This course introduces students to the main technologies dealing with information security. The objectives of the course can be summarized as: i) let the students be aware of the main objectives of information security, namely providing data confidentiality, integrity, and availability; ii) describe in detail the main cryptographic tools that can be used for achieving the above goals; iii) define what is considered secure in modern cryptography; iv) provide the students with the ability to analyze weaknesses in existing schemes and design adequate security solutions. One third of the course will take place in the LAIB laboratories, where the students will have the opportunity to implement and test a subset of the cryptographic techniques explained during lectures.

At the end of the course, students will acquire knowledge of the main cryptographic techniques used in security protocols and will understand how they satisfy usual security definitions. In detail: • Knowledge of basic security principles • Knowledge of common security definitions in modern cryptographic (perfect secrecy, computational secrecy) • Knowledge of main cryptographic techniques using symmetric and asymmetric keys • Knowledge of cryptographic hash functions and related authentication techniques • Knowledge of main security protocols for key management, authentication, message confidentiality Moreover, they should acquire the ability to choose and employ the most adequate cryptographic tools according to the security scenario and application needs, and the ability to evaluate the security of a specific protocol. In detail: • Ability to evaluate if a protocol satisfies a given security definition • Ability to design a security protocol providing confidentiality and authentication • Ability to assess the weaknesses of an existing protocol

The students are expected to know the following concepts: • Probability theory, random variables, conditional probability • Basic algebra concepts (groups, rings, fields) Regarding labs, the students are expected to have a basic knowledge of programming languages (C/C++,Python)

Security definitions and scenarios (0.3 CFU – 3h theory) • Confidentiality, integrity, availability, authentication, non-repudiation • Kerckhoff's principle • Attack models Security models (1.2 CFU – 9h theory + 3h lab) • Perfect secrecy, Shannon theorem, unicity distance • Computational secrecy • Examples on historical ciphers Symmetric key cryptography (0.9 CFU – 6h theory + 3h lab) • Pseudorandom generators and pseudorandom functions, stream ciphers and block ciphers • Modes of operation • Practical algorithms (DES, 3DES, AES, RC4) Asymmetric key cryptography (1.2 CFU – 9h theory + 3h lab) • Basic notions on number theory • One-way functions, trapdoor functions, factorization, discrete logarithm • Practical algorithms (RSA, El-Gamal, Elliptic Curve) Authentication and integrity (0.9 CFU – 6h theory + 3h lab) • Hash functions • Message authentication codes • Digital signatures Security protocols (1.5 CFU – 9h theory – 6h lab) • Key distribution, certification authorities, public-key infrastructures • Authentication protocols (passwords, second factor, webauthn) • End-to-end encryption

The course is based on lectures (42 hours) and computer labs (18 hours). Computer labs will be organized in the different areas of the course, including basic security principles, symmetric and asymmetric cryptography, authentication, security protocols. Each computer lab will last at least 3 hours. Some more complex activities may be distributed over the span of 2 labs. During computers labs, students will implement the algorithms discussed during lectures using Python and will test them in different application scenarios. Students are organized in groups of no more than three people. For each computer lab, the group must write a report; reports are evaluated and concur to determine the final grade.

Main textbook: • William Stallings, “Cryptography and Network Security: Principles and Practice”, Pearson, 2016. Additional readings: • Jonathan Katz, Yehuda Lindell, “Introduction to Modern Cryptography”, Chapman and Hall/CRC, 2014. • Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, “Handbook of Applied Cryptography”, CRC Press, 2001. Other available material includes the slides used during the lectures and the material for the computer labs. The material will be available on the web.

Modalità di esame: Prova orale obbligatoria; Elaborato scritto prodotto in gruppo;

The final exam is an oral exam typically consisting in three open questions covering different course topics. Students cannot use books, slides, notes, online resources, or any other teaching materials during the exam. The exam aims at assessing the student’s knowledge of the different topics, by evaluating the ability to describe technological solutions, their merits and limitation, their applicability to practical scenarios. The students are evaluated depending on the difficulty of the topic and the level of correctness, clarity, accurate terminology of their answers. In same cases, the contents of the lab reports may be also discussed during the oral exam. Reports should be delivered to the course instructor at least a week before the date of the first exam. Evaluation of the reports is based on their clarity, technical correctness, ability of the students to properly describe and comment the results of the experiments. Reports should not merely list results, but demonstrate understanding of the concepts learned during the course. Student self-assessment will also be used to generate the computer lab score, i.e. students are going to score the contribution of other students in the same group towards achieving the objectives of the computer labs; sending self-assessments to the course instructor is mandatory in order to obtain a score for the computer labs. The final grade depends on the score of the oral exam (up to 24 points) and on the evaluation of the reports of the computer labs (up to 6 additional points). A perfect oral exam with perfect lab reports is evaluated 30/30 cum laude; the minimum mark students have to achieve in order to pass the exam is 18/30.

Modalità di esame: Prova orale obbligatoria; Elaborato scritto prodotto in gruppo;

The final exam is an oral exam typically consisting in three open questions covering different course topics. Students cannot use books, slides, notes, online resources, or any other teaching materials during the exam. The exam aims at assessing the student’s knowledge of the different topics, by evaluating the ability to describe technological solutions, their merits and limitation, their applicability to practical scenarios. The students are evaluated depending on the difficulty of the topic and the level of correctness, clarity, accurate terminology of their answers. In same cases, the contents of the lab reports may be also discussed during the oral exam. Reports should be delivered to the course instructor at least a week before the date of the first exam. Evaluation of the reports is based on their clarity, technical correctness, ability of the students to properly describe and comment the results of the experiments. Reports should not merely list results, but demonstrate understanding of the concepts learned during the course. Student self-assessment will also be used to generate the computer lab score, i.e. students are going to score the contribution of other students in the same group towards achieving the objectives of the computer labs; sending self-assessments to the course instructor is mandatory in order to obtain a score for the computer labs. The final grade depends on the score of the oral exam (up to 24 points) and on the evaluation of the reports of the computer labs (up to 6 additional points). A perfect oral exam with perfect lab reports is evaluated 30/30 cum laude; the minimum mark students have to achieve in order to pass the exam is 18/30.