Applied Cryptography (VIHIA030)

This course is lectured at the Aquincum Institute of Technology, Budapest. However, it has been accredited and got a course identifier VIHIA030 at the Budapest University of Technology and Economics. This page is the course homepage, which contains practical information related to the course and the lectures, consequently, this page is always under construction.

Course syllabus (pdf)

Lecturers

Course objectives

The objective of the course is to give an introduction to the basics of cryptography, to explain how basic building blocks work, and to demonstrate how secure systems can be engineered by properly using them. Besides the theoretical background, we use lot of illustrative examples and show practical applications. In addition, besides the technical details, we give an outlook to the legal and business aspects of using cryptography.

Background and course content at a glance

Today, we live in an information based society: we communicate via networks, we store data in the cloud, we use on-line services, and we even socialize on-line. Trust in all these infrastructure and services is indispensable, and information security technologies play a key role in establishing trust in the cyber world. One of the key enablers of information security is cryptography. This course is about the basics of cryptography and its appications for building secure systems. As a matter of fact, cryptography has not always been used properly in practice; indeed, it is very often used in an inappropriate way, which leads to catastrophic failures. Proper application of cryptographic mechanisms is an engineering issue and needs training. This is the key motivation for our course.

This course has four parts. In the first part, we introduce the basic cryptographic building blocks (such as symmetric and asymmetric key encryption schemes, hash functions, and random number generators) and the basic protocols that use them (such as block encryption modes, MAC functions, and key establishment). In the second part, we discuss the concept and the practice of public key infrastructures (PKI) and electronic signatures, including issues such as issuing, using, and revoking public key certificates, the pitfalls of verifying electronic signatures, experiences in building and operating a certification authority (CA), as well as electronic signature laws and regulations in different countries and business models for PKI. In the third part, we deal with the application of cryptographic primitives for engineering secure communication protocols. We discuss in details well-known examples, such as TLS/SSL, IPsec, and the security protocols used in WiFi and other wireless environments. Finally, in the fourth part, we show application of cryptography for securing cloud services, focusing on secure cloud based data storage, and sharing first hand experience in desiging and building Tresorit, an encrypted storage service in the cloud.

Methods of instruction

The course comprises a series of lectures with classroom exercises. In addition, the students receive reading assignments and homework projects which they have to solve in teams. At the end of the course, the students have to pass an exam.

Grading

Final grading: 40% project work + 60% exam

Schedule and room

When Where
Monday, 11:00-13:00 AIT
Tuesday, 14:00-16:00 AIT

Course outline and material (2015 spring)

Date Topic
Feb 2, 2015. History of cryptograph (L. Buttyan)
Feb 3, 2015. Symmetric key crypto primitives (I. Lam)
Feb 9, 2015. Block cipher modes and attacks (L. Buttyan)
Feb 10, 2015. Asymmetric key crypto primitives (I. Berta)
Feb 16, 2015. Random numbers and key exchange (L. Buttyan)
Feb 17, 2015. Use of crypto libraries (I. Lam)
Feb 23, 2015. Certificates, CAs, Certification Paths (I. Berta)
Feb 24, 2015. Certificates, CAs, Certification Paths (I. Berta)
Mar 2, 2015. Electronic Signatures (I. Berta)
Mar 3, 2015. Electronic Signatures (I. Berta)
Mar 9, 2015. PKI... (I. Berta)
Mar 10, 2015. Discussion of Homework 1
Mar 16, 2015. PKI... (I. Berta)
Mar 17, 2015. Fair excahnge (L. Buttyan)
Mar 23, 2015. --- Spring Break ---
Mar 24, 2015. --- Spring Break ---
Mar 30, 2015. Wifi security (L. Buttyan)
Mar 31, 2015. Password based authentication and key derivation (I. Lam)
Apr 6, 2015. --- Easter Holiday ---
Apr 7, 2015. Transport Layer Security (TLS) (L. Buttyan)
Apr 13, 2015. Authentication in practice (Oauth, SAML, ...) (I. Lam)
Apr 14, 2015. Canceled. Replaced by visit to Tresorit on April 17 (Friday).
Apr 20, 2015. Crypto in resource constrained environments (L. Buttyan)
Apr 21, 2015. Secure e-mail (PGP, S/MIME) (I. Lam)
Apr 27, 2015. Tresorit -- Architecture and client side encryption (I. Lam)
Apr 28, 2015. Tresorit -- DRM and secure file sharing (I. Lam)
May 4, 2015. Tresorit -- setup for a virtual business environment (I. Lam)
May 5, 2015. Anonymous communications (Tor) and privacy enhancing techniques (L. Buttyan)
May 11, 2015. TBD
May 12, 2015. TBD

Homeworks

Exams

TBD...