2DMI10 — Applied Cryptography — 2016
Teachers
Default Schedule
There was a little mess with room booking which we finally solved. The initial announcement for FLUX is outdated! The lecture will take place in Auditorium 12.
Dates and time: | | Location: |
Tuesday, 10:45 - 12:30 | | AUD.12 FLUX 1.05, FLUX 1.08 |
Thursday, 13:45 - 15:30 | | AUD.12 FLUX 1.08, FLUX 1.10 |
Last lecture on Thursday, January 12th.
Lecture Videos
As we stopped tele-lecturing this year, the lectures are recorded. This has the advantage that also students that got conflicting lectures can follow the class. The videos should be online the day after the lecture. You can find the videos at the
TU/e Mediasite (videocollege.tue.nl) under TU/e lectures → (2) Computer Science → 2DMI10 (2016-2017).
Purpose
At the end of this course:
- you understand the cryptography behind modern cryptographic system
- and how it interacts with higher protocol levels;
- you know how to choose the right crypto primitive for a situation;
- you know how to analyze the security of security systems involving cryptography.
Topics
This course deals with modern applications of cryptography. Topics covered are
- cryptographic aspects of internet protocols including TLS, DNS, DNSSEC, DNSCurve, SSL,
- cryptographic aspects of other communication protocols such as GSM, including the A5 family and DECT,
- cryptographic aspects of Tor,
- public-key infrastructure (PKI) including trust models and validation models for X.509 and PGP,
- cryptographic aspects of access control/authentication/identification systems including Kerboros, single sign-on, U-Prove,
- real-world problems such as side-channel attacks and kleptography,
- cryptographic aspects of e-cash including Bitcoin,
- identity-based cryptography, and
- cryptographic aspects of e-voting (high level, protocol aspects are covered in "Cryptographic Protocols").
These topics will be explained and failure cases and popular attacks will be pointed out.
Depending on time and up to date developments the course might also cover private information retrieval, proofs of storage, quantum cryptography, post-quantum cryptography, and a 'bug of the week' section.
Exam
You have to write two papers, one in mid-term and one in the exam period.
You will be asked to study some literature or a standard document, and
report on that in written form. The first one will be on PKI, the second
one on one of the other topics. In both cases there will be a list of
topics from which you can choose.
The first paper has weight 1/3, the second one has weight 2/3.
All papers must be submitted encrypted and signed by email.
Assignments
- First assignment.
Deadlines: |
Publication of assignment: | Sunday, November 27th. |
Choice of topic: | before Thursday, December 1st, 23:59. |
Assignment of topic: | Friday, December 2nd. |
Submission of paper: | before Sunday, December 18th, 23:59. |
- Second assignment.
Deadlines: |
Publication of assignment: | Sunday, December 18th. |
Choice of topic: | before Thursday, December 22nd, 23:59. |
Assignment of topic: | Friday, December 23rd. |
Submission of paper: | before Sunday, January 29th, 23:59. |
- Resit.
Deadlines: |
Choice of topic: | before Monday, April 24th, 23:59. |
Assignment of topic: | Friday, April 28th. |
Submission of paper: | before Monday, June 5th, 23:59. |
Lectures
Here you find for each lecture a note on what has been treated, the slides, and further literature for some topics.
Tuesday, November 15th
Lecture on security of in use RSA signature schemes.
Slides: [pptx] [pdf]
Topics: Attacks on textbook and PKCS#1v1.x RSA signatures; existential unforgeability under adaptive chosen message attacks; the random oracle model; full domain hash; RSA-PFDH with secruity reduction in ROM.
Further reading:
- Jonathan Katz. Digital Signatures. Springer, 2010
- J.-F. Misarsky. How (not) to design RSA signature schemes. International Workshop on Public Key Cryptography, PKC 1998, pp 14-28. Springer, 1998
- Jean-Sébastien Coron, David Naccache, Yvo Desmedt, Andrew Odlyzko, Julien P. Stern. Index Calculation Attacks on RSA Signature and Encryption. Designs, Codes and Cryptography, January 2006, Volume 38, Issue 1, pp 41-53. Springer 2006.
