30. While the exam is typically written, the course instructor reserves the right to perform an oral examination in specific cases.
Gli studenti e le studentesse con disabilità o con Disturbi Specifici di Apprendimento (DSA), oltre alla segnalazione tramite procedura informatizzata, sono invitati a comunicare anche direttamente al/la docente titolare dell'insegnamento, con un preavviso non inferiore ad una settimana dall'avvio della sessione d'esame, gli strumenti compensativi concordati con l'Unità Special Needs, al fine di permettere al/la docente la declinazione più idonea in riferimento alla specifica tipologia di esame.
Exam: Compulsory oral exam; Group essay;
The final exam is an oral exam typically consisting of three open questions covering different course topics. Students cannot use books, slides, notes, online resources, or any other teaching materials during the exam. The questions aims at assessing students' understanding of main security principles and security definitions and their knowledge of the different cryptographic algorithms, by evaluating the ability to describe technological solutions, their merits and limitation, their applicability to practical scenarios. The students are evaluated depending on the difficulty of the topic and the level of correctness, clarity, accurate terminology of their answers. In same cases, the contents of the lab reports may be also discussed during the oral exam. Reports should be delivered to the course instructor at least a week before the date of the first exam. Evaluation of the reports is based on their clarity, technical correctness, ability of the students to properly describe and comment the results of the experiments. Reports should not merely list results, but demonstrate understanding of the concepts learned during the course. Reports are also used to assess students' ability to evaluate merits and weakness of different security solutions. Student self-assessment will also be used to generate the computer lab score, i.e. students are going to score the contribution of other students in the same group towards achieving the objectives of the computer labs; sending self-assessments to the course instructor is mandatory in order to obtain a score for the computer labs. The final grade depends on the score of the oral exam (up to 24 points) and on the evaluation of the reports of the computer labs (up to 6 additional points). A perfect oral exam with perfect lab reports is evaluated 30/30 cum laude; the minimum mark students have to achieve in order to pass the exam is 18/30.
In addition to the message sent by the online system, students with disabilities or Specific Learning Disorders (SLD) are invited to directly inform the professor in charge of the course about the special arrangements for the exam that have been agreed with the Special Needs Unit. The professor has to be informed at least one week before the beginning of the examination session in order to provide students with the most suitable arrangements for each specific type of exam.
Modalità di esame: Prova orale obbligatoria; Elaborato scritto prodotto in gruppo;
The final exam is an oral exam typically consisting in three open questions covering different course topics. Students cannot use books, slides, notes, online resources, or any other teaching materials during the exam. The exam aims at assessing the student’s knowledge of the different topics, by evaluating the ability to describe technological solutions, their merits and limitation, their applicability to practical scenarios. The students are evaluated depending on the difficulty of the topic and the level of correctness, clarity, accurate terminology of their answers. In same cases, the contents of the lab reports may be also discussed during the oral exam. Reports should be delivered to the course instructor at least a week before the date of the first exam. Evaluation of the reports is based on their clarity, technical correctness, ability of the students to properly describe and comment the results of the experiments. Reports should not merely list results, but demonstrate understanding of the concepts learned during the course. Student self-assessment will also be used to generate the computer lab score, i.e. students are going to score the contribution of other students in the same group towards achieving the objectives of the computer labs; sending self-assessments to the course instructor is mandatory in order to obtain a score for the computer labs. The final grade depends on the score of the oral exam (up to 24 points) and on the evaluation of the reports of the computer labs (up to 6 additional points). A perfect oral exam with perfect lab reports is evaluated 30/30 cum laude; the minimum mark students have to achieve in order to pass the exam is 18/30.
