PV079 - Applied Cryptography

1. Chapter 1 of Handbook of Applied Cryptography (HAC), can be found through the link http://cacr.math.uwaterloo.ca/hac/ that you'll use rather often in this class. The goal of this first reading (without an assignment) is to get familiar with the basic concepts and terminology of (applied) crypto. You can skip parts 1.3, in fact.
2. Advanced Encryption Standard (AES) as advised via e-mail, with readings of The AES Q&A and AES algorithm (Rijndael) authors' presentation (in PDF). And also with the assignment #1 related reading of Performance Evaluation of AES Finalists on the High-End Smart Card.
3. This week we shall focus on the relation of cryptography and (secure) hardware. Readings for this week include slides from the lecture on cryptography and hardware security, their mutual relations and benefits, that uses to be given by Petr Sveda, and you can download the slides (PDF) here. And the paper Hand-Held Computers Can Be Better Smart Cards that will give you a very useful insight to comparison of security and performance aspects of a smartcard vs. a handheld device, where smartcards are better or worse than a handheld device, etc.
4. This week was related to a short (6-page) seminal and frequently cited work on authentication in networks, now almost a quarter of century old work: NEEDHAM, R.M. AND SCHROEDER, R.M., Using encryption for authentication in large networks of computers, Comm. ACM, vol. 21, no. 12, pp. 993-999, 1978.
5. Follow-up to the previous week reading was a a well-written summary of work on protocols so far, and should provide you with a brief coverage of this interesting area and its problems: Ross Anderson, Michael Bond Protocol Analysis, Composability and Computation, starts in about 1/3 of the page, search, e.g., for "sis".
   Advanced reading, by no means not required to read/study, but still I thought that it would be of an interest to some of you, is from M. Bond, P. Zielinski, Decimalisation Table Attacks for PIN Cracking.
6. This week's work concerns study of the NIST AES standard development report on the choice of the algorithm - Report on the Development of the Advanced Encryption Standard (AES) and the assignment related to this and playing with the candidates (sources either http://fp.gladman.plus.com/cryptography_technology/aes2/ or http://csrc.nist.gov/encryption/aes/round2/r2algs-code.html ).
7. Your work for this and also the following week involves study of application of cryptography in some selected protocols, and the selected readings involve:
   • Chapters 2 and 3 of the book Firewalls and Internet Security: Repelling the Wily Hacker (2nd Edition), by WR Cheswick, SM Bellovin, AD Rubin. (A bit lenghty, but very easy reading providing motivation for security improvements in internet protocols.)
   • An overview paper by T. Ylonen.
   And also links to software worth a try: for secure login try the SSH downloads (both client and server versions free for non-commercial use), and for secure file copying try the WinSCP downloads.
8. This week we focus on another area in security protocols, namely Mobile IP. I've selected the following paper of R Deng, J Zhou, F Bao as the reading this week: Defending Against Redirect Attacks in Mobile IP, the 9th ACM Conference on Computer and Communications Security, November 2002.
9. Our study this week focuses on the modes of operation for block ciphers. The required reading consists of pages 1-17 of the NIST "Special Publication" SP 800-38A "Recommendation for Block Cipher Modes of Operation - Methods and Techniques". More information on all the modes (both approved and considered) is at the NIST mode of operation webpage.
10. This week we look onto trust management and authentication set together with a practical exercise (part of the last assignment). The reading is accessible only from the FI/MU network (ACM Digital Library). It's the paper Authentication metric analysis and design by MK Reiter and SG Stubblebine, published in 1999 in the ACM Transactions on Information and System Security (TISSEC).
11. This week we'll look at few interesting papers (1, 2, 3.) that have been released just few years back, and that show it wasn't really up to Diffie & Hellman and Rivest & Shamir & Adleman to come first with the public-key crypto, but that the British government cryptographers managed to do the work few years earlier.

The final grade will be determined by your performance in the course assignments, distributed throughout the term, at 50%, and the remaining 50% will be awarded according to the final written exam (open-book). Readings (and assignments) are based on both the "classics" in applied crypto papers/books and recent developments in the area.

• The course and assignments are given in English. Questions (course, assignment, etc.) and discussions should be in English. Your assignments are to be handed in also in English!!!
• The final exam is given in English, but answers are accepted in both Czech and English.
• Your final mark will be assigned according to the following scoring scheme:
  • A for 90% or higher, then
  • B for 80% or higher, then
  • C for 70% or higher, then
  • D for 60% or higher, then
  • E for 50% or higher, then
  • F(ail) for less than 50%.
  Colloquy or credit - at least 50% needed.
• The assignments are distributed through the term, usually with the deadline in 10-14 days from the day of distribution. They are distributed and collected electronically.

WWW: Vaclav Matyas