COMPM064 - Applied Cryptography
This database contains the 2017-18 versions of syllabuses. Syllabuses from the 2016-17 session are available here.
Note: Whilst every effort is made to keep the syllabus and assessment records correct, the precise details must be checked with the lecturer(s).
|Code||COMPM064 (also taught as: COMPGA12)|
|Taught By||Nicolas Courtois (100%)|
Understanding how cryptographic algorithms keys and protocols, and an appropriate hardware(software) environment can solve security problems (confidentiality, integrity, authenticity). Showing how security is achieved in reallife systems in areas of telecom, government/identity, buildings/transportation, payment. Real-life applications of encryption, Message Authentication Codes (MAC) and Digital Signatures in smart cards and terminals, personnal identity and crypto currency systems. RFID technology. Understanding attacks and vulnerabilities of current industrial standards. Cryptography in practice, sidechannel attacks and countermeasures.
Learning how security problems are solved in the industry, and understanding why specific choices are made.
Understanding security (attacks and defences) in complex reallife systems and the role of keys, cryptographic algorithms and protocols, tamper resistant hardware and other types of countermeasures.
Study of entity authentication and data authentication, challenge-response. Understanding multiple ways to attack and defend in industrial systems.
Technology adoption, legal, ethical, business and usability questions.
Industry regulation and security standards. Common criteria security evaluations.
History of payment and smart card industry. Security engineering and promotion of ‘best practices’.
Understanding fraud crime and attacks in payment systems. Study of bitcoin and decentralized crypto currencies.
Digital signatures in practice with legal/regulatory aspects.
Electronic commerce, SSL/TLS, Forward Security, standard methods of encoding of digital signatures and certificates (X.509).
Tentative schedule is as follows:
Week 1: Selected Elliptic Curve crypto and digital signature topics [needed for labs and crypto currency topics].
Week 2: Hardware Security and Side-channel attacks (timing, SPA, DPA and DFA). Side-channel attack countermeasures. [also covered in labs].
Week 3: Smart cards and cryptographic protocols. RFID technology, Authentication.
Week 4: Bank cards and terminals, history, EMV specs, different forms of security, fraud, attacks.
Week 5: Symmetric cryptography engineering and random number generation. Best practices.
Week 6: Public key crypto engineering, secure email/messaging, digital signatures, certificates.
Week 7: More applications of PK crypto. Electronic passports and ID cards vs. SDA/DDA/CDA in bank cards.
Week 8: Electronic commerce, SSL/TLS, Forward Security, attacks on TLS.
Week 9: Financial cryptography, payment systems, blockchains and crypto currencies, bitcoin, stealth address techniques, ring signatures, monero.
Week 10: Zerocash, advanced crypto solutions for anonymous payments.
Tutorial and Labs: Writing programs with standard crypto libraries (OpenSSL, NTL, GMP, MPIR) and developing efficient and secure implementations of cryptography in C++/Java.
Method of Instruction
Tutor-led class sessions, problem solving sessions and private study.
Crypto implementation lab.
The course has the following assessment components:
- Written Examination (2.5 hours, 85%)
- Compulsory Moodle Quiz (1 hour, 15%)
To pass this course, students must:
- Obtain a mark of 50% or more for all components combined
- Obtain a minimum mark of 40% in each component worth ≥ 30% of the module as a whole.
Reading list available via the UCL Library catalogue.