Exam: Compulsory oral exam; Group essay;
The final exam is an oral exam typically consisting of three open questions covering different course topics. Students cannot use books, slides, notes, online resources, or any other teaching materials during the exam. The questions aims at assessing students' understanding of main security principles and security definitions and their knowledge of the different cryptographic algorithms, by evaluating the ability to describe technological solutions, their merits and limitation, their applicability to practical scenarios. The students are evaluated depending on the difficulty of the topic and the level of correctness, clarity, accurate terminology of their answers. In same cases, the contents of the lab reports may be also discussed during the oral exam. Reports should be delivered to the course instructor at least a week before the date of the first exam. Evaluation of the reports is based on their clarity, technical correctness, ability of the students to properly describe and comment the results of the experiments. Reports should not merely list results, but demonstrate understanding of the concepts learned during the course. Reports are also used to assess students' ability to evaluate merits and weakness of different security solutions. Student self-assessment will also be used to generate the computer lab score, i.e. students are going to score the contribution of other students in the same group towards achieving the objectives of the computer labs; sending self-assessments to the course instructor is mandatory in order to obtain a score for the computer labs. The final grade depends on the score of the oral exam (up to 24 points) and on the evaluation of the reports of the computer labs (up to 6 additional points). A perfect oral exam with perfect lab reports is evaluated 30/30 cum laude; the minimum mark students have to achieve in order to pass the exam is 18/30.
Modalità di esame: Prova orale obbligatoria; Elaborato scritto prodotto in gruppo;
The final exam is an oral exam typically consisting in three open questions covering different course topics. Students cannot use books, slides, notes, online resources, or any other teaching materials during the exam. The exam aims at assessing the student’s knowledge of the different topics, by evaluating the ability to describe technological solutions, their merits and limitation, their applicability to practical scenarios. The students are evaluated depending on the difficulty of the topic and the level of correctness, clarity, accurate terminology of their answers. In same cases, the contents of the lab reports may be also discussed during the oral exam. Reports should be delivered to the course instructor at least a week before the date of the first exam. Evaluation of the reports is based on their clarity, technical correctness, ability of the students to properly describe and comment the results of the experiments. Reports should not merely list results, but demonstrate understanding of the concepts learned during the course. Student self-assessment will also be used to generate the computer lab score, i.e. students are going to score the contribution of other students in the same group towards achieving the objectives of the computer labs; sending self-assessments to the course instructor is mandatory in order to obtain a score for the computer labs. The final grade depends on the score of the oral exam (up to 24 points) and on the evaluation of the reports of the computer labs (up to 6 additional points). A perfect oral exam with perfect lab reports is evaluated 30/30 cum laude; the minimum mark students have to achieve in order to pass the exam is 18/30.
Exam: Compulsory oral exam; Group essay;
The final exam is an oral exam typically consisting of three open questions covering different course topics. Students cannot use books, slides, notes, online resources, or any other teaching materials during the exam. The questions aims at assessing students' understanding of main security principles and security definitions and their knowledge of the different cryptographic algorithms, by evaluating the ability to describe technological solutions, their merits and limitation, their applicability to practical scenarios. The students are evaluated depending on the difficulty of the topic and the level of correctness, clarity, accurate terminology of their answers. In same cases, the contents of the lab reports may be also discussed during the oral exam. Reports should be delivered to the course instructor at least a week before the date of the first exam. Evaluation of the reports is based on their clarity, technical correctness, ability of the students to properly describe and comment the results of the experiments. Reports should not merely list results, but demonstrate understanding of the concepts learned during the course. Reports are also used to assess students' ability to evaluate merits and weakness of different security solutions. Student self-assessment will also be used to generate the computer lab score, i.e. students are going to score the contribution of other students in the same group towards achieving the objectives of the computer labs; sending self-assessments to the course instructor is mandatory in order to obtain a score for the computer labs. The final grade depends on the score of the oral exam (up to 24 points) and on the evaluation of the reports of the computer labs (up to 6 additional points). A perfect oral exam with perfect lab reports is evaluated 30/30 cum laude; the minimum mark students have to achieve in order to pass the exam is 18/30.
Esporta Word


© Politecnico di Torino
Corso Duca degli Abruzzi, 24 - 10129 Torino, ITALY
Contatti