SICUREZZA INFORMATICA

Carlo BLUNDO SICUREZZA INFORMATICA

0622700034
DIPARTIMENTO DI INGEGNERIA DELL'INFORMAZIONE ED ELETTRICA E MATEMATICA APPLICATA
EQF7
COMPUTER ENGINEERING
2018/2019



OBBLIGATORIO
YEAR OF COURSE 2
YEAR OF DIDACTIC SYSTEM 2017
PRIMO SEMESTRE
CFUHOURSACTIVITY
432LESSONS
324EXERCISES
216LAB
Objectives
KNOWLEDGE AND UNDERSTANDING:
THE AIM OF THE COURSE IS TO PRESENT BASIC CRYPTOGRAPHIC PRIMITIVES (ENCRYPTION, AUTHENTICATION, DIGITAL SIGNATURE, PSEUDO'RANDOM GENERATION) ALONG WITH CURRENT RESEARCH TOPICS AND INDUSTRIAL STANDARDS. THE CLASS WILL ALSO PRESENT THE PRINCIPLES THAT ARE AT THE BASIS OF THE CONSTRUCTIONS OF SUCH PRIMITIVES IN A RIGOROUS AND FORMAL WAY. AT THE END OF THE CLASS THE STUDENT WILL ACQUIRE KNOWLEDGE AND METHODOLOGY NEEDED TO APPROACH ISSUES RELATIVE TO THE USE OF THE CRYPTOGRAPHIC PRIMITIVES.

APPLYING KNOWLEDGE AND UNDERSTANDING:
WHAT ARE THE SECURITY PROPERTIES THAT A CRYPTOGRAPHIC PRIMITIVE MUST SATISFY? THE COURSE WILL PRESENT ALSO THE GENERAL PRINCIPLES THAT DRIVE THE DESIGN OF SECURE CRYPTOGRAPHIC PRIMITIVES. MOREOVER THE STUDENT WILL BE ABLE TO ANSWER QUESTIONS LIKE: WHY DO WE THINK THE PRIMITIVE IS SECURE? CAN WE ACTUALLY PROVE THAT THIS PRIMITIVE IS SECURE?

MAKING JUDGMENTS:
STUDENTS ARE TAUGHT TO CRITICALLY CHALLENGE THE MATERIAL PRESENTED DURING THE LECTURES SO TO ENRICH HIS JUDGEMENT CAPABILITIES. THE STUDENT WILL BE ABLE TO DECIDE WHICH FROM A SET OF ALTERNATIVES IS THE PRIMITIVE THAT IS MORE ADEQUATE TO SOLVE A SPECIFIC PROBLEM.


COMMUNICATION SKILLS:
THE STUDENT WILL BE AWARE OF THE ISSUES RELATED TO TE DESIGN OF SECURE CRYPTOGRAPHIC PRIMITIVES AND WILL BE ABLE TO TAKE PART TO GROUP WORK AND TO PRESENT ALSO TO AN UNINFORMED AUDIENCE THE ISSUES RELATED TO THE USE OF SECURE CRYPTOGRAPHIC PRIMITIVES.

