Modern cyber systems use cryptography to protect various properties of data (confidentiality, integrity, authenticity etc) when it is stored on or moving between computer systems. Examples include the encryption of data at rest on mass storage devices such as disc drives or USB removable drives; protection of data in transit between a user's web browser and the web server where they are engaged in some sort of financial transaction; authentication protocols to assure one part of a system as to the identity of another part of the system with which is interacting; and the underlying properties that give cryptocurrencies their perceived value.
This module equips participants with critical insight into the application of cryptography in a range of practical scenarios. There is an emphasis on how cyber security consultants position cryptosystems in system designs. The focus is on understanding the resulting properties of sophisticated cryptographic protocols, algorithms and configurations, rather than on analysis of the deep mathematics within. The module analyses standard cryptographic patterns that may be applied to achieve particular patterns of protection in typical scenarios.
Practical exercises are used to demonstrate cryptographic principles. Participants engage with cryptographic hashes to understand their strengths and weaknesses concerning data integrity. Participants are provided a detailed understanding of different attacks (brute force, dictionary, rainbow tables, synthetic collisions) and mitigations (salting, stretching, large keyspace). Participants are exposed to symmetric and public key encryption. Particular attention is paid to the use of hybrid systems to address the key exchange problem in a computationally efficient manner, securing confidentiality over time and in transit. This is developed to show how a public key infrastructure also offers assurance through digital signatures. The challenge of having the relevant key available for authorised use, yet unavailable for unauthorised use is a common theme.
Important cryptographic protocols – such as X509 PKI (Public Key Infrastructure), IPSec (Internet Protocol Security), TLS (Transport Layer Security), SSH (Secure SHell) – are analysed in detail in order to establish where that most human requirement, trust, is located. Most importantly, participants are presented with a critical understanding of how and when a given protocol should (not) be used in a system design scenario.
Cryptosystems are pivotal to various blockchain technologies including cryptocurrencies. The module explores the role of cryptography in these technologies and equips participants with a detailed working knowledge of these applications.
- Critically analyse the properties of cryptographic hashes.
- Evaluate competing cryptographic techniques in the solution of well defined cyber problems.
- Critically analyse the properties of symmetric encryption.
- Critically analyse the properties of cryptographic key management systems.
- Critically analyse the properties of asymmetric (public key) encryption.
- Critically analyse the properties of digital signatures.
- Critically analyse the properties of cryptographic protocols.
- Cryptographic hashes. Understand terminology: hash, digest, message authentication code, function. Hash properties: irreversible, deterministic, collision resistance, length. Application: authentication, known good / bad files, file integrity. Cryptographic attacks: brute force, rainbow tables, password salting / stretching, collisions. Hash algorithms: MD5, SHA, and others.
- Encryption theory. Terminology: plaintext, ciphertext, key, algorithm, protocol. Concepts: entropy, one-time pad, complexity, initialisation vectors.
- Symmetric encryption. Encryption over distance or time – the key exchange problem. Example algorithms – DES, Triple DES, AES.
- Asymmetric encryption. Properties: encrypting for known recipient, signing by authentic sender. Establishing trust: certificate authenticity, hierarchy (X509) and web (OpenPGP), certificates. Consequences of loss of key control – revocation certificates.
- Hybrid encryption. Using asymmetric encryption to share symmetric key. SSL/TLS
- Other specific protocols. Kerberos, IPSEC
- Data protection. At rest, in transit
- Blockchain and Virtual currencies. Distributed consensus, peer-to-peer network, the ‘51% attack’, immutability, apparent anonymity. Virtual currencies: bitcoin Ethereum, wallets, transactions, smart contracts, anonymity and privacy in the Bitcoin ecosystem.
Post-module assignment - Application of Cryptpography in a Scenario (100%)
2 weeks including 10 hours of lectures, 12 hours of tutorials, 15 hours of practical classes