Hans F l a c k: Data Security Distance Course Department of Computer Systems, Spring 2004.

Hans F l a c k
Address of page: http://user.it.uu.se/~hansf/dsak04dis.html
Page created January 30, 2004
Last May 5, 2004

Data Security Course, Spring 2004

Preliminary: Livivg document

Page still has some unresolved links

Contents
1. Short description
2. Lectures
3. Labs & assignments
4. Guest lectures
5. Recommended reading
6. Teaching
7. Supplementary comments
8. Miscellaneous
9. Results: Assignments, exams, &c
10. Instructor's self assessment

1. Short description
This C (senior)- level course instance is an update of versions I have taught since spring 1985.
It is a practically oriented course, trying to convey the essentials of the most important techniques for data security, viz. cryptologic methods and access control.

However, since the techniques are based on quite a broad subset of mathematical areas not usually studied in undergraduate programs, I will try to introduce the essentials thereof on a "need-to-know basis".

Cryptology, and a fortiori, Data Security, is a vast subject (cf. Section 5). Hence, in this introductory course, there will only be time to study the more elementary parts.

Maybe, there will some day be a "follow-up" course where modern theory (e. g. zero-knowledge, pseudo randomness, provable security, ... ) could be studied in more depth.

There are, however, a couple of "sister courses" Secure Computer Systems focusing on network and operating system security using cryptology as "black boxes" and one summer course Reliable Systems treating, among other things, fault tolerance and safety.

As stated by the ISO OSI Reference Model - Security architecture the security services are

Peer entity authentication (identification)
Data origin authentication (proof of origin)
Access Control (discretionary or mandatory)
Data Confidentiality (connection/connectionless, selective field, traffic flow)
Data Integrity (with/without recovery, c/c-less, selective field)
Non-repudiation (origin, delivery)

Anomymity could be added; cf e-cash
Cryptology is a mean to achieve these goals.

Preresquisites
Courses on Computer Operating Systems , Mathematical statistics, Data Structures, and Computer Networks are strongly recommended.

Course start
April 2 at 9:15 in room 211, buildning 1, PB

Formal syllabus (in Swedish)
found at http://dbteknat.its.uu.se

VERY WELCOME TO THIS COURSE

And remember B. Schneier. Applied Cryptography, Wiley, 1996, p. 21:
------------------------------------------------------------------------------------------
"The whole point of cryptography is to solve problems.
(Actually, that's the whole point of computers -
something many people tend to forget.)"
------------------------------------------------------------------------------------------
See, also (in Swedish) .

2. Lectures
Here is an outline of my plans for the lectures coming winter/spring April - May.
The lectures are scheduled Fridays 9 - 12 and 13 - 16:30 (circa), Staturdays 9 - 12.
Three Saturday afternoons are reserved for labs (see below); April 3, April 17, and May 8.
As for what actually happened during the lectures: follow the link "Kort om vad föreläsningarna innehöll" (in Swedish) under section 10. below.
Chapter or section numbers "Kap, Avsn" refer to the Course Notes .
Here's the preface and a synopsis (all i Swedish).
Chapter or section numbers "Ch, Sec" refer to the textbook
W. Stallings. Cryptography and Network Security. Principles and Practice. Third Edition. Prentice-Hall, 2003.

Meeting 1: April 2 - 3, room 211

Introduction to the subject, Kap1, Ch 1
Classical cipher systems, Avsn 2.1 - 2.3, Ch 2
Stream and block ciphers, Avsn 2.3 - 2.6, Ch 3, 4, 5, 6 and 7
Exercises, Kap 1 & 2
Entropy and equivocation, Avsn 3.1 - 3.2
Unicity distances & secrecy, Avsn 3.3, 3.5
Introduction to labs
Meeting 2: April 16 - 17, room 211

Congruences and primes, Kap 4, Ch 8
The RSA cipher and ElGamal cipher, Avsn 5.1 - 5.2, Ch 9
Digital signatures, Avsn 6.1 - 6.6, Ch 13
Exercises, Kap 3 -- 6
Data integrity, Kap 7 (parts only), Ch 11, 12
Key management, Kap 8 (parts only), Ch 10
Introduction to labs
Meeting 3: May 7 - 8, room 211

Identification, Avsn 9.1 - 9.4, Sec 14.2
Exercises, kap 1 - 9
Discretionary Access Control, Kap 10, Ch 20
Mandatory access control, Kap 11, Ch 20
Exercises, Appendix Tentamina
Comments on chapter exercises

Standards, kap 12, Sec 15.1, 17.2
Meeting 4: Exam; May 28

Ex-exams with partial solutions

3. Labs

An important part of the course is the packet of labs handed out during the course.

Several useful algorithms/methods can be found e.g. in the DSS Document and also e.g. in chapter and 4 and 14 of Handbook of Applied Cryptography .

We recommend you to solve the labs in C or C++. Should you plan to do it in another language, consult the TA first!

You may also choose to use the GNU Multiprecision Library described here.

