Math 690 Fall 2011, MW 10:30-12
Mathematical Foundations of Computer Security
Office: Room 4E6 in David Rittenhouse Laboratory
Telephone: eight five nine eight three
( Math. Dept. Office: eight eight one seven eight )
Fax: three four zero six three
E-mail: lastname at math
Office Hours: By appointment
About This Course
"What is to distinguish a digital dollar when it is as easily reproducible
as the spoken word? How do we converse privately when every syllable is
bounced off a satellite and smeared over an entire continent? How should a
bank know that it really is Bill Gates requesting from his laptop in Fiji
a transfer of $100,000,.....,000 to another bank? Fortunately, the
mathematics of cryptography can help. Cryptography provides techniques
for keeping information secret, for determining that information has not
been tampered with, and for determing who authored pieces of information."
(From the Foreword by R. Rivest to the "Handbook of Applied Cryptography"
by Menezes, van Oorschot, and Vanstone.)
This course for graduate students and advanced undergraduates will discuss
security protocol design and analysis and the related areas of cryptography.
Security protocol analysis slides.
"Foundations of Cryptography: Volume 1, Basic Tools" by Goldreich.
Cambridge University Press, 2001. ISBN: 0521791723.
O. Goldreich. Foundations of Cryptography - Volume 2.
"Cryptography: Theory and Practice. Third Edition" by Stinson.
Chapman & Hall/CRC, 2005. ISBN: 1584885084.
Johannes A. Buchmann: "Introduction to Cryptography". Springer, Second Edition, 2004. Paperback. ISBN 9780387207568.
R. Focardi, R. Gorrieri (Eds.) Foundations of Security Analysis and Design.
Springer Lecture Notes in Computer Science, Volume 2171, 2001.
"Handbook of Applied Cryptography" by
Menezes, van Oorschot, and Vanstone.
CRC Press, Fifth Printing, 2001. ISBN: 0-8493-8523-7.
Goldwasser-Bellare lecture notes on cryptography at MIT.
Dodis cryptography lecture notes at NYU.
J. Clark and J. Jacob. A Survey of Authentication Protocol Literature.
Version 1.0, November, 1997.
- R. Kemmerer, C. Meadows, and J. Millen. Three Systems for Cryptographic
Protocol Analysis. Journal of Cryptology, Vol. 7, no. 2, 1994.
Kerberos: The Network Authentication Protocol.
IETF Kerberos Working Group.
IETF TLS Working Group.
- D. Wagner and B. Schneier.
Analysis of the SSL 3.0 Protocol.
- J. Mitchell, V. Shmatikov, and U. Stern.
Finite-State Analysis of SSL 3.0.
J.P. Anderson. Computer Security Technology Planning Study.
ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972)
[NTIS AD-758 206].
M. Bishop's History of Computer Security Web Site at UC Davis.
"The Rise and Fall of Knapsack Cryptosystems" by
A. M. Odlyzko.
- O. Goldreich. "Modern Cryptography, Probabilistic Proofs and
Pseudo-randomness." Springer-Verlag, 1999. ISBN: 3-540-64766-X.
Ron Rivest's Cryptography and Security Page at MIT.
Overview of Probability Theory: Probability Distribution, Random
Variable, Conditional Probability, Bayes Theorem, Expected Value.
Basic Concepts of Cryptology: Substitution Ciphers, Permutation Ciphers,
Vigenere Cipher, Rotor Machines, Attack Models.
Symmetric Ciphers, Block Ciphers, One-Time Pad, Information-Theoretic
Properties of One-Time Pad, Perfect Secrecy, Misuses of One-Time Pad,
Malleability. Stream Ciphers, Linear Feedback Shift Register, Golomb's
Randomness Postulates, Linear Complexity, Non-linear Filters, Knapsack
Introduction to Number Theory: Congruences, Chinese Remainder Theorem,
Fermat's Little Theorem, Euler's Theorem, Modular Exponentiation by
Repeated Squaring, Special Cases of Factoring. Finite Fields. Quadratic
Residues and Reciprocity.
Diffie-Hellman Key Exchange Protocol. Discrete Logarithm. Security of
Diffie-Hellman Key Exchange Protocol. Attacks. RSA Public-Key Cryptosystem.
One-Way Functions. Attacks on RSA. ElGamal Public-Key Cryptosystem.
Digital Signatures. Attack Models. RSA-based Signatures. Signatures
Based on Discrete Logarithm.
Non-keyed has functions. Birthday paradox. Iteration lemma. Keyed
hash functions. Message authentication code (MAC). Universal hash
Network security protocols. Needham-Schroeder public-key exchange
protocol. Lowe anomaly. Dolev-Yao symbolic model. Multiset-rewriting
formalism. Undecidability of secrecy for network security protocols.
Kerberos authentication protocol. Cross-realm extension of Kerberos.
Public-key extension of Kerberos, PKINIT. Identity misbinding attack
Contract-signing protocols. Fairness.
Formal encryption. Computational soundness and completeness.
Take-Home Midterm Due in Class in Hardcopy on Wednesday, October 26
This is the complete set of problems for take-home midterm due in class
on Wednesday, October 26, 2011.
- Exercise 1.4abc on p. 28 of Katz-Lindell.
- Exercise 1.5 on p. 28 of Katz-Lindell.
- Exercise 1.6 on p. 28 of Katz-Lindell.
- Exercise 2.3 on p. 41 of Katz-Lindell.
- Exercise 2.4 on p. 41 of Katz-Lindell.
- Exercise 2.5 on p. 41 of Katz-Lindell.
- Exercise 7.5 on p. 294 of Katz-Lindell.
- Exercise 7.6 on p. 294 of Katz-Lindell.
- Exercise 7.8 on p. 294 of Katz-Lindell.
- Exercise 7.10 on p. 294 of Katz-Lindell.
- Exercise 7.11abc on pp. 294-295 of Katz-Lindell.
- Exercise 7.14 on p. 295 of Katz-Lindell. Assume d <= phi(N).
- Prove that if (2^n) - 1 is a prime, then n is a prime,
and if (2^n) + 1 is a prime, then n is a power of 2.
The first type of prime is called a Mersenne prime, and the second type
is called a Fermat prime.
Take-Home Final Due in Hardcopy in DRL 4E6 on Monday, December 19
at 10 a.m.
This is the complete set of problems for take-home final exam due
at 10 a.m. in DRL 4E6 on Monday, December 19, 2011.
- Five-page written report on one of the following two topics:
- Transport Layer Security (TLS) protocol.
- IKEv2 Internet Key Exchange protocol.
- Exercise 10.11 on p. 381 of Katz-Lindell.
- Exercise 10.13 on p. 382 of Katz-Lindell.
- Exercise 10.14 on p. 382 of Katz-Lindell.
- Exercise 11.12 on p. 420 of Katz-Lindell.
- Exercise 12.3 on p. 454 of Katz-Lindell.