Cryptography has a variety of roles to play within the cyber security domain. It is given that a small community of gifted mathematicians have already refined some really sophisticated cryptographic primitives, protocols and algorithms. Other gifted engineers have realised these protocols and made them available on a range of platforms from dedicated crypto-hardware to general purpose computer. And then these implementations are used to protect information assets.
At its core, this module aims to give students critical insight into how to select the appropriate cryptographic solution to solve the information assurance problem at hand. The properties and uses of cryptographic hashes are critically analysed. Particular attention is given to their role in assuring data integrity and in password management. Different attacks (brute force, dictionary, rainbow tables, synthetic collisions) and mitigations (salting, stretching, large keyspace) are also analysed.
The encryption topic compares and contrasts symmetric encryption with public key encryption. Particular attention is paid to the use of hybrid systems to address the key exchange problem in a computationally efficient manner. This is developed to show how a public key infrastructure also offers assurance through digital signatures. The significance of “looking after the keys” is emphasised throughout. The challenge of having the relevant key available for authorised use, yet unavailable for unauthorised use is a common theme.
Different trust models are critically analysed through the hierarchical X509 PKI and the PGP web of trust PKI. The SSL/TLS and IPSec protocols are critically analysed to determine the extent to which they assure the appropriate attributes of a data asset.And again, key management is emphasised.
Principal Learning Outcomes
- explain the properties of different cryptographic primitives, techniques and algorithms to a non-specialist audience so that information owners can make informed decisions about how to protect data assets and manage information risk.
- critically analyse the cryptographic needs of a particular scenario.
- recommend appropriate cryptographic solutions for an information assurance problem.
- apply cryptographic techniques to achieve desired information assurance objectives.
Other useful information
This module is delivered in an intensive one-week block of directed tuition (nominally 40 hours). Students will be based in the WMG Cyber Security Centre, with most taught sessions taking place in our specialist cyber security and forensics laboratory / classrooms.
Formal assessment for this module typically comprises:
- a lab-based assessment, taking place during taught sessions (20%)
- a video and report, to be submitted after the taught module period (80%)
There are no pre-requisites for this module. Students who are choosing this module as part of a course other than MSc Cyber Security and Management are welcome to seek preparatory advice.
Last updated: 22nd July 2015
The MSc Cyber Security and Management course team regularly reviews the content provided here for currency and accuracy. Please do get in touch with any queries.Contact: firstname.lastname@example.org