MSc/Masters » Module Details

IY5502 An Introduction to Cryptography and Security Mechanisms

First term, core module for Technical Pathway and Secure Digital Business Pathway.

Module leader

K. M. Martin.

Aims

The approach of this module is non-technical. The primary objectives are to explain why cryptography is needed, what it provides, how basic cryptographic mechanisms work and what issues need to be addressed when implementing cryptography. The mathematical content of this module is minimal. Tutorial support for the elementary mathematics needed for this module will be provided for those who require it.

Objectives

At the end of this module you should be able to:

  • Explain exactly what cryptography can be used for
  • Appreciate the differences between various types of cipher system and in which situations they are most usefully employed
  • Identify the issues that need to be addressed when assessing what types of cryptographic mechanism are necessary to "secure" an application
  • Describe several basic cryptographic mechanisms for providing each of the core security services
  • Identify the limitations of cryptography and how to support it within a full security architecture

Students completing this module should not expect to be able to design algorithms.

Provisional syllabus

Basic principles: An introductory overview of the need for various cryptographic services.

Historical algorithms: An illustration of the principles behind cryptography by looking at simple historical cryptographic algorithms.

Theoretical v practical security: Perfect secrecy and the one-time pad, and the compromises made by practical cryptographic systems.

Symmetric cryptography: Block ciphers, including DES and AES, stream ciphers and modes of operation.

Public key cryptography: One-way functions, RSA, El Gamal and Diffie-Hellman key exchange.

Cryptographic services: challenge/response, MACs, and cryptographic protocols.

Digital signatures: hash functions, signatures with appendix and signatures with message recovery.

Key management: key lifecycles, key distribution, master/session key schemes, hybrid schemes and case studies.

Public Key Infrastructures: certificates, certification processes, revocation, CA interworking, PKI models, alternative approaches.

Legal aspects: import/export restrictions, where the law encourages/discourages use of cryptography, legal recognition of digital signatures.

Method of examination

Written examination.

Recommended texts

  • F. Piper and S. Murphy, A very short Introduction to Cryptography, OUP, 2002.
  • S. Levy, Crypto, Penguin Books 2000.
  • S. Singh, The Code Book, Fourth Estate 1999.

Other references

  • H. X. Mel and D. Baker, Cryptography Decrypted, Addison-Wesley, 2001.
  • S. Garfinkel and G. Spafford, Web Security, Privacy and Commerce, O'Reilly, 2002.
  • A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997. (Also available at http://www.cacr.math.uwaterloo.ca/hac/)
  • B. Schneier, Applied Cryptography, 2nd Edition, Wiley (1996).