Carlo BLUNDO | SICUREZZA INFORMATICA

cod. 0622700034

SICUREZZA INFORMATICA

	0622700034
	DIPARTIMENTO DI INGEGNERIA DELL'INFORMAZIONE ED ELETTRICA E MATEMATICA APPLICATA
	EQF7
	COMPUTER ENGINEERING
	2016/2017

CURRICULUM INDIRIZZO INFORMATICA Cohort 2015/2016

	OBBLIGATORIO
	YEAR OF COURSE 2
	YEAR OF DIDACTIC SYSTEM 2015
	PRIMO SEMESTRE

TEACHING UNITS

	SSD	CFU	HOURS	ACTIVITY	TYPE OF ACTIVITY
	INF/01	9	90	LESSONS	SUPPLEMENTARY COMPULSORY SUBJECTS

	Objectives
	KNOWLEDGE AND UNDERSTANDING: THE AIM OF THE COURSE IS TO PRESENT BASIC CRYPTOGRAPHIC PRIMITIVES (ENCRYPTION, AUTHENTICATION, DIGITAL SIGNATURE, PSEUDO'RANDOM GENERATION) ALONG WITH CURRENT RESEARCH TOPICS AND INDUSTRIAL STANDARDS. THE CLASS WILL ALSO PRESENT THE PRINCIPLES THAT ARE AT THE BASIS OF THE CONSTRUCTIONS OF SUCH PRIMITIVES IN A RIGOROUS AND FORMAL WAY. AT THE END OF THE CLASS THE STUDENT WILL ACQUIRE KNOWLEDGE AND METHODOLOGY NEEDED TO APPROACH ISSUES RELATIVE TO THE USE OF THE CRYPTOGRAPHIC PRIMITIVES. APPLYING KNOWLEDGE AND UNDERSTANDING: WHAT ARE THE SECURITY PROPERTIES THAT A CRYPTOGRAPHIC PRIMITIVE MUST SATISFY? THE COURSE WILL PRESENT ALSO THE GENERAL PRINCIPLES THAT DRIVE THE DESIGN OF SECURE CRYPTOGRAPHIC PRIMITIVES. MOREOVER THE STUDENT WILL BE ABLE TO ANSWER QUESTIONS LIKE: WHY DO WE THINK THE PRIMITIVE IS SECURE? CAN WE ACTUALLY PROVE THAT THIS PRIMITIVE IS SECURE? MAKING JUDGMENTS: STUDENTS ARE TAUGHT TO CRITICALLY CHALLENGE THE MATERIAL PRESENTED DURING THE LECTURES SO TO ENRICH HIS JUDGEMENT CAPABILITIES. THE STUDENT WILL BE ABLE TO DECIDE WHICH FROM A SET OF ALTERNATIVES IS THE PRIMITIVE THAT IS MORE ADEQUATE TO SOLVE A SPECIFIC PROBLEM. COMMUNICATION SKILLS: THE STUDENT WILL BE AWARE OF THE ISSUES RELATED TO TE DESIGN OF SECURE CRYPTOGRAPHIC PRIMITIVES AND WILL BE ABLE TO TAKE PART TO GROUP WORK AND TO PRESENT ALSO TO AN UNINFORMED AUDIENCE THE ISSUES RELATED TO THE USE OF SECURE CRYPTOGRAPHIC PRIMITIVES. UNDERSTANDING SKILLS: THE STUDENTS WILL BE ABLE TO APPROACH IN INDEPENDENT WAY ANY ISSUE RELATED TO THE USE OF SECURE CRYPTOGRAPHIC PRIMITIVES AND WILL BE ABLE TO UNDERSTAND THE FORMAL DESCRIPTION AS WELL AS THE FORMAL SECURITY MODEL ASSOCIATE WITH A PRIMITIVE. MOREOVER, THE STUDENT WILL BE STIMULATED TO STUDY IN A MANNER THAT MAY BE LARGELY SELF-DIRECTED OR AUTONOMOUS. ONE OF THE GOALS OF THE COURSE IS TO PROVIDE STUDENTS WITH THE PROPER TOOLS TO ALLOW CONTINUOUS UPDATING OF THEIR KNOWLEDGE EVEN AFTER THE CONCLUSION OF THE COURSE ITSELF (LIFE LONG LEARNING).

