First lecture - uotechnology.edu.iq
Transcript of First lecture - uotechnology.edu.iq
First lecture • Introduction to Computer Security • Why Computer Security • Cryptography • Secret key algorithms: DES/AES • Public key algorithms: RSA • One-way hash functions & message digests: MD5,
SHA2
The Definition of Computer Security
• The Basic Components • Security Threats and Attacks • Security Policy and Mechanism
References
• Cryptography and Network Security, by William Stallings, 5rd Edition, Prentice Hall, 2010
Second lecture
• Classical and modern cryptography • Overview of Cryptography • Classical Symmetric Cipher • Modern Symmetric Ciphers (DES)
• Classification of Cryptography • Secret Key vs. Secret Algorithm • Cryptanalysis Scheme • Unconditional vs. Computational Security • Brute Force Search
Symmetric Cipher Model
• Requirements • Caesar Cipher • One-Time Pad • Transposition Ciphers • Rail Fence cipher • Product Ciphers
Modern Symmetric Ciphers (DES)
• Block vs Stream Ciphers • Block Cipher Principles • Substitution-Permutation Ciphers • Confusion and Diffusion • Feistel Cipher Structure • DES (Data Encryption Standard)
Third lecture • Introduction to Practical Cryptography • Stream Ciphers Properties Building Blocks Competitions Examples
Uses • Encryption of streaming data • Random bit generation
Stream cipher
• Speed • Initialization • Keystream generation
• Resources – memory, power, cpu • Hardware, software suitability
• Stream Ciphers – Approaches • Feedback Shift Register
• Stream Cipher Examples • RC4 • A5/1 • A5/3 • LILI • Sober • Trivium • Lex
Lecture five
• Data Encryption Standard(DES) • DES Background • The Algorithm • Keylength Weakness • S-box Construction • Future of DES • Modes of Operation • Message Authentication
Lecture six Advanced Encryption Standard
AES • Rijndael • GF(256) • ByteSub • ShiftRow • MixColumn • Key Schedule • Decrypting Rijndael
Lecture seven RSA Cryptography
• RSA Cryptography: Motivation • RSA Cryptography: Mathematical Principles • RSA Cryptography: The Basic System • RSA Cryptography: Square and Multiply • RSA Cryptography: General Security • RSA Cryptography: The Factoring Problem • RSA Cryptography: Key Length and Complexity • RSA Cryptography: Digital Signatures
• RSA Cryptography: Attacks • RSA Cryptography: Weak Message Attacks • RSA Cryptography: Short Exponent Attack • RSA Cryptography: Side Channel Attacks
Lecture Eight
• Key management • Key Establishment • Symmeric key approaches • Key distribution problem • Key distribution center protocols • Authenticated and key agreement protocols
Lecture nine Digital Signatures & Authentication
Protocols • Digital Signature Properties • Direct Digital Signatures • Arbitrated Digital Signatures • Authentication Protocols • Replay Attacks • Using Symmetric Encryption • Using Public-Key Encryption • One-Way AuthenticationUsing Public-Key
Encryption • Digital Signature Algorithm (DSA)
Lecture Ten
• Addressing the Physical Security of Encryption Keys
• Secure communcation • Security Requirements for Electronic Data • Cryptographic Security • Functional Security • Tamper Resistance • Emissions Security • Security of Product Manufacturing and
Distribution
Lecture 11 Hardware and software Encryption
• Hardware • Comparing file level and Driver level encryption • Detecting Encryption • Overview of hardware security modules • Defintion of HSM • Functionality of HSM • Some examples • Advantages and Drawbacks
Lecture 12 Operating system security
• Security goals does the os provid. • Memory protection • CPU protection • Syatem Calls • Levels of protection • Introders • Malicious software • Trusted system • The Linux/Unix security model • The windows NT security model
Lecture 13 Data Base Security
• Granularity of DBMS Security • TRANSPARENT DATA ENCRYPTION • Use of Transparent data encryption • Limitation of Transparent data encryption • TRANSPARENT DATA ENCRYPTION IN MICROSOFT
SQL SERVER 2008 • Architecture of Transparent Data Encryption • User-level Security for SQL
• Encryption Level • Storage-level encryption • Database-level encryption • Application-level encryption • Key Management