Math 690 Spring 2004 MW 11-1 DRL 4E9

Math 690 Spring 2004, MW 11-1 Room DRL 4E9

Mathematical Foundations of Computer Security

Professor Andre Scedrov

Office: Room 4E6 in David Rittenhouse Laboratory
Telephone: eight five nine eight three ( Math. Dept. Office: eight eight one seven eight )
Fax: three four zero six three
E-mail: lastname at math
Office Hours: By appointment

About This Course

"What is to distinguish a digital dollar when it is as easily reproducible as the spoken word? How do we converse privately when every syllable is bounced off a satellite and smeared over an entire continent? How should a bank know that it really is Bill Gates requesting from his laptop in Fiji a transfer of $100,000,.....,000 to another bank? Fortunately, the mathematics of cryptography can help. Cryptography provides techniques for keeping information secret, for determining that information has not been tampered with, and for determing who authored pieces of information." (From the Foreword by R. Rivest to the "Handbook of Applied Cryptography" by Menezes, van Oorschot, and Vanstone.)

This course for graduate students and advanced undergraduates will discuss security protocol design and analysis and the related areas of cryptography. The course will complement but not presuppose CIS 677 and Math 524 from Fall 2003 and is intended to be more advanced than CIS 551 in Spring 2004. We will cover the necessary background for students who have not taken CIS 677 or Math 524.

Textbooks

"Foundations of Cryptography: Volume 1, Basic Tools" by Goldreich. Cambridge University Press, 2001. ISBN: 0521791723.
"Cryptography: Theory and Practice. Second Edition" by Stinson. CRC Press, 2002. ISBN: 1-58488-206-9.

Further References

O. Goldreich. Foundations of Cryptography - Volume 2.
R. Focardi, R. Gorrieri (Eds.) Foundations of Security Analysis and Design. Tutorial Lectures. Springer Lecture Notes in Computer Science, Volume 2171, 2001. ISBN 3-540-42896-8.
"Handbook of Applied Cryptography" by Menezes, van Oorschot, and Vanstone. CRC Press, Fifth Printing, 2001. ISBN: 0-8493-8523-7.
Goldwasser-Bellare lecture notes on cryptography at MIT.
Dodis cryptography lecture notes at NYU.
J. Clark and J. Jacob. A Survey of Authentication Protocol Literature. Version 1.0, November, 1997.
R. Kemmerer, C. Meadows, and J. Millen. Three Systems for Cryptographic Protocol Analysis. Journal of Cryptology, Vol. 7, no. 2, 1994.
Kerberos: The Network Authentication Protocol.
The Kerberos Network Authentication Service (V5) Internet Draft.
F. Butler, I. Cervesato, A. Jaggard, and A. Scedrov. A formal analysis of some properties of Kerberos 5 using MSR. In: S. Schneider, ed., 15-th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, June, 2002. IEEE Computer Society Press, 2002, pp. 175-190. Preliminary version [.pdf].
The TLS Protocol Version 1.0 RFC 2246.
The SSL Protocol Version 3.0 Internet Draft.
D. Wagner and B. Schneier. Analysis of the SSL 3.0 Protocol.
J. Mitchell, V. Shmatikov, and U. Stern. Finite-State Analysis of SSL 3.0.
J.C. Mitchell, M. Mitchell, and U. Stern. Automated Analysis of Cryptographic Protocols Using Murphi, IEEE Symp. Security and Privacy, Oakland, 1997, pages 141-153.
J.P. Anderson. Computer Security Technology Planning Study. ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206].
M. Bishop's History of Computer Security Web Site at UC Davis.
O. Goldreich. "Modern Cryptography, Probabilistic Proofs and Pseudo-randomness." Springer-Verlag, 1999. ISBN: 3-540-64766-X.
Ron Rivest's Cryptography and Security Page at MIT.
The Cypherpunks Home Page at UC Berkeley.
Crypto FAQ site at RSA Security.

Take-Home Midterm Due in Class on Wednesday, March 24

Suppose that four-digit PINs are distributed uniformly at random. How many people must be in a room for the probability that two of them have the same PIN to be at least 1/2 ?
Prove that the Caesar cipher does not have perfect secrecy.
Use exhaustive key search to decrypt the following ciphertext, which was encrypted using a shift cipher: JBCRCLQRWCRVNBJENBWRWN .
Prove that if (2^n) - 1 is a prime, then n is a prime, and if (2^n) + 1 is a prime, then n is a power of 2. The first type of prime is called a Mersenne prime, and the second type is called a Fermat prime.
Using the Fundamental Theorem of Arithmetic, prove that the product of (1 - 1/p) over all primes p is zero.
Consider the following linear recurrence over Z_2 of degree four: z_(i+4) = (z_i + z_(i+3)) mod 2, for i greater or equal to 0. For each of the 16 possible initialization vectors (z_0 , z_1 , z_2 , z_3) determine the period of the resulting keystream.

This is a complete list of midterm assignments due March 24, 2004.

In the news ...

InternetNews.
Mydoom cripples US firm's website. February 1, 2004.
FTC launches `Operation Secure Your Server'. January 30, 2004.
Microsoft aims to make spammers pay. December 26, 2003.
E-voting: Yes or no? December 10, 2003.
New authentication system tries to block spam. December 5, 2003.
Reports of new Explorer holes probed. December 1, 2003.