KNOWLEDGE AND UNDERSTANDING:
THE AIM OF THE COURSE IS TO PRESENT BASIC CRYPTOGRAPHIC PRIMITIVES (ENCRYPTION, AUTHENTICATION, DIGITAL SIGNATURE, PSEUDO'RANDOM GENERATION) ALONG WITH CURRENT RESEARCH TOPICS AND INDUSTRIAL STANDARDS. THE CLASS WILL ALSO PRESENT THE PRINCIPLES THAT ARE AT THE BASIS OF THE CONSTRUCTIONS OF SUCH PRIMITIVES IN A RIGOROUS AND FORMAL WAY. AT THE END OF THE CLASS THE STUDENT WILL ACQUIRE KNOWLEDGE AND METHODOLOGY NEEDED TO APPROACH ISSUES RELATIVE TO THE USE OF THE CRYPTOGRAPHIC PRIMITIVES.

APPLYING KNOWLEDGE AND UNDERSTANDING:
WHAT ARE THE SECURITY PROPERTIES THAT A CRYPTOGRAPHIC PRIMITIVE MUST SATISFY? THE COURSE WILL PRESENT ALSO THE GENERAL PRINCIPLES THAT DRIVE THE DESIGN OF SECURE CRYPTOGRAPHIC PRIMITIVES. MOREOVER THE STUDENT WILL BE ABLE TO ANSWER QUESTIONS LIKE: WHY DO WE THINK THE PRIMITIVE IS SECURE? CAN WE ACTUALLY PROVE THAT THIS PRIMITIVE IS SECURE?

MAKING JUDGMENTS:
STUDENTS ARE TAUGHT TO CRITICALLY CHALLENGE THE MATERIAL PRESENTED DURING THE LECTURES SO TO ENRICH HIS JUDGEMENT CAPABILITIES. THE STUDENT WILL BE ABLE TO DECIDE WHICH FROM A SET OF ALTERNATIVES IS THE PRIMITIVE THAT IS MORE ADEQUATE TO SOLVE A SPECIFIC PROBLEM.

COMMUNICATION SKILLS:
THE STUDENT WILL BE AWARE OF THE ISSUES RELATED TO TE DESIGN OF SECURE CRYPTOGRAPHIC PRIMITIVES AND WILL BE ABLE TO TAKE PART TO GROUP WORK AND TO PRESENT ALSO TO AN UNINFORMED AUDIENCE THE ISSUES RELATED TO THE USE OF SECURE CRYPTOGRAPHIC PRIMITIVES.

UNDERSTANDING SKILLS:
THE STUDENTS WILL BE ABLE TO APPROACH IN INDEPENDENT WAY ANY ISSUE RELATED TO THE USE OF SECURE CRYPTOGRAPHIC PRIMITIVES AND WILL BE ABLE TO UNDERSTAND THE FORMAL DESCRIPTION AS WELL AS THE FORMAL SECURITY MODEL ASSOCIATE WITH A PRIMITIVE. MOREOVER, THE STUDENT WILL BE STIMULATED TO STUDY IN A MANNER THAT MAY BE LARGELY SELF-DIRECTED OR AUTONOMOUS. ONE OF THE GOALS OF THE COURSE IS TO PROVIDE STUDENTS WITH THE PROPER TOOLS TO ALLOW CONTINUOUS UPDATING OF THEIR KNOWLEDGE EVEN AFTER THE CONCLUSION OF THE COURSE ITSELF (LIFE LONG LEARNING).

	Prerequisites
	NO KNOWLEDGE OF SECURITY AND CRYPTOGRAPHY IS ASSUMED.

