Disclaimer:

This is a set of notes, that summarizes the class coverage of material. By no means is this comprehensive or is a substitute for class notes and attendance. Also, updating of this page is not guaranteed to be frequent.

 1. Jan 21

• Introduction to the course
• What is Cryptography, What is security,
• Privacy
• Vulnerabilities,
• Privacy issues, guarding personal information

2. Jan 23

• Identity Theft -- problems with SS#, PIN etc.
• Encryption techniques, symmetric, asymmetric
• Block/stream ciphers
• Ceaser cipher, affine cipher, vigenere cipher, polyalphabetic ciphers.
• Trusting software (Ken Thompson Lecture)
• Encryption basics
• Open encryption systems vs. Proprietary encryption systems (problems with GSM, CSS)
• Unconditionally Secure Encryption
• How to break encryption
• Brute force and key strength

3. Jan 28

• GPG and PGP by Austin Godber - slides are here

4. Jan 30

• Authentication by Prashant Dewan, slides are here

5. Feb 4

• Desirable functions of Security Protocols: Privacy, Integrity,  Authentication,  Non repudiation, Access Control, Availability, Timestamping, Certification,  Signature
• Cryptography terms
  o Encryption, decryption, plaintext, ciphertext, Crypto Algorithm, Nonce,  Hash
• Cryptographic Protocols:  A prescribed (open) sequence of events between entities to achieve a goal
  § Arbitrated – lawyers, banks
  § Adjudicated – judges 
  § Self enforcing
•  Protocols are hard to analyze
  § properties are very SUBTLE 
  § Runs in a complex and hostile environment
  § Hard to capture power of adversary
  § Concurrent protocols are extremely hard to analyze
• Attacks
  o Passive Attack
  o Active Attack
  o Modification
  o Man in the middle
  o Dictionary
  o Masquerade
  o Replay
  o Algebraic
  o Denial of Service

6. Feb 6

• Cryptographic functions, one-way trapdoor functions
• Secure Random Numbers (Next bit test, and CS-PRNG)
• MAC and message integrity
• Secure Communication - symmetric keys with an arbitrator
• Secure Communication - key exchange with public keys
• Diffie Helman Key Exchange
•  

7. Feb 11

• Steganography, and its relationship to Cryptography
• Cryptanalysis
• Vulnerability of Public Key encryption to chosen plaintext attacks
• Hybrid cryptosystems for efficiency
• Merkle's Puzzle

8. Feb 13

• Authentication 
• Passwords, weakness of passwords, grabbing, sniffing
• Challenge response systems
• Shared secret and public key challenge response
• Zero Knowledge proofs of identity
• Attacks against Protocols -- 
• Man in the middle attack
• Digital Signatures  - authentic, unforgeable, not-reusable, unalterable, non-repudiable.
• Symmetric key, using Trent
• Use public keys
• Public key based
• Need timestamps or serial numbers
• Encrypt and sign for secrecy

9. Feb 18

• Authentication revisited
• Secure Authentication systems, using challenge response, using public-private keys -- how to implement in practice.
• Biometrics - what are the vulnerabilities
• DIGITAL SIGNATURES - using public keys, using hashes
• Timestamps or serial number to stop reuse
• Encryption with digital sigs for privacy
• RESEND ATTACK --- do not sign anything you did not generate.
• Certificates and SSL

10. Feb 20

• Certificates, Certificate Authorities, Signatures on Certificates
• Certificates spoils Man in Middle, and makes authentication happen offline
• Hierarchies of CAs
• Web of Trust
• The SSL Protocol
• Key exchange in SSL
• Master Key Setup in SSL

11. Feb 25

• HOMEWORK ASSIGNED
• DES

12. Feb 27

• RSA - what it is and how it works and why it works

13. Mar 4

• RSA continued. Finding Prime numbers, primality testing, extended euclidean algorithm

14. Mar 6

• HOMEWORK DUE. 
• How many bits should the RSA key have?
• Birthday paradox and birthday attacks
• Multiple Key Public Key Cryptography
• Group Communication

15. Mar 11

• secret splitting
• secret sharing

16. Mar 13

• Course Review
• Timestamping

March 17-21 - Spring Break, no classes

Mar 25: MID TERM EXAM

17. Mar 27

• Timestamping -- linking and distributed
• Dining Cryptographers Problem
• Protecting Databases via Hashing
• Undeniable Digital Sigs
• Subliminal channels

18. Apr 1

• Proxy Signatures
• Group Signatures
• Computing with Encrypted Data
• Computing with Encrypted Code
• "Reverse" Sandboxing
• Secure coprocessors - initialization and identification
• IBM Coprocessor Design

19. Apr 3

• How the coprocessor works
• Initialization, regeneration
• Trusting the keys
• Trusted software layers
• One layer certifies the other
• Ratchet mechanism provides hardware locks to guard the keys

20. Apr 8

• Secure Coprocessors, again
• The concept of layered security
• How to make the processor work
• Why use secure processors (rented sfotware, wallet applications, point of sale authentication, postage franking, mobile code, storage of keys)
• Bit Commitment
  • Symmetric/hash based/Assymetric/Random number based

21. Apr 10

• Coin Flipping
• Dealing cards (Mental Poker)
• Zero Knowledge Proofs
• Cut and Choose
• Proving graph isomosrphism using ZKP
• Parallel ZKP
• Non-interactive ZKP
•  

22. Apr 15

• ZKP of identity - similar to public key challenge response (faster??)
• Feige-Fiat-Shamir proof of identity
• Blind Signatures (Digital envelopes)

23. Apr 17

• Anonymous Money Orders
• Secure Elections
• CTF methods
• CTF and CLA method
• Voting using  blind signatures

24. Apr 22

• How to minimize risks of ballot stuffing
• Read: Rebecca Mercuri
• Secure Multiparty Computations
• SET: Secure Electronic Transsactions
• Digital Cah
  • Properties
  • Step 1: Anonyomous Money Orders
  • Step 2: ID String, and cut and choose and double usage prevention

25. Apr 24

• Mujataba Khambatti on The New Science of Networks

26. Apr 29

• Homework 03
• Digital Cash continued

27. May 1

• Winnowing and Chafing (privacy without encryption)
• Micromint (coinage)
• Payword (one time passwords for credit charges)

28. May 6   LAST CLASS

• Review Class

May 8

• Note: NO CLASS

May 13 - FINAL EXAM:  4:40p - 6:30p