You are here: Home » Study Plan » Subject

Sciences

Subject: CRITTOGRAFIA APPLICATA (A.A. 2023/2024)

master degree course in COMPUTER SCIENCE

Course year 1
CFU 6
Teaching units Unit Crittografia applicata
Related or Additional Studies (lesson)
  • TAF: Supplementary compulsory subjects SSD: INF/01 CFU: 6
Teachers: Luca FERRETTI
Moodle portal

Aula virtuale su Microsoft Teams

Exam type oral
Evaluation final vote
Teaching language Italiano
Contents download pdf download

Teachers

Luca FERRETTI

Overview

The course aims at presenting methods, protocols and technologies related to the adoption of cryptographic schemes and techniques for guaranteeing security of computer protocols, architectures and systems. Moreover, the course includes the study and practical adoption of hardware technologies associated with the secure adoption of cryptographic schemes and protocols.

The topics included in the course are necessary to comprehend and potentially design security solutions for modern information systems. To this aim, the course also discusses how to model cyber-security threats to computer systems, and how these threats influence the design and the adoption of cryptographic techniques. Popular real world use case examples will be considered, including multiple paradigms for communication, storage, authentication and authorization, and heterogeneous hardware and software systems.

Admission requirements

The course assumes the following dependencies:
- network protocols: TCP/IP stack, HTTP
- principles of operating systems

The course also includes hands-on sessions which require expertise with programming languages (suggested: Python), Bash commands and scripts, adoption of a Linux-based operating system.

Although all the due main concepts of the course related to cyber-security are completely presented throughout the course, it is suggested to have a comprehensive understanding of other cyber-security topics, such as cyber attacks and defenses related to computer systems and software. Such knowledge is provided by other courses within the master degree course: Cyber Security and Secure Software Development.

Similarly, knowledge more related to theory of cryptographic primitives is not provided within the course, but can be helpful to better understand some of the topics and to challenge some optional topics proposed throughout the course. Such theoretical knowledge can be acquired within the Cryptographic Algorithms course.

Course contents

Introduction to concepts of modern cryptographic schemes and primitives (~1 CFU):
- security guarantees of cryptographic schemes;
- established cryptographic primitives and frameworks.

Introduction to modeling cryptographic protocols for real world scenarios (~1 CFU):
- system and threat modeling;
- major attacks to cyber-security guarantees;
- techniques for proving security of protocols.

Techniques for protecting data in applied scenarios (~2 CFU):
- secure communication protocols;
- architectures for identity management and key distribution.

Cryptographic techniques for authentication and authorization (~2 CFU):
- modeling authentication protocols and realted attacks;
- standard protocols for authentication and credentials protection.

Further optional topics will be proposed to interested students in the context of advanced techniques in the context of current research within applied cryptography. Examples include:
- advanced cryptographic schemes for outsourced data;
- advanced authentication schemes and techniques;
- privacy enhancing technologies.

Teaching methods

Theoretical lessons carried out with the support of slides. Laboratory sessions where each student can use its own personal computer to replicate tutorials or to solve exercises proposed by the teacher. Throughout the course optional theoretical topics and laboratory exercises are given to the students for additional practice.

Assessment methods

The examination can consists of: - an oral exam where the student must demonstrate knowledge of the theoretical and practical issues discussed in the classroom, and must demonstrate the ability to solve problems given by the teacher. The examination is estimated to take about an hour. or - a project carried out autonomously on a topic agreed with the teacher, to be presented to the teacher with auxiliary slides and/or experimental results

Learning outcomes

Knowledge and understanding of:
- cryptographic frameworks and related security guarantees.
- attack classes and related security practices and techniques;
- hardware technologies adopted in the context of cryptographic schemes and protocols.

Ability to apply knowledge and understanding (know-how):
- expertise in detecting potential security vulnerabilities in case of major wrong deployment of cryptographic techniques and protocols.
- expertise in using software tools to apply theoretical knowledge.

Autonomy of judgment:
- analyzing and modeling scenarios for deciding the correct cryptographic primitives, schemes and protocols to enforce security guarantees
- analyzing and defining threat models to guarantee information security through cryptographic schemes and protocols

Communication skills:
- presenting and discussing acquired knowledge
- discussing variants of acquired knowledge and discussing design choices related to the application of cryptographic schemes and protocols
- exposing a research project or research performed on their own

Learning skills:
- learning knowledge and concepts presented by the teacher
- autonomously analyse and acquire knowledge from written and multimedia resources provided by the teacher
- autonomously find, select and analyse additional learning resources for their own research or project

Readings

Gli studenti potranno conseguire il corso studiando sulle slide proposte dal docente (disponibili su Moodle Unimore) e su numerose risorse online disponibili gratuitamente (documenti di standard, articoli scientifici e divulgativi, documentazioni tecniche).
Gli studenti potranno appoggiarsi inoltre ad alcuni capitoli selezionati da libri di testo per studio autonomo e per approfondimenti:
- "Real-World Cryptography", David Wong
- “Serious Cryptography”, Aumasson