The main objective of this course is to provide students with a
thorough understanding of the fundamentals of and current best
practices in applied cryptography. Students will have a solid
understanding, including practical experience, of the basic
cryptographic primitives and most important real-world cryptographic
systems in use.
| Required Knowledge and Skills
|
- Solid understanding of basic cryptographic primitives,
including symmetric and asymmetric cryptography (encryption, key
exchange, and digital signatures), information theory, and elementary
cryptanalysis.
- General understanding of the OSI 7-layer network protocol
stack, especially TCP/IP
- C++ or Java programming
- Programming with sockets (not required, but highly recommended)
- Additional cryptographic primitives not covered in PMAT 329,
including message authentication codes, hash functions, random number
generators, provably secure cryptosystems, and authentication
protocols
- Mechanisms and frameworks for key management, including
symmetric key cryptography based solutions (key distribution centers),
public key infrastructures, and ID-based cryptography
- Real-world cryptographic systems for access control
(password-based mechanisms, SSH, Kerberos), secure email (PGP, SMIME),
IP security (IPSec), eCommerce (SET), and web security (SSL)
- Advanced cryptographic techniques of current relevance, for
example, secret sharing, bit commitment, zero-knowledge authentication
protocols, advanced digital signature schemes
- Issues related to efficient implementation of cryptosystems
- Familiarity with the openssl cryptography library
| Development and Enhancement of Skills
|
The coverage of additional cryptographic primitives will round out the
students' existing knowledge (from PMAT 329) of the basic
cryptographic tools available to provide security services. The
discussion of real-world protocols will give students numerous
examples of how these primitives can be assembled to create robust
security solutions for a variety of applications, from the very
general (IP security) to the very specific (eCommerce security). The
hands-on experience students will obtain via programming assignments
will provide insight into practical issues related to efficient
implementation and real world security.
All the programming work required for this course will be done using
C++ or Java. The openssl cryptography library implementations of some
cryptographic primitives will also be used. No other tools will be
required.
This course is predominantly lecture-based. Students' skills
will be developed through three methods:
- written assignments, to exercise students' understanding of the
theoretical concepts presented and their ability to apply these
concepts,
- programming assignments, to give students hands-on experience
in implementing and working with the protocols and primitives
presented in the course,
- a written research project, in which students apply their
knowledge by exploring and assessing a real-world cryptographic system
not covered in the course.
This course is part of a concentration on information security.
Students who want to learn more about applied security may consider
the follow-up course in that concentration, CPSC 529 (Information and
Network Security). This course discusses security controls and
mechanisms in a much broader sense, in which applied cryptography is
one important component.
Students who want to learn more about cryptography may consider CPSC
519 (Introduction to Quantum Computing), in which quantum cryptography
is discussed, or the undergraduate concentration in cryptography
offered by the Mathematics department, in which the more theoretical
aspects of cryptography are covered in greater depth.
This page last modified:
http://www.cpsc.ucalgary.ca/~jacobs/cpsc429/W08/about.html |