Subject: ALGORITMI DI CRITTOGRAFIA (A.A. 2021/2022)
Unit Algoritmi di crittografia
Related or Additional Studies (lesson)
The course aims to provide in-depth knowledge on the main asymmetric cryptography algorithms, for both encryption and digital signature. The main attacks based on possible implementation vulnerabilities as well as on other context weaknesses will also be discussed. In this latter regard, a significant portion of the course will be dedicated to review and discuss cases of attacks (to even the most advanced encryption techniques) based mainly on advanced “social engineering techniques”, i.e. techniques that try to exploit vulnerabilities in the human factors of the crypto defense apparatus, commonly identified as the real weak link in the chain of every type of security.
There are no formal prerequisites. However, a certain degree of mathematical maturity is required for an adequate understanding of some algebraic and number theoretic results on which the current asymmetric protocols are based. Equally useful is having taken a programming course and a course on algorithms and data structures.
The cours is scheduled for the second semester of the first year, for a total of 42 hours of frontal teaching. The contents listed below, in terms of class-hours, is to be taken as indicative.
1. Models and algorithms (2h)
2. Cryptographic hash functions (3h)
3. Modular arithmetic (3h)
4. Fundamental problems and algorithms for asymmetric cryptography (5h)
5. The key exchange problem (4h)
6. Encryption algorithms (4h)
7. Digital signature (4h)
8. Authentication approaches: TLS and PGP (3h)
9. Non-mathematical attack techniques, case studies (6h)
10. Technologies and security issues in the context of organizational models (4h)
11. Notes on "post-quantum" cryptography (4h)
Teaching is based exclusively on lessons / exercises to be carried out in classroom(*). Students are encouraged, whenever possible, to bring their own laptop for conducting examples under the guidance of the teacher. All technical and organizational information on teaching will be uploaded to the Dolly platform. The student is invited to register and consult this platform regularly. Even if additional teaching material provided by the teacher will be possibly uploaded to another platform (typically GDRIVE), advice will however always be posted on Dolly. (*) Due to the COVID19 health situation, in the two previous academic years the lessons were held remotely using the Meet platform, in both asynchronous (2019/20) and synchronous modes (2020/21).
The exam will consist of an oral interview lasting about 40 minutes. The interview will focus exclusively on the topics presented in class.
Knowledge and understanding
At the end of the course studenta will have acquired solid knowledge about the main asymmetric cryptography techniques. They will also have knowledge of the main weaknesses related in particular to the exploitation of the human factor.
Ability to apply knowledge and understanding
The parts of the course dedicated to the experimental use of some available suites and the analyses carried out on particular case studies aim to make the students acquire the correct perception of the difficulty of translating the cryptographic ideas studied into secure protocols. This awareness is the first fundamental skill of professionals in this delicate field.
Autonomy of judgment
Even if the field of study is vast and delicate, due to the possible consequences of wrong choices, the student will be able to develop skills that will enable him to make a conscious choice of the cryptographic tools to be used in the various contexts and in the light of specific organizational models.
The course will contribute to the general development of communication skills through the discussion, during the lessons, of the motivations supporting different specific solutions in hypothetical application scenarios.
As for communication skills, the course is only a “piece” of the larger mosaic that represents the skills acquired by the student during his training period. Regarding the field of cryptography, it is essential that the student first of all develops a sensitivity towards the need to be constantly updated both in terms of available solutions and in that of possible vulnerabilities highlighted by crypto-analytical and social engineering investigations.
Non c’è un testo preciso di riferimento. Il materiale didattico (dispense, appunti reperibili in rete, software, ...) verrà messo a disposizione dai docenti con indicazioni riportate sulla piattaforma Dolly.
Per consultazione si segnala comunque il seguente testo: J.P. Aumasson. Serious Cryptography. No Starch Press, San Francisco 2018