Professional Documents
Culture Documents
Week 1: Overview: DR Emiliano de Cristofaro
Week 1: Overview: DR Emiliano de Cristofaro
Dr Emiliano De Cristofaro
UCL Intro to Crypto 16/17
Instructors
Lecturer: Dr Emiliano De Cristofaro
E-mail: e.decristofaro@ucl.ac.uk
Office hours: Tue 4-6pm, in MPEB 6.04 (6th floor)
Myself
BSc/MSc from University of Salerno (Italy), 2005
PhD from University of California, Irvine, 2011
Research:
Cryptography applied to privacy-enhancing technologies
Network and Systems security
Web and Mobile Measurements
Timetable
Lectures:
Mon 10-11am, Medical Sciences G46 H O Schild LT
Tue 2-4pm, Gordon Street (25) Maths 500
Tutorials (mandatory):
Thu 9-11am, Roberts Building G08 Sir David Davies LT
Book
Katz, Lindell: Introduction to Modern Cryptography
Both first and second editions work, slides will report
corresponding chapters from the book
Slides/exam do not assume you study from this book, but
it will help you A LOT (trust me!)
Do not use unauthorized PDF versions!
More Books
Smart: Cryptography Made Easy
Menezes, van Oorschot, Vanston: Handbook of
Applied Crypto
Stalling: Cryptography and Network Security
Additional Resources
Moodle!!!
Regularly posted pointers, use the discussion forum!
Everybody should be automatically enrolled if not, use
self-enrollment key CryptoRulez
Assessment
Exam in May (65%)
Past exams (and solutions) available on Moodle
Pro-tip: you will NOT get a good mark unless you start
studying TODAY
Coursework (35%)
Two parts
Details to be announced next week
In-person meetings
During office hours (obviously J), but also in other time
slots if you get an appointment via email
Class participation
Participate, participate, participate! Ask questions!
Please do not come late, it is very disruptive for others
Turn off cells, computers, tablets, etc.
Do not look for pokemons here! J
Last Updated: 01/10/16
10
11
12
13
Cryptography is everywhere!
Secure communication:
Web traffic: HTTPS
Wireless traffic: WPA2
End-to-end encrypted chats: Whatsapp
Full-disc encryption
Content protection (e.g. DVD, Blu-ray)
User authentication
Last Updated: 01/10/16
14
A rigorous science
The three steps in cryptography:
1. Specify adversarys capabilities aka threat model
2. Propose a construction
3. Prove that breaking the construction, in that threat
model, is as hard as solving a problem that is known to
be hard to break
15
16
Security Goals
Properties of a system must be maintained despite a
resourced strategic adversary
Examples of properties:
Confidentiality, e.g. only authorized principals may read
Integrity, e.g. only authorized principals may write
Availability, e.g. authorized principals can access the
system
17
Alice
Last Updated: 01/10/16
Bob
UCL Intro to Crypto 16/17
Eve
18
Crypto core
Talking
to Alice
Talking
to Bob
Alice
Key establishment:
Bob
attacker???
Secure commuinication:
m1
m2
confidentiality and integrity
19
Anonymous communication
Alice
signature
Who did I
just talk to?
Alice
Bob
What else???
20
Encryption
Alice and Bob (somehow) share a secret key k
Alice and Bob agree on a cipher algorithm (e.g., AES)
ct <- Ek(M), send ct over
m <- Dk(ct)
21
22
Hybrid Encryption
Can I use public-key and symmetric-key crypto
together???
23
Intro to Crypto
Symmetric Key Crypto
Confidentiality
Theoretical Ciphers
Block Ciphers (e.g., AES)
Stream Ciphers (e.g., RC4)
Public-Key Cryptosystems
(e.g., RSA, ElGamal)
Authentication
Message Authentication
Codes (e.g., HMAC)
Digital Signatures
(e.g., RSA, DSA)
Integrity
24
Cryptanalysis
Attacks on schemes
Best known attacks
Attacks when you modify schemes a bit
Attacks on home-brew cryptography
Who is winning?
Cryptographers?
Cryptanalysts?
Cat and mouse game?
Last Updated: 01/10/16
25
Security
Cannot really test whether a scheme is secure
No matter what kind of experiments you run adversary might
do something unexpected
How can you anticipate all attacks in advance?
26
Security model
What do we want to protect?
What are the conditions for the adversary to win?
27
OpenSSL
Open-source implementation of SSL and TLS
Three main components:
openssl command line tool
crypto C/C++ library implementing cryptographic
algorithms (and underlying data/numeric support)
Essentially, implementation of all algorithms well study
28
29
Install OpenSSL
sudo apt-get install openssl
Installs the command line tool
Then, execute openssl speed
30