This course is lectured at the Aquincum Institute of Technology, Budapest. However, it has been accredited and got a course identifier VIHIA030 at the Budapest University of Technology and Economics. This page is the course homepage, which contains practical information related to the course and the lectures, consequently, this page is always under construction.
The objective of the course is to give an introduction to the basics of cryptography, to explain how basic building blocks work, and to demonstrate how secure systems can be engineered by properly using them. Besides the theoretical background, we use lot of illustrative examples and show practical applications. In addition, besides the technical details, we give an outlook to the legal and business aspects of using cryptography.
Today, we live in an information based society: we communicate via networks, we store data in the cloud, we use on-line services, and we even socialize on-line. Trust in all these infrastructure and services is indispensable, and information security technologies play a key role in establishing trust in the cyber world. One of the key enablers of information security is cryptography. This course is about the basics of cryptography and its appications for building secure systems. As a matter of fact, cryptography has not always been used properly in practice; indeed, it is very often used in an inappropriate way, which leads to catastrophic failures. Proper application of cryptographic mechanisms is an engineering issue and needs training. This is the key motivation for our course.
This course has four parts. In the first part, we introduce the basic cryptographic building blocks (such as symmetric and asymmetric key encryption schemes, hash functions, and random number generators) and the basic protocols that use them (such as block encryption modes, MAC functions, and key establishment). In the second part, we deal with the application of cryptographic primitives for engineering secure communication protocols. We discuss in details well-known examples, such as TLS/SSL, IPsec, and the security protocols used in WiFi networks. In the third part, we show application of cryptography for securing cloud services, focusing on secure cloud based data storage, and sharing first hand experience in desiging and building Tresorit, an encrypted storage service in the cloud. Finally, in the fourth part, we discuss the concept and the practice of public key infrastructures (PKI) and electronic signatures, including issues such as issuing, using, and revoking public key certificates, the pitfalls of verifying electronic signatures, experiences in building and operating a certification authority (CA), as well as electronic signature laws and regulations in different countries and business models for PKI.
The course comprises a series of lectures with classroom exercises. In addition, the students receive reading assignments and homework projects. At the end of the course, the students have to pass an exam.
Final grading: 40% project work + 60% exam
| When | Where |
|---|---|
| Monday, 08:15-10:00 | AIT |
| Friday, 09:00-11:00 | AIT |
| Date | Topic | Lecturer |
|---|---|---|
| Sep 7, 2015. | History of cryptography (slides) | L. Buttyan |
| Sep 11, 2015. | Symmetric key ciphers (slides) | L. Buttyan |
| Sep 14, 2015. | Block cipher modes and attacks (slides) | L. Buttyan |
| Sep 18, 2015. | Hash functions and MAC functions (slides) | L. Buttyan |
| Sep 21, 2015. | Key exchange (slides) + 1st project assignment | L. Buttyan |
| Sep 25, 2015. | Key exchange (cont'd) | L. Buttyan |
| Sep 28, 2015. | Random number generation (slides) | L. Buttyan |
| Oct 2, 2015. | Public key ciphers and digital signature schemes (slides) | L. Buttyan |
| Oct 5, 2015. | WiFi security (slides) | L. Buttyan |
| Oct 9, 2015. | Transport Layer Security (TLS) (slides) | L. Buttyan |
| Oct 12, 2015. | TLS attacks | L. Buttyan |
| Oct 16, 2015. | Summary on cryptographic primitives and protocols (slides) | L. Buttyan |
| Oct 19, 2015. | Midterm test + feedback on 1st project assignment | L. Buttyan |
| -- MIDTERM BREAK -- | ||
| Nov 2, 2015. | Use of crypto libraries (slides) + 2nd project assignment (slides) | I. Lam |
| Nov 6, 2015. | Passwords and one-time passwords (slides) | I. Lam |
| Nov 9, 2015. | Authentication in practice (slides) | I. Lam |
| Nov 13, 2015. | Secure e-mail (slides) | I. Lam |
| Nov 16, 2015. | Use of cryptography in malware (slides) | L. Buttyan |
| Nov 20, 2015. | Cloud encryption (visit to Tresorit) (slides) | I. Lam |
| Nov 23, 2015. | Full disk encryption and beyond (slides) | I. Lam |
| Nov 27, 2015. | Digital Rights Management (slides) | I. Lam |
| Nov 30, 2015. | Certificates and Certification Authorities (slides) | I. Berta |
| Dec 4, 2015. | Electronic signatures (slides) | I. Berta |
| Dec 7, 2015. | Fair Exchange (slides) | L. Buttyan |
| Dec 11, 2015. | 2nd project presentations | I. Lam |
| Dec 14, 2015. | Final exam |
Important note: Currently, Avatao is available only for invited people. If you want to use Avatao to access hands-on challenges related to the course, please sign up at avatao.com. When signing up, please put the string "AIT-2015" in the optional comment field in order for us to know that you are a student from AIT. We will then send you an invitation e-mail and you can complete the registration by following the instructions given in that e-mail.
The exam is scheduled for December 14, 2015.