Disclaimer:

This is a set of notes, that summarizes the class coverage of material. By no means is this comprehensive or is a substitute for class notes and attendance. Also, updating of this page is not guaranteed to be frequent.

 Jan 15

• Introduction to the class, class contents
• Vulnerabilities
• Encryption and fallibilities
• Secrecy and protecting private information

Jan 17

• Lecture by Austin Godber on GPG - slides are here

 Jan 21

• Lecture by Kyung Ryu on Java Security - slides are here

 Jan 29

• Introduction to Encryption
• Plaintext - cipher text - keys - symmetric and asymmetric cryptosystems
• Cost of breaking cryptography - strength of keys
• How much time does brute force attack take
• One Time Pad
• Types of ciphers

Jan 31

• Symmetric Encryption Ciphers
• Code book, CBC, Stream, Block
• All about DES

 5-Feb

• Review of Encryption Concepts
• Need for encryption
• Secret ciphers, public ciphers
• Passwords and insecurity
• Secrecy and obfuscation--Steganography
• Authentication, Integrity and Non Repudiation
• Cryptanalysis

7-Feb

• Cryptanalysis - ciphertext only, known plaintext, chosen plaintext, adaptive chosen plaintext, chosen ciphertext, chosen key, rubber hose.
• Need for cryptanalysis, exposes weaknesses in ciphers
• Security attacks - buffer overflow, virus, macro, network
• Introduction to Crypto protocols

12-Feb

• Introduction to Protocols
• The key exchange protocols using symmetric keys and a arbitrator
• Using asymmetric keys (public keys)
• Man in the middle attack
• Using web of trust and certificates (need signature of other trusted people)

14-Feb

• Merkle's Puzzle -- precursor to Public Keys
• Interlock Protocol
• One way hashing
• Hybrid Cryptosystems
• Digital Signatures

19-Feb

• Merkle's Puzzle revisited (a correct version)
• Diffie Hellman Key Exchange
• Digital Signatures, using symmetric keys
• Simple Digital signatures (encrypt with private key)

21-Feb

• Digital Signatures using symmetric keys - recap
• why is that scheme authentic/unforgeable/not reusable/unalterable/non-repudiable?
• Digital keys using public keys
• why is the scheme ... the of the above
• Digital checks - how does it work, can be emailed? (yes)
• "I lost my key" trick of repudiation - use timestamps via Trent
• Encrypting signed messages (privacy and authentication)
• The RESEND attack (or replay attack)
• Why the maxim "Thou shall not sign anything that thou did not generate..." 
• HOMEWORK due March 7th

26-Feb

• Random Numbers (cryptographically secure)
• Secret Communications
• Secure Sockets layer - SSL

28-Feb

• Secure Sockets layer - SSL - continued
• Certificates, man-in-the-middle, server authentication
• Using MACs to secure communication against corruption
• Passwords and password storage
• Introduction to Challenge Response

5-Mar

• Passwords, Salt and password vulnerabilities
• Authentication methods
• Challenge Response
• SKEY authentication
• Introduction to RSA

7-Mar:  Note Homework is due. Please submit hard copy. Remote sites, use courier.

• How RSA works
• Proof of some number theory properties to build up to RSA proof
• (note, important concepts are Z*n is closed under multiplication and for any x in Z*n, x raised to the power F(n) is 1 [mod n])

19-Mar

• Completion of proof of RSA

21-Mar:  MID TERM EXAM

• IMPORTANT: All students must be in the correct classrooms. 
• Please do NOT come to main campus, if you are registered in any remote location.
• Exam is mandatory, and there will be no "make up"

26-Mar

• Generating prime numbers for use in RSA
• Bit commitment (flipping coins on the phone)
• Secret splitting (simple XOR)
• Secret sharing (intro)

28-Mar

• Secret sharing using polynomials
• variations of secret sharing (cheaters, no Trent, verifiable, etc)
• Database protection
• Timestamping (basic protocol)

2-Apr

• Lecture by Shu Zhang on IP Sec - slides are here

4-Apr

• Timestamping protocols...
  ... distributed timestamping, 
• Undeniable Digital Signatures, Proxy signatures, Fail stop signatures
• Subliminal channels

9-Apr

• Discussion on solutions to mid term exam
• Dining Cryptographers Porblem
• Mental Poker 
• One way accumulators
• reading assignment: ANDOS and Simultaneous contract signing

11-Apr

• Computing with encrypted data
• Computing with encrypted functions (code obfuscation)
• Protecting agents from the environment (reverse sandboxing) 
• Zero knowledge proofs
• Introduction to "cut and choose"

16-Apr

• Blind signatures
• Doing anonymous "money orders" using cut and choose and blind signatures
• Secure Elections (why is it not possible in reality)
• Secure, trusted code (Ken Thompson Turing Award lecture - Reflections on Trusting Trust)
• Protocols using CTF and CLA and weaknesses of these schemes

18-Apr

• Secure elections continued
• Digital Cash

23-Apr

• Digital Cash - the ID strings and bit commitment
• Micromint  // see link from class home page
• Winnowing and Chafing // see link from class home page

25-Apr

• reading assignment: Secure Multiparty Computations
• Risks in using computer technology
• Security - personal and computer systems
• Personal security - financial transactions and identity
• Computer Systems Security - object code, applications and operating systems
• Biometrics - why does it not work?

30-Apr

• Last class -- review of topics covered

7-May: FINAL EXAM - 4:40p - 6:30p

• IMPORTANT: All students must be in the correct classrooms. 
• Please do NOT come to main campus, if you are registered in any remote location.
• Exam is mandatory, and there will be no "make up"