Thursday, November 17th
Lecture on PKI.
Slides: [pptx] [pdf]
Topics: PKI basics; X.509; PGP; Certificates; Trust Models; Direkt trust; Web of trust; Hierarchical trust; Certificat chain validation.
Further reading:
- J. Buchmann, E. Karatsiolis, and A. Wiesmaier. Introduction to Public Key Infrastructures. Springer, 2013.
Tuesday, November 22nd
Lecture on PKI.
Slides: [pptx] [pdf]
Topics: PKI; X.509 Certificates; Revocation (CRL, OCSP, Novomodo); WebPKI (Incidents and counter measures).
Further reading:
Thursday, November 24th
Lecture on identity-based cryptography.
Slides: [pdf]
Black board script: [pdf]
Topics: Identity-based cryptography, models for IB signature schemes (IBS) and encryption (IBE), generic construction for (IBS), Shamir's IBS, ind-id-cca/cpa, Boneh-Franklin IBE, security reduction for BF-IBE.
Further reading:
- The original paper: Adi Shamir. Identity-based cryptosystems and signature schemes. Crypto'84, Springer, 1985.
- A nice book on the topic: Marc Joye and Gregory Neven. Identity-Based Cryptography. IOS Press, 2009.
- The proof for Shamir's and other IBS: M. Bellare, C. Namprempre, and G.Neven. Security Proofs for Identity-Based Identification and Signature Schemes. Eurocrypt'04. Springer, 2004.
Tuesday, November 29th
Lecture on electronic cash.
Slides: [pdf]
Topics: Blind Signatures, RSA Blind Signatures, Chaums eCash (online, offline), Bitcoin.
Further reading:
Thursday, December 1st
Lecture on IPsec and SSL/TLS.
Slides: [pdf]
Topics: Crypto on different layers of the network stack; IPsec; SSL and TLS: key exchange, PRF, cipher suits.
Further reading:
Tuesday, December 6th
Lecture on Attacks on SSL/TLS.
Slides: [pdf]
Topics: SSLstrip, BEAST, CRIME, BREACH, POODLE, FREAK, Logjam, ...
Further reading:
Thursday, December 8th
Guest lecture by Dan Bernstein on DNSSEC.
Slides: [link]
Topics: The DNS security mess.
Further reading:
Thursday, December 10th
Lecture on post-quantum cryptography.
Slides: [pdf] [pptx]
Topics: Quantum computation; conjectured quantum-hard problems; multivariate, code-base, lattice-based crypto; hash-based signatures.
Further reading:
Thursday, December 15th
Lecture on Password Security and Password Hashing.
Slides: [pdf]
Topics: Differnt ways ho to create passwors; dictionaries and rainbow tables; PBKDF2, bcrypt, scrypt, and Argon2.
Further reading:
Tuesday, December 20th
Lecture by Tanja on kleptography.
Slides: [pdf]
Topics: Kleptography in RSA, DH, and Dual EC.
Board pictures of first halve: First board Second board
Further reading:
Thursday, December 22th
Lecture on hash-based signatures and hash-and-sign.
Slides: [pptx] [pdf]
Topics: Hash-based signatures: Lamport's scheme, Merkle signature scheme, Winternitz OTS, XMSS, SPHINCS; Hash-and-sign: Hash-and-sign, TCR hash-and-sign, eTCR-hash-and-sign, multi-user secure hashing.
Further reading:
Tuesday, January 10th
Lecture on private social communication.
Slides: [pdf]
Topics: Secure chat protocols; OTR, cryptocat, mpOTR, SCIMP, Axolotl.
Further reading:
Thursday, January 12th
Lectures on anonymity networks.
Slides: [pdf]
Topics: Dining cryptographers, mix nets, Tor; Zero-knowledge proofs
Further reading:
Links
Latest modification: April 12, 2017.