COMPGA12 - Applied Cryptography

This database contains the 2017-18 versions of syllabuses. Syllabuses from the 2016-17 session are available here.

Note: Whilst every effort is made to keep the syllabus and assessment records correct, the precise details must be checked with the lecturer(s).

CodeCOMPGA12 (Also taught as COMPM064)
YearMSc
PrerequisitesN/A
Term2
Taught ByNicolas Courtois (100%)
Aims

Understanding how cryptographic algorithms keys and protocols, and an appropriate hardware (software) environment can solve security problems (confidentiality, integrity, authenticity). Showing how security is achieved in real­life systems in areas of telecom, government/identity, buildings/transportation, payment. 
Real-life applications of encryption, Message Authentication Codes (MAC) and Digital Signatures in smart cards and terminals, personnal identity and crypto currency systems. RFID technology. 
Understanding attacks and vulnerabilities of current industrial standards. Cryptography in practice, side­channel attacks and countermeasures. 

Learning Outcomes

Learning how security problems are solved in the industry, and understanding why specific choices are made. 
Understanding security (attacks and defences) in complex real­life systems and the role of keys, cryptographic algorithms and protocols, tamper resistant hardware and other types of countermeasures. Study of entity authentication and data authentication, challenge-response. 
Understanding multiple ways to attack and defend in industrial systems. 
Technology adoption, legal, ethical, business and usability questions. Industry regulation and security standards. Common criteria security evaluations. 
History of payment and smart card industry. Security engineering and promotion of ‘best practices’. 
Understanding fraud crime and attacks in payment systems. Study of bitcoin and decentralized crypto currencies. 
Digital signatures in practice with legal/regulatory aspects. 
Electronic commerce, SSL/TLS, Forward Security, standard methods of encoding of digital signatures and certificates (X.509). 

Content

Tentative schedule is as follows: 

Week 1: Selected Elliptic Curve crypto and digital signature topics [needed for labs and crypto currency topics].

Week 2: Hardware Security and Side-channel attacks (timing, SPA, DPA and DFA). Side-channel attack countermeasures. [also covered in labs].

Week 3: Smart cards and cryptographic protocols. RFID technology, Authentication.

Week 4: Bank cards and terminals, history, EMV specs, different forms of security, fraud, attacks.

Week 5: Symmetric cryptography engineering and random number generation. Best practices.

Week 6: Public key crypto engineering, secure email/messaging, digital signatures, certificates.

Week 7: More applications of PK crypto. Electronic passports and ID cards vs. SDA/DDA/CDA in bank cards.

Week 8: Electronic commerce, SSL/TLS, Forward Security, attacks on TLS.

Week 9: Financial cryptography, payment systems, blockchains and crypto currencies, bitcoin, stealth address techniques, ring signatures, monero.

Week 10: Zerocash, advanced crypto solutions for anonymous payments.

 

Tutorial and Labs: Writing programs with standard crypto libraries (OpenSSL, NTL, GMP, MPIR) and developing efficient and secure implementations of cryptography in C++/Java.

Method of Instruction

Tutor-­led class sessions, problem­ solving sessions and private study. Crypto implementation lab. 

Assessment

The module has the following assessments:

  • Written Examination (2.5 hours) (85%)
  • Coursework (15%): Moodle Quiz

To pass this module, students must:

  •  Obtain a mark of at least 50% for the module overall.

    Resources

    Reading list available via the UCL Library catalogue.