The deadline for the labs will be May 28. Please hand over your solutions to the post box of Olga Grinchtein.

4. Guest lectures

No guest lectures are currently planned.

5. Recommended reading

The main text this winter/spring will be the following.

W. Stallings. Cryptography and Network Security. Principles and practice. Third edition. Prentice-Hall, 2003.

Some other excellent books:

D. Denning. Cryptography and Data Security. Addison-Wesley, 1982.
D. Stinson. Cryptography Theory and Practice. CRC Press, 1995.
D. Stinson. Cryptography Theory and Practice. Second edition. Chapman & Hall/CRC, 2002.
B. Schneier. Applied Cryptography. Second Edition. John Wiley & Sons, Inc., 1996.
G. Simmons (ed). Contemporary Cryptology. The Science of Information Integrity. IEEE Press, 1992.
A. Menezes, P. van Oorshot, S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.
C. Kauffman, R. Perham, M. Speciner. Network Security: Private Communication in a Public World. Prentice-Hall, 1994.
H. van Tilborg. Fundamentals of Cryptology. Kluwer Academic Publishers, 2000.
P. Garrett. Making and Breaking Codes. An Introduction to Cryptology. Prentice-Hall, 2001.
D. Kahn. The Codebreakers. Macmillan, 1967.
W, Trappe, L. Washington. Cryptography with Coding Theory. Prentice Hall, 2002.
A. Beutelspacher. Cryptology. The Mathematical Association of America, 1994.
P. Wayner. Disappearing Cryptography. AP Professional, 1996.
S. Singh. The Code Book
N. Smart. Cryptography. An Introduction. McGraw-Hill, 2002.

And, of course, you should consult

K. McCurley, C. D. Ziegler (Eds.). Advances in Cryptology 1981 - 1997. LNCS 1440, Springer Verlag, 1998.

The following are available on the Net.

The RSA paper
S. Goldwasser, M. Bellare. Class Notes.
Charles Blair's notes
Lawrie Brown's course notes
Paul Garrett's course notes
Hans Husmans "Kryptering från Början till Slut"
Evangelos Kranakis' course notes
Douglas Stinson's design notes
RSA's Cryptography FAQ.
John Savard's Compendium
Orange Book.
P G P Manual Page.
Eric Weisstein's Encyclopedia of mathematics.

These books on security have a broader scope.

D. Denning. Information Warfare and Security. Addison-Wesley, 1999.
P. Denning (ed). Intruders, Viruses, and Worms. Addison-Wesley, 1990.
C. Pfleeger. Security in Computing. 2/e. Prentice-Hall, 1996.
E. Amoroso. Fundamentals of Computer Security Technology. Prentice-Hall, 1994.
W. Cheswick, S. Bellovin. Firewalls and Internet Security. Repelling the Wiley Hacker. Second edition. Addison-Wesley, 1998.
D. Gollmann. Computer Security. Wiley, 1999.
M. Bishop. Computer Security. Art and Science. Addison-Wesley, 2003.
R. Harris. Enigma. Forum, 1995.
B. Beckman. Svenska kryptobedrifter. Bonniers, 1996.

6. Teaching

Lectures and exams: Hans Flack, room 1256, tel 471 3016, hansf@docs.uu.se
Lab's: Olga Grinchtein, room 1440, tel 471 57777, olgag@it.uu.se

7. Supplementary comments

Found here

8. Miscellaneous

Organisations
IACR
ACM - SIGSAC
IEEE
NIST [FIPS Standards]
ANSI
ISO

Link pages
Dorothy Denning's Cryptography page
Ronald Rivest's page of links
Peter Gutmann's page of links
Tom Dunigan's security links
Tatu Ylönen's page of links
Mihir Bellare's page of links
CryptoLog
Links at Counterpane Systems
Netscape's security page

A few other courses
Alfred Menezes' course, winter 2000
Kevin McCurley's course, fall - 96
Ronald Rivest's courses, fall -99 (and earlier)
Douglas Stinson's course, fall -97
Douglas Stinson's course, fall -98
Course at KTH, NADA
Course at LiTH, ISY
Course at LTH, IT
Björn Victor's distance course, spring 2000
Still more courses
ACM Professional Knowledge Program on Security
Publications
Computer and Communications Security Review
Algorithms
AES
The NESSIE project
Skipjack (declassified, May 1998)
Early PKS (CESG, UK)
M-209
PGP International page

Bibliographies
Collected at Counterpane
Theory of Cryptology Library
Historical
Maritime
The Geiheimschreiber Secret
Bletchley Park
Milton Keynes
The Multics System

9. Results: Assignments, exams, &c

I'll pass a list around during lectures on which you can give an explicit permission for me to publish your results on the web (should you wish me to do so).
For those on the list: Here are the results. xxx .

10. Instructor's self assessment

Kommer kanske här.
Kort om vad föreläsningarna innehöll.

And a` propos nothing: Zig/Zag- angels

This page has been visited times since January 31, 2004.
Best regards,
Hans
Hans' home page