COMPGA12 - Applied Cryptography
This database contains the 2016-17 versions of syllabuses. Syllabuses from the 2015-16 session are available here.
Note: Whilst every effort is made to keep the syllabus and assessment records correct, the precise details must be checked with the lecturer(s).
|Code||COMPGA12 (Also taught as COMPM064)|
|Taught By||Nicolas Courtois (100%)|
Understanding how cryptographic algorithms keys and protocols, and an appropriate hardware (software) environment can solve security problems (confidentiality, integrity, authenticity). Showing how security is achieved in reallife systems in areas of telecom, government/identity, buildings/transportation, payment.
Learning how security problems are solved in the industry, and understanding why specific choices are made.
Tentative schedule is as follows:
Week 1: Smart Cards, Hardware Security. Security engineering.
Week 2: Mobile phone security. RFID systems, access control, user/data authentication.
Week 3: Key sizes. Random number and key generation. Symmetric cryptography engineering, key derivation and key management.
Week 4: Bank cards and terminals, history, EMV specs, different forms of security, fraud, attacks.
Week 5: Public key crypto engineering, best practices, standardized algorithms and padding methods. PGP vs. smart cards. PKI vs. alternatives.
Week 6: Applications of digital signatures. Legal/regulatory aspects, qualified certificates, timestamping.
Week 7: More applications of PK crypto. Electronic passports and ID cards vs. SDA/DDA/CDA in bank cards.
Week 8: Electronic commerce, SSL/TLS, Forward Security, standard methods of encoding of digital signatures and certificates (X.509).
Week 9: Financial cryptography, payment systems, crypto currencies, bitcoin.
Week 10: Side-channel attacks (timing, SPA, DPA and DFA). Side-channel attack countermeasures.
Tutorial and Labs: Writing programs with standard crypto libraries (OpenSSL, NTL, GMP) and developing efficient and secure implementations of cryptography in C++/Java.
Method of Instruction:
Tutor-led class sessions, problem solving sessions and private study. Crypto implementation lab.
The module has the following assessments:
- Written Examination (2.5 hours) (85%)
- Coursework (15%): Moodle Quiz
To pass this module, students must:
- Obtain a mark of at least 50% for the module overall.
Lecture notes on Moodle (id=11577).
Additional recent and older resources can be found at blog.bettercrypto.com;
Ross Anderson: "Security Engineering" Wiley 2006, chapters 3-5,10,11,16,22,26.
W. Rankl and W. Effing, "Smart Card Handbook" Wiley 2003.
"Handbook of Applied Cryptography" by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996, www.cacr.math.uwaterloo.ca/hac
Mayes, K. and Markantonakis K (Editors) "Smart Cards, Tokens, Security and Applications" Springer 200