	Contents
	INTRODUCTION TO CRYPTOGRAPHY AND DATA SECURITY SECURITY MODELS STREAM CIPHERS THE DATA ENCRYPTION STANDARD (DES) AND ALTERNATIVES THE ADVANCED ENCRYPTION STANDARD (AES) BLOCK CIPHERS: MODES OF OPERATION INTRODUCTION TO PUBLIC-KEY CRYPTOGRAPHY THE RSA CRYPTOSYSTEM PUBLIC-KEY CRYPTOSYSTEMS BASED ON THE DISCRETE LOGARITHM PROBLEM ELLIPTIC CURVE CRYPTOSYSTEMS PROBABILISTIC ENCRYPTION DIGITAL SIGNATURES THE DIGITAL SIGNATURE ALGORITHM (DSA) HASH FUNCTIONS MESSAGE AUTHENTICATION CODES (MACS) KEY ESTABLISHMENT THE SIGNAL PROTOCOL PUBLIC-KEY INFRASTRUCTURES (PKI) AND CAS SECRET SHARING-

Contents

INTRODUCTION TO CRYPTOGRAPHY AND DATA SECURITY
SECURITY MODELS
STREAM CIPHERS
THE DATA ENCRYPTION STANDARD (DES) AND ALTERNATIVES
THE ADVANCED ENCRYPTION STANDARD (AES)
BLOCK CIPHERS: MODES OF OPERATION
INTRODUCTION TO PUBLIC-KEY CRYPTOGRAPHY
THE RSA CRYPTOSYSTEM
PUBLIC-KEY CRYPTOSYSTEMS BASED ON THE DISCRETE LOGARITHM PROBLEM
ELLIPTIC CURVE CRYPTOSYSTEMS
PROBABILISTIC ENCRYPTION
DIGITAL SIGNATURES
THE DIGITAL SIGNATURE ALGORITHM (DSA)
HASH FUNCTIONS
MESSAGE AUTHENTICATION CODES (MACS)
KEY ESTABLISHMENT
THE SIGNAL PROTOCOL
PUBLIC-KEY INFRASTRUCTURES (PKI) AND CAS
SECRET SHARING-

	Teaching Methods
	LECTURES, GUIDED EXERCISES AND LABS. DURING THE LECTURES CRYPTOGRAPHIC PRIMITIVES ARE PRESENTED AND THEIR APPLICATIONS TO REAL-LIFE PROBLEMS ARE DISCUSSED. IN THE LABS STUDENTS ARE REQUIRED TO USE (OR IMPLEMENT) CRYPTOGRAPHIC PRIMITIVES PRESENTED IN THE LECTURES.IN THE GUIDED EXERCISES STUDENTS ARE DIVIDED IN GROUPS AND EACH GROUP IS ASSIGNED A PROJECT-WORK TO DEVELOP DURING THE WHOLE COURSE. THE PROJECT INCLUDES ALL THE MATERIAL OF THE COURSE AND IS FINALIZED TO THE ACQUISITION OF THE CAPACITY TO USE THE APPROPRIATE CRYPTOGRAPHIC PRIMITIVE TO SOLVE A PROBLEM. THE PROJECT-WORK IS ALSO USED TO DEVELOP THE ABILITY OF WORKING IN A TEAM.

Teaching Methods

LECTURES, GUIDED EXERCISES AND LABS.
DURING THE LECTURES CRYPTOGRAPHIC PRIMITIVES ARE PRESENTED AND THEIR APPLICATIONS TO REAL-LIFE PROBLEMS ARE DISCUSSED.
IN THE LABS STUDENTS ARE REQUIRED TO USE (OR IMPLEMENT) CRYPTOGRAPHIC PRIMITIVES
PRESENTED IN THE LECTURES.IN THE GUIDED EXERCISES STUDENTS ARE DIVIDED IN GROUPS AND EACH GROUP IS ASSIGNED A PROJECT-WORK TO DEVELOP DURING THE WHOLE COURSE. THE PROJECT INCLUDES ALL THE MATERIAL OF THE COURSE AND IS FINALIZED TO THE ACQUISITION OF THE CAPACITY TO USE THE APPROPRIATE CRYPTOGRAPHIC PRIMITIVE TO SOLVE A PROBLEM. THE PROJECT-WORK IS ALSO USED TO DEVELOP THE ABILITY OF WORKING IN A TEAM.

