Course pages 2015–16
Security I
Principal lecturer: Dr Markus Kuhn
Taken by: Part IB
Past exam questions
No. of lectures: 12
Suggested hours of supervisions: 3
Prerequisite courses: Mathematical Methods I, Discrete Mathematics,
Operating Systems, Complexity Theory
This course is a prerequisite for Security II.
Aims
This course covers some essential computer-security techniques, focussing mainly on private-key cryptography, discretionary access control and common software vulnerabilities.
Lectures
- Introduction. Malicious intent. Security policies, targets, mechanisms. Aspects of confidentiality, integrity, availability, privacy. Requirements across different applications.
- Cryptography. Overview, private vs. public-key ciphers, MACs vs. signatures, certificates, capabilities of adversary, Kerckhoffs’ principle.
- Classic ciphers. Attacks on substitution and transposition ciphers, Vigenére. Perfect secrecy: one-time pads.
- Private-key encryption. Stream ciphers, pseudo-random generators, attacking linear-congruential RNGs and LFSRs. Semantic security definitions, oracle queries, advantage, computational security, security proofs.
- Block ciphers. Pseudo-random functions and permutations. Birthday problem, random mappings. Feistel/Luby-Rackoff structure, DES, TDES, AES.
- Chosen-plaintext attack security. Security with multiple encryptions, randomized encryption. Modes of operation: ECB, CBC, OFB, CNT.
- Message authenticity. Malleability, MACs, existential unforgeability, CBC-MAC, ECBC-MAC, CMAC, birthday attacks, Carter-Wegman one-time MAC.
- Authenticated encryption. Chosen-ciphertext attack security, ciphertext integrity, encrypt-and-authenticate, authenticate-then-encrypt, encrypt-then-authenticate, padding oracle example, GCM.
- Entity authentication. Passwords, trusted path, phishing, CAPTCHA. Authentication protocols: replay attacks, one-way and challenge-response protocols, Needham-Schroeder, protocol failure examples.
- Operating system security. Trusted computing base, domain separation, reference mediation, residual information protection.
- Discretionary access control. Matrix model, DAC in POSIX and Windows, elevated rights and setuid bits, capabilities, Clark-Wilson integrity.
- Software security. Malicious software. Common implementation vulnerabilities: buffer overflows, integer overflows, meta characters, syntax incompatibilities, race conditions, unchecked values, side channels, random-bit sources.
Objectives
By the end of the course students should
- be familiar with core security terms and concepts;
- understand security definitions of modern private-key cryptographic primitives;
- understand the POSIX and Windows NTFS discretionary access control system;
- understand the most common security pitfalls in software development.
Recommended reading
Katz, J., Lindell, Y. (2015). Introduction to modern cryptography. Chapman & Hall/CRC (2nd ed.).
Paar, Ch. & Pelzl, J. (2010). Understanding cryptography. Springer.
Gollmann, D. (2010). Computer security. Wiley (3rd ed.).