Sciences
Subject: CRITTOGRAFIA APPLICATA (A.A. 2022/2023)
master degree course in COMPUTER SCIENCE
| Course year | 1 |
|---|---|
| CFU | 6 |
| Teaching units |
Unit Crittografia applicata
Related or Additional Studies (lesson)
|
| Moodle portal | |
| Exam type | oral |
| Evaluation | final vote |
| Teaching language | Italiano |
Teachers
Overview
The course aims at presenting methods, protocols and technologies related to the adoption of cryptographic schemes and techniques for guaranteeing security of computer protocols, architectures and systems. Moreover, the course includes the study and practical adoption of hardware technologies associated with the secure adoption of cryptographic schemes and protocols.
The topics included in the course are necessary to comprehend and potentially design security solutions for modern information systems. To this aim, the course also discusses how to model cyber-security threats to computer systems, and how these threats influence the design and the adoption of cryptographic techniques. Popular real world use case examples will be considered, including multiple paradigms for communication, storage, authentication and authorization, and heterogeneous hardware and software systems.
Admission requirements
The course assumes the following dependencies:
- network protocols: TCP/IP stack, HTTP
- principles of operating systems
The course also includes hands-on sessions which require expertise with programming languages (suggested: Python), Bash commands and scripts, adoption of a Linux-based operating system.
Although all the due main concepts of the course related to cyber-security are completely presented throughout the course, it is suggested to have a comprehensive understanding of other cyber-security topics, such as cyber attacks and defenses related to computer systems and software. Such knowledge is provided by other courses within the master degree course: Cyber Security and Secure Software Development.
Similarly, knowledge more related to theory of cryptographic primitives is not provided within the course, but can be helpful to better understand some of the topics and to challenge some optional topics proposed throughout the course. Such theoretical knowledge can be acquired within the Cryptographic Algorithms course.
Course contents
Introduction to concepts of modern cryptographic schemes and primitives (~1 CFU):
- security guarantees of cryptographic schemes;
- established cryptographic primitives and frameworks.
Introduction to modeling cryptographic protocols for real world scenarios (~1 CFU):
- system and threat modeling;
- major attacks to cyber-security guarantees;
- techniques for proving security of protocols.
Techniques for protecting data in applied scenarios (~2 CFU):
- secure communication protocols;
- techniques for encrypted storage and files;
- architectures for identity management and key distribution.
Cryptographic techniques for authentication and authorization (~1 CFU):
- modeling authentication protocols and realted attacks;
- standard protocols for authentication and credentials protection.
Hardware technologies for cryptography (~1 CFU):
- hardware devices and technologies for strong authentication;
- hardware technologies for cryptographic keys protection;
- hardware technologies as trust anchors.
Further optional topics will be proposed to interested students in the context of advanced techniques in the context of current research within applied cryptography. Examples include:
- advanced cryptographic schemes for outsourced data;
- advanced authentication schemes and techniques;
- privacy enhancing technologies.
Teaching methods
Theoretical lessons carried out with the support of slides. Laboratory sessions where each student can use its own personal computer to replicate tutorials or to solve exercises proposed by the teacher. Throughout the course optional theoretical topics and laboratory exercises are given to the students for additional practice.
Assessment methods
The examination consists of an oral exam where the student must demonstrate knowledge of the theoretical and practical issues discussed in the classroom, and must demonstrate the ability to solve problems given by the teacher. The examination is estimated to take about an hour.
Learning outcomes
Knowledge and understanding of:
- cryptographic frameworks and related security guarantees.
- attack classes and related security practices and techniques;
- hardware technologies adopted in the context of cryptographic schemes and protocols.
Ability to apply knowledge and understanding (know-how):
- expertise in detecting potential security vulnerabilities in case of major wrong deployment of cryptographic techniques and protocols.
- expertise in using software tools to apply theoretical knowledge.
Readings
Gli studenti potranno conseguire il corso studiando sulle slide proposte dal docente e su numerose risorse online disponibili gratuitamente (documenti di standard, articoli scientifici e divulgativi, documentazioni tecniche).
Gli studenti potranno appoggiarsi inoltre ad alcuni capitoli selezionati da libri di testo per studio autonomo e per approfondimenti:
- “Serious Cryptography”, Aumasson
- “Introduction to Modern Cryptography”, Katz e Lindell
- “Applied Cryptography”, Schneier
- “Foundations of Cryptography - Volume 2”, Goldreich
- “A Graduate Course in Applied Cryptography”, Boneh e Shoup