This course is lectured at the Aquincum Institute of Technology, Budapest. However, it has been accredited and got a course identifier VIHIA030 at the Budapest University of Technology and Economics. This page is the course homepage, which contains practical information related to the course and the lectures, consequently, this page is always under construction.
Course syllabus (pdf)
2014/2015 spring semester, 2015/2016 fall semester
The objective of the course is to give an introduction to the basics of cryptography, to explain how basic building blocks work, and to demonstrate how secure systems can be engineered by properly using them. Besides the theoretical background, we use lot of illustrative examples and show practical applications. In addition, besides the technical details, we give an outlook to the legal and business aspects of using cryptography.
Today, we live in an information based society: we communicate via networks, we store data in the cloud, we use on-line services, and we even socialize on-line. Trust in all these infrastructure and services is indispensable, and information security technologies play a key role in establishing trust in the cyber world. One of the key enablers of information security is cryptography. This course is about the basics of cryptography and its appications for building secure systems. As a matter of fact, cryptography has not always been used properly in practice; indeed, it is very often used in an inappropriate way, which leads to catastrophic failures. Proper application of cryptographic mechanisms is an engineering issue and needs training. This is the key motivation for our course.
This course has four parts. In the first part, we introduce the basic cryptographic building blocks (such as symmetric and asymmetric key encryption schemes, hash functions, and random number generators) and the basic protocols that use them (such as block encryption modes, MAC functions, and key establishment). In the second part, we deal with the application of cryptographic primitives for engineering secure communication protocols. We discuss in details well-known examples, such as TLS/SSL, IPsec, and the security protocols used in WiFi networks. In the third part, we show application of cryptography for securing cloud services, focusing on secure cloud based data storage, and sharing first hand experience in desiging and building Tresorit, an encrypted storage service in the cloud. Finally, in the fourth part, we discuss the concept and the practice of public key infrastructures (PKI) and electronic signatures, including issues such as issuing, using, and revoking public key certificates, the pitfalls of verifying electronic signatures, experiences in building and operating a certification authority (CA), as well as electronic signature laws and regulations in different countries and business models for PKI.
The course comprises a series of lectures with classroom exercises. In addition, the students receive reading assignments and homework projects. At the end of the course, the students have to pass an exam.
Final grading: 40% project work + 60% exam
|Feb 8, 2016.||History of cryptography (slides)||L. Buttyan|
|Feb 9, 2016.||Symmetric key ciphers (slides)||L. Buttyan|
|Feb 15, 2016.||Block cipher modes and attacks (slides)||L. Buttyan|
|Feb 16, 2016.||Block cipher modes and attacks||L. Buttyan|
|Feb 22, 2016.||Hash functions and MAC functions (slides)||L. Buttyan|
|Feb 23, 2016.||Public key ciphers and digital signature schemes (slides)||L. Buttyan|
|Feb 29, 2016.||Key exchange (slides) + 1st project assignment||L. Buttyan|
|Mar 1, 2016.||Random number generation (slides)||L. Buttyan|
|Mar 7, 2016.||WiFi security (slides)||L. Buttyan|
|Mar 8, 2016.||Transport Layer Security (TLS) (slides)||L. Buttyan|
|Mar 21, 2016.||TLS attacks (slides)||L. Buttyan|
|Mar 22, 2016.||Midterm test + feedback on 1st project assignment||L. Buttyan|
|-- MIDTERM BREAK --|
|Apr 4, 2016.||Cryptographic protocols in resource constrained environments (slides)||L. Buttyan|
|Apr 5, 2016.||Fair Exchange (slides)||L. Buttyan|
|Apr 11, 2016.||Use of crypto libraries () + 2nd project assignment||I. Lam|
|Apr 12, 2016.||Passwords and one-time passwords ()||I. Lam|
|Apr 18, 2016.||Authentication in practice ()||I. Lam|
|Apr 19, 2016.||Secure e-mail ()||I. Lam|
|Apr 25, 2016.||Full disk encryption and beyond ()||I. Lam|
|Apr 26, 2016.||Cloud encryption - Tresorit insight ()||I. Lam|
|May 2, 2016.||Certificates and Certification Authorities ()||I. Berta|
|May 3, 2016.||Electronic signatures ()||I. Berta|
|May 9, 2016.||Digital Rights Management ()||I. Lam|
|May 10, 2016.||Summary and Q&A session (LB's slides)||I. Lam, L. Buttyan|
|May 17, 2016.||2nd project presentations||I. Lam, L. Buttyan|
|May 23, 2016.||Final exam||L. Buttyan, I. Lam|
Important note: Currently, Avatao is available only for invited people. If you want to use Avatao to access hands-on challenges related to the course, please sign up at avatao.com. When signing up, please put the string "AIT-2016" in the optional comment field in order for us to know that you are a student from AIT. We will then send you an invitation e-mail and you can complete the registration by following the instructions given in that e-mail.
The exam is scheduled for May 23, 2016.