	Verification of learning
	THE FINAL EXAM IS DESIGNED TO EVALUATE AS A WHOLE THE KNOWLEDGE AND UNDERSTANDING OF THE CONCEPTS PRESENTED IN THE COURSE, AND THE ABILITY TO APPLY SUCH KNOWLEDGE IN SOLVING AND SECURITY PROBLEMS. THE EXAM CONSISTS OF THE DISCUSSIONE OF THE PROJECT AND THE HOMEWORKS REALIZED DURING THE COURSE, WHOSE AIM IS TO ASSESS THE ABILITY OF APPLYING KNOWLEDGE OF THE CRYPTOGRAPHIC PRIMITIVES PRESENTED IN CLASS AND/OR REALIZE EFFICIENT IMPLEMENTATIONS, FOLLOWED BY A TEST (WRITTEN OR ORAL) WHOSE AIM IS TO ASSESS THE ACQUIRED KNOWLEDGE OF CRYPTOGRAPHIC PRIMITIVES AND ABILITY TO UNDERSTANDING AND THE PRESENTATION SKILLS. IN THE FINAL EVALUATION, EXPRESSED IN THIRTIES, THE EVALUATION OF THE PROJECT AND HOMEWORKS WILL ACCOUNTS FOR 60%, WHILE THE TEST FOR THE REMAINING 40%. STUDENTS WHO DEMONSTRATE THAT THEY CAN APPLY THE KNOWLEDGE AUTONOMOUSLY EVEN IN CONTEXTS OTHER THAN THOSE PROPOSED IN THE COURSE CAN OBTAIN THE "CUM LAUDE" GRADE.

Verification of learning

THE FINAL EXAM IS DESIGNED TO EVALUATE AS A WHOLE THE KNOWLEDGE AND UNDERSTANDING OF THE CONCEPTS PRESENTED IN THE COURSE, AND THE ABILITY TO APPLY SUCH KNOWLEDGE IN SOLVING AND SECURITY PROBLEMS.

THE EXAM CONSISTS OF THE DISCUSSIONE OF THE PROJECT AND THE HOMEWORKS REALIZED DURING THE COURSE, WHOSE AIM IS TO ASSESS THE ABILITY OF APPLYING KNOWLEDGE OF THE CRYPTOGRAPHIC PRIMITIVES PRESENTED IN CLASS AND/OR REALIZE EFFICIENT IMPLEMENTATIONS, FOLLOWED BY A TEST (WRITTEN OR ORAL) WHOSE AIM IS TO ASSESS THE ACQUIRED KNOWLEDGE OF CRYPTOGRAPHIC PRIMITIVES AND ABILITY TO UNDERSTANDING AND THE PRESENTATION SKILLS.

IN THE FINAL EVALUATION, EXPRESSED IN THIRTIES, THE EVALUATION OF THE PROJECT AND HOMEWORKS WILL ACCOUNTS FOR 60%, WHILE THE TEST FOR THE REMAINING 40%.
STUDENTS WHO DEMONSTRATE THAT THEY CAN APPLY THE KNOWLEDGE AUTONOMOUSLY EVEN IN CONTEXTS OTHER THAN THOSE PROPOSED IN THE COURSE CAN OBTAIN THE "CUM LAUDE" GRADE.

	Texts
	CHRISTOF PAAR AND JAN PELZL UNDERSTANDING CRYPTOGRAPHY A TEXTBOOK FOR STUDENTS AND PRACTITIONERS SPRINGER, 2010 WILLIAM STALLINGS CRYPTOGRAPHY AND NETWORK SECURITY: PRINCIPLES AND PRACTICE (6TH EDITION) PEARSON HANDOUTS: SLIDES COVERING TOPICS PRESENTED DURING LECTURES INDUSTRIAL STANDARDS.

	More Information
	OTHER MATERIAL WILL BE AVAILABLE ON THE COMPANION SITE HTTP://ELEARNING.DIEM.UNISA.IT

BETA VERSION Data source ESSE3 [Ultima Sincronizzazione: 2019-03-11]

Carlo BLUNDO | SICUREZZA INFORMATICA

SICUREZZA INFORMATICA

CURRICULUM INDIRIZZO INFORMATICA Cohort 2015/2016

TEACHING UNITS

PROFESSORS

SHEET

-

Carlo BLUNDO | SICUREZZA INFORMATICA