UNDERSTANDING SKILLS:
THE STUDENTS WILL BE ABLE TO APPROACH IN INDEPENDENT WAY ANY ISSUE RELATED TO THE USE OF SECURE CRYPTOGRAPHIC PRIMITIVES AND WILL BE ABLE TO UNDERSTAND THE FORMAL DESCRIPTION AS WELL AS THE FORMAL SECURITY MODEL ASSOCIATE WITH A PRIMITIVE. MOREOVER, THE STUDENT WILL BE STIMULATED TO STUDY IN A MANNER THAT MAY BE LARGELY SELF-DIRECTED OR AUTONOMOUS. ONE OF THE GOALS OF THE COURSE IS TO PROVIDE STUDENTS WITH THE PROPER TOOLS TO ALLOW CONTINUOUS UPDATING OF THEIR KNOWLEDGE EVEN AFTER THE CONCLUSION OF THE COURSE ITSELF (LIFE LONG LEARNING).
Prerequisites
NO KNOWLEDGE OF SECURITY AND CRYPTOGRAPHY IS ASSUMED.
Contents
INTRODUCTION TO CRYPTOGRAPHY AND DATA SECURITY (2 HOURS)
CLASSICAL CIPHERS (2 HOURS)
SECURITY MODELS (2 HOURS)
THE DATA ENCRYPTION STANDARD (DES) AND ALTERNATIVES (2 HOURS)
THE ADVANCED ENCRYPTION STANDARD (AES) (2 HOURS)
BLOCK CIPHERS: MODES OF OPERATION (2 HOURS)
INTRODUCTION TO PUBLIC-KEY CRYPTOGRAPHY (2 HOURS)
THE RSA CRYPTOSYSTEM - ATTACKS (4 HOURS)
PUBLIC-KEY CRYPTOSYSTEMS BASED ON THE DISCRETE LOGARITHM PROBLEM (2 HOURS)
ELLIPTIC CURVE CRYPTOSYSTEMS (2 HOURS)
PROBABILISTIC ENCRYPTION (4 HOURS)
DIGITAL SIGNATURES (4 HOURS)
THE DIGITAL SIGNATURE ALGORITHM (DSA) (2 HOURS)
HASH FUNCTIONS (2 HOURS)
MESSAGE AUTHENTICATION CODES (MACS) (2 HOURS)
KEY ESTABLISHMENT (4 HOURS)
THE SIGNAL PROTOCOL (2 HOURS)
PUBLIC-KEY INFRASTRUCTURES (PKI) AND CAS (4 HOURS)
SECRET SHARING (2 HOURS)
BLOCKCHAIN TECHNOLOGY (6 HOURS)
CRYPTOCURRENCY (6 HOURS)
SMART CONTRACTS (6 HOURS)
HYPERLEDGER FABRIC (6 HOURS)
Teaching Methods
LECTURES, GUIDED EXERCISES AND LABS.
DURING THE LECTURES CRYPTOGRAPHIC PRIMITIVES ARE PRESENTED AND THEIR APPLICATIONS TO REAL-LIFE PROBLEMS ARE DISCUSSED.
IN THE LABS STUDENTS ARE REQUIRED TO USE (OR IMPLEMENT) CRYPTOGRAPHIC PRIMITIVES
PRESENTED IN THE LECTURES.IN THE GUIDED EXERCISES STUDENTS ARE DIVIDED IN GROUPS AND EACH GROUP IS ASSIGNED A PROJECT-WORK TO DEVELOP DURING THE WHOLE COURSE. THE PROJECT INCLUDES ALL THE MATERIAL OF THE COURSE AND IS FINALIZED TO THE ACQUISITION OF THE CAPACITY TO USE THE APPROPRIATE CRYPTOGRAPHIC PRIMITIVE TO SOLVE A PROBLEM. THE PROJECT-WORK IS ALSO USED TO DEVELOP THE ABILITY OF WORKING IN A TEAM.
Verification of learning
THE FINAL EXAM IS DESIGNED TO EVALUATE AS A WHOLE THE KNOWLEDGE AND UNDERSTANDING OF THE CONCEPTS PRESENTED IN THE COURSE, AND THE ABILITY TO APPLY SUCH KNOWLEDGE IN SOLVING AND SECURITY PROBLEMS.

THE EXAM CONSISTS OF THE DISCUSSION OF THE PROJECT AND THE HOMEWORKS REALIZED DURING THE COURSE, WHOSE AIM IS TO ASSESS THE ABILITY OF APPLYING KNOWLEDGE OF THE CRYPTOGRAPHIC PRIMITIVES PRESENTED IN CLASS AND/OR REALIZE EFFICIENT IMPLEMENTATIONS, FOLLOWED BY A TEST (WRITTEN OR ORAL) WHOSE AIM IS TO ASSESS THE ACQUIRED KNOWLEDGE OF CRYPTOGRAPHIC PRIMITIVES AND ABILITY TO UNDERSTANDING AND THE PRESENTATION SKILLS.

IN THE FINAL EVALUATION, EXPRESSED IN THIRTIES, THE EVALUATION OF THE PROJECT AND HOMEWORKS WILL ACCOUNTS FOR 40%, WHILE THE TEST FOR THE REMAINING 60%.
STUDENTS WHO DEMONSTRATE THAT THEY CAN APPLY THE KNOWLEDGE AUTONOMOUSLY EVEN IN CONTEXTS OTHER THAN THOSE PROPOSED IN THE COURSE CAN OBTAIN THE "CUM LAUDE" GRADE.
Texts
CHRISTOF PAAR AND JAN PELZL
UNDERSTANDING CRYPTOGRAPHY
A TEXTBOOK FOR STUDENTS AND PRACTITIONERS
SPRINGER, 2010

WILLIAM STALLINGS
CRYPTOGRAPHY AND NETWORK SECURITY: PRINCIPLES AND PRACTICE (6TH EDITION)
PEARSON

HANDOUTS: SLIDES COVERING TOPICS PRESENTED DURING LECTURES INDUSTRIAL STANDARDS AND REFERENCES TO USEFUL INFORMATION ON THE WEB.
More Information
OTHER MATERIAL WILL BE AVAILABLE ON THE COMPANION SITE
HTTP://ELEARNING.DIEM.UNISA.IT
  BETA VERSION Data source ESSE3 [Ultima Sincronizzazione: 2019-10-21]