Lecture Notes
Note, these are the lecture notes for 2009-00.
We have revised them from feedback and our own thoughts raised by previous years' courses. The advantage of our willigness to update them is that they are always evolving. The disadvantage is that sometimes there are typos and/or errors. We then try to point you towards those during the lectures, and might make more updates during the year.
Most importantly you might notice that the last couple of slots are kept free for student lectures. To find out more about those, have a look at the pages about the course work.
| Lecture |
Notes |
Outline of Contents and Background Reading |
| 1,2 |
L0 PDF
L1 PDF
L1 3x3
|
Introduction
- Introduction to unit, outline, course work
- Brief overview of basic crypto and (crypto) terminology needed
Reading material: whilst Nigel's book is a good and simple introduction to cryptography, you will probably not more than what Wikipedia offers on cryptography.
|
| 3,4 |
PDF 3x3 |
Access Control
- Access Control Methods: Access control matrices, lists, tickets
- Access Control Models (Bell La Padula, Biba, etc.)
Reading: Read relevant parts of chapters 4 and 7 of the Ross Anderson book for general access control and multilevel security, and the Ferraiolo-Kuhn paper about RBAC.
|
| 5,6 |
PDF 3x3 |
Entity Authenication
- Basic methods
- Using cryptographic devices
- Protocols
Reading: Read the relevant parts of chapter 10 of the Handbook of Applied Cryptography.
Videos: Smart card reverse engineering, Mifare cloning
Slides: Fingerprint recognition
|
| 7,8,9,10 |
PDF 3x3 |
Key Establishment: Symmetric Keys
- Kerberos
- Diffie--Hellman
- STS, MTI, MQV etc
- Formal analysis (BAN Logic)
Reading: Read the relevant parts of chapters 12 and 13 of the Handbook of Applied Cryptography. The information related to Kerberos in WinNT is from the Windows documentation.
|
| 11,12 |
PDF 3x3 |
Key establishment: Asymmetric Keys
- Introduction to PKI
- X.509 vs. PGP, stuff around certificates and signatures
- SSL, IPSEC as examples of real world usage of PKIs
Reading: For SSL, IPSEC, and PGP you can consult the RFCs specifying them (just follow the links from their Wikipedia sites, you do NOT have to memorise details about SSL just the working principle, i.e. choice of ciphers, authentication, key exchange), a good book for all issues around PKIs is Adams and Lloyd's "Understanding PKI" (second edition, publisher is Addison-Wesley, we have copies in the library).
|
| 13,14,15,16, 17? |
PDF 3x3 |
Physical Security
- Timing Analysis
- Simple and Differential Power Analysis
- Fault analysis
Reading: the relevant chapters of Ross Anderson's book are a good introduction.
|
| 18 |
|
Student lectures
|
| 19 |
|
Student lectures
|
| 20 |
|
Student lectures
|