650.445: PRACTICAL CRYPTOGRAPHIC SYSTEMS

 
 

The last three decades have seen an exponential increase in the deployment of cryptographically-enabled security systems.  Among other things, this technology has had a major role in facilitating the rise of electronic banking, Internet-based commerce, and secure mobile telephony. 


Unfortunately, the rapid pace of adoption can also be blamed for many negative consequences.  Cryptographic systems often achieve widespread deployment without being subjected to proper design and evaluation.  This has led to many widely-publicized “breaks”: reports of serious vulnerabilities, including flaws in WiFi encryption, GSM cellular networks, SSL, disk encryption, and deployed biometric systems.


This semester-long course will teach cryptographic design principles by example, i.e., by studying and identifying flaws in widely-deployed cryptographic systems. Our focus will be on the techniques used in practical security systems, the mistakes that lead to failure, and the approaches that might have avoided the problem. We will place a particular emphasis on the failure of "security by obscurity" and the feasibility of reverse-engineering undocumented cryptographic systems.

 

COURSE DESCRIPTION

Photos of inscribed key, Mykotronx MYK-78T Clipper chip, Nike Missile Control Panel and Nagra recorder by Matt Blaze, used under a Creative Commons license.

TIME & PLACE

Tuesday / Thursday, 1:30 - 2:45pm

4th Floor Conference Room

Wyman Park Building (3100 Wyman Park Drive)

Coursework, Exams & Grading

Grades will be assigned according to the following formula:


Presentations (40%): In addition to regular readings, students will be expected to give 1-2 short (30 min) presentations on topics including: protocol and primitive attacks (current and historic), software/hardware attack techniques, standardization and design, attack mitigation.  A list of suggested papers is provided here, but students are also welcome to suggest their own topics (“current events” preferred).


Written assignments (20%): Students will be assigned 2 written assignments, due at the beginning of class the following week.  Assignments are to be completed individually (no collaboration is allowed).


Exams (30%): There will be a midterm and final exam covering material from lecture topics and student presentations.


Class participation (10%). 

Course TEXT, READINGS & Syllabus

There will be no mandatory text for this course. Reading will consist of case studies and academic research papers, with optional readings drawn from Anderson's Security Engineering, portions of which are available online. I also recommend Mao's Modern Cryptography as a good reference on cryptographic fundamentals.


  1. Full Syllabus (including course slides)

  2. Reading List and Presentation Topics

  3. Assignment 1, due 2/26/2009

  4. Take-home Final Exame, due 5/12/2009 (11:59pm)

Instructor: Matthew Green
Email: mgreen [at] cs.jhu.edu