COMP3441/9441 Lecture Notes and Readings

• Week 1: Shared Key Cryptography
  Reading:
  • (E) Kaufman et al, Ch 1-2
  • Schneier, Applied Cryptography, Ch 1
  • For historical background, read The Code Book, Simon Singh (See also the Black Chamber for some puzzles and demonstrations.)
  
  
• Week 2: Shared key cryptography ctd, DES, Key Agreement
  Reading:
  • (E) Kaufman et al, Ch 3-4, 6.4
  
  
• Week 3: Public Key Cryptography, Digital Signatures
  Reading:
  • (E) Kaufman et al, Ch 6.1-6.3, 6.5-6.6, Ch 7
  • Schneier, Ch 2, section 20.1
  • Ford & Baum, Secure Electronic Commerce, Ch 4.3
  
  
• Week 4: Digital Signatures (ctd), hash functions, security and NP-completeness
  Reading:
  • (E) Kaufman et al, Ch 5.1
  • (E) Schneier Ch 2.3-2.7,
  • Goldreich, Oded. Modern cryptography, probabilistic proofs, and pseudorandomness (a book that explains the connection to computational complexity in far greater depth than we will consider.)
  
  
• Week 5: Public Key Infrastructure
  Reading:
  • (E) Kaufman et al Ch 15.
  • Ford and Baum, Secure Electronic Commerce, Ch 6 and 7
  • Ten Risks of PKI: what you're not being told about public key infastructure B. Schneier and C. Ellison
  
  
• Week 6: Authentication Protocols
  Reading:
  • (E) Kaufman et al, Ch 9-11
  • Using Encryption for Authentication in Large Networks of Computers, R.M. Needham and M.D. Schroeder, Communications of the ACM Dec 1978, pp 993-999.
  • Timestamps in Key Distribution Protocols, D.E. Denning and G.M. Sacco, Communications of the ACM Aug 1981, pp 533-536.
  
  
• Week 7: PKI (continued), Authetication Protocols in practice: Kerberos
  Reading:
  • (E) Kaufmann et al Ch 13-14.
  • (E) Limitations of the Kerberos Authentication System Steven Bellovin and Michael Merritt, Usenix 1991
  • Schneier Ch 24.5
  
  
• Week 8: SSL
  Reading:
  • (E) Kaufman et al Ch 19
  • SSL 3.0 Specification
  • Finite-State Analysis of SSL 3.0, Mitchell, J.C., Shmatikov, V. and Stern, U., Seventh USENIX Security Symposium, San Antonio, 1998, pages 201-216.
  • David Wagner and Bruce Schneier. Analysis of the SSL 3.0 protocol. In Proceedings of the Second USENIX Workshop on Electronic Commerce Proceedings, pages 29-- 40, November 1996. A revised version is available.
  
  
• Week 9: Guest lecture: Greg Rose, Qualcomm. Symmetric Ciphers (E) [PDF] [PPT]
  
  
• Session break
  
  
• Week 10: Guest lecture: Kim Valois, CSC. Security Management Issues (E) [PDF]
  
  
• Week 11: Guest lecture: Kim Valios, CSC. Security Architecture Issues (E) [PDF]
  
  
• Week 12: Guest lecture: Jason Catlett, JunkBusters
  
  • Topics and Links
    
  • References (all by Roger Clarke):
    
    1. (E) Links in PITs and PETs Resources Site;
    2. (E) The OECD Data Protection Guidelines: A Template for Evaluating Information Privacy Law and Proposals for Information Privacy Law (1989). For further optional update, see his draft follow-up: Beyond 'Fair Information Practices': A New Paradigm for 21st-Century Privacy Protection (work-in-progress 1998)
  
  
• Week 13: Payment Mechanisms
  • (E) Security without Identification Card Computers to make Big Brother Obsolete, David Chaum
  • (E) How To Make A Mint: The Cryptography of Anonymous Electronic Cash, Laurie Law, Susan Sabett, Jerry Solinas, National Security Agency, 1996
  • (E) Model Checking the Secure Electronic Transaction (SET) Protocol, Shiyong Lu, Scott A. Smolka (source of the abstract version of SET discussed in class, verification aspects of the paper are not examinable)
  References
  • SET Secure Electronic Transaction LLC
  • Papers by a group at Camnbridge U that tries to come to grips with SET and verify it.
  • W3C Micropayments page
  • W3C Micro Payment Transfer Protocol
  • Epayments Schemes index at W3
  • Blind Signatures for untraceable payments, D. Chaum, in Advances in Cryptology, Proc. Crypto'82
  • Untraceable Electronic Cash, D. Chaum, A. Fiat and M. Naor, in Advances in Cryptology: Proceeedings of Crypto 88