Description
This course introduces the science and art behind the design, security analysis, and implementation cryptanalysis of modern day cryptosystems.
First, we will examine several primitives including block ciphers and collision-resistant hash functions, which we will apply in order to design cryptosystems that protect the privacy and authenticity of data at rest and in transit. Second, we will examine how cryptography can overcome, or be harmed by, systems security concerns. Third, we will explore the state of the art in secure messaging systems that leverage public and secret key cryptography to protect communications even in the case of prior or future device compromise. Finally, we will examine the mathematical strength of block ciphers and hash functions toward common types of mathematical cryptanalysis.
First, we will examine several primitives including block ciphers and collision-resistant hash functions, which we will apply in order to design cryptosystems that protect the privacy and authenticity of data at rest and in transit. Second, we will examine how cryptography can overcome, or be harmed by, systems security concerns. Third, we will explore the state of the art in secure messaging systems that leverage public and secret key cryptography to protect communications even in the case of prior or future device compromise. Finally, we will examine the mathematical strength of block ciphers and hash functions toward common types of mathematical cryptanalysis.
General Information
Meeting times
This class meets Mondays and Wednesdays at 12:20-1:35 in room MCS B25.
VPN information
Some of the textbooks and reading assignments require access to the websites of publishers like Springer, IEEE, and ACM. You will only be able to access these papers if you are on the BU network or if you VPN into it. Instructions to VPN into the BU network are located here: http://www.bu.edu/tech/services/support/remote/vpn/. Alternatively, prepending "http://ezproxy.bu.edu/login?url=" to the front of a URL allows you to view a single website through the BU network without the need to VPN.
Office hours
Mayank's office hours are typically Wed 3-5pm in MCS room 164. If you want to meet with me at an alternative time, send me a Piazza post stating a few times that you're available.
Additionally, Hanson Duan's office hours are Thursday 4-6pm in MCS 164.
Additionally, Hanson Duan's office hours are Thursday 4-6pm in MCS 164.
Lab grading rubric
Most lab questions are graded on a scale of 0-10 points using the rubric below. The rubric has two components: an automated grade and a manual grade. (There will be a few problems that deviate from this plan, and they will be clearly marked on the lab assignment itself.)
*Rubric for automated scoring*
The graders will write a script that tests if your program outputs the right answer. You'll get 2 points if so and 0 points otherwise. There is no subjectivity to this portion of the grade.
Make sure your program only prints the requested output. Do not prepend it with any text like "the answer is: [blah]." If you do so, then you will lose the 2 points for the automated grade.
There is one caveat to the automated scoring: if you simply output the correct answer without providing any context, you will receive 0 points. (That is: the automated portion of the grade will be manually docked.)
*Rubric for manual scoring*
8 - full credit
6 - mostly correct, but with a minor procedural error
4 - made substantial progress, but missing at least one major concept
2 - made at least one conceptual observation
0 - the response doesn't make any substantial progress toward the solution
If you document your code, the reviewers may give you the benefit of the doubt and put you in between two categories. If you don't document your code and as a result the graders cannot follow your methodology, then they may put you in a lower category than you felt like you would achieve. Basically: make sure to explain your work!
*Rubric for automated scoring*
The graders will write a script that tests if your program outputs the right answer. You'll get 2 points if so and 0 points otherwise. There is no subjectivity to this portion of the grade.
Make sure your program only prints the requested output. Do not prepend it with any text like "the answer is: [blah]." If you do so, then you will lose the 2 points for the automated grade.
There is one caveat to the automated scoring: if you simply output the correct answer without providing any context, you will receive 0 points. (That is: the automated portion of the grade will be manually docked.)
*Rubric for manual scoring*
8 - full credit
6 - mostly correct, but with a minor procedural error
4 - made substantial progress, but missing at least one major concept
2 - made at least one conceptual observation
0 - the response doesn't make any substantial progress toward the solution
If you document your code, the reviewers may give you the benefit of the doubt and put you in between two categories. If you don't document your code and as a result the graders cannot follow your methodology, then they may put you in a lower category than you felt like you would achieve. Basically: make sure to explain your work!
Announcements
Course schedule
1/22/18 10:07 AM
This post will be continually updated as new readings and assignments are posted.
Part 1. The power of random-looking permutations
| Week | Topic | Textbook reading | Optional resources | Due date |
| 1 | Introduction & building blocks |
|
| Lab 1 due 1/26 |
| 2 | Message authenticity |
|
| Lab 2 due 2/4 |
| 3 | Hash functions | The Hash Function BLAKE, Sections 1.1, 2.1, 2.2, and 2.4. |
| Lab 3 due 2/9 |
| 4 | Encryption via enciphering | Introduction to Modern Cryptography, Sections 4.1 through 4.7. (The rest of the chapter is optional but worthwhile to read if you have the time.) |
| Lab 4 due 2/16 |
Part 2. Cryptography meets reality: a love/hate story
| Wk | Topic | Textbook reading | Optional resources | Due date |
| 5 | Encrypting data at rest | The Block Cipher Companion, Sections 4.1 through 4.4 and also Sec 4.6. Everything here should be review except for CFB and OFB modes (Sec 4.2.1 and 4.2.2); just ignore those. | Test on 2/21, no lab | |
| 6 | Padding oracles | A Graduate Course in Applied Cryptography, pages 350-354 (that is, Sections 9.4.2 and 9.4.3) |
| Lab 5 due 3/2 |
| (spring break) | ||||
| 7 | Side channels | Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices |
| Lab 6 due 3/16 |
| 8 | Authenticated encryption | A Graduate Course in Applied Cryptography, Sections 9.1-9.6 (i.e., pages 347-370), except the part you already read in Week 6 |
| Lab 7 due 3/23 |
Part 3. Structured forgetfulness: dropping keys before they can be stolen
| Wk | Topic | Textbook reading | Optional resources | Due date |
| 9 | Authenticated key exchange |
Models of authenticated key exchange
Group keying
| No lab due this week | |
| 10 | Key evolution & ratcheting |
|
|
Test on 4/2 Lab 8 due 4/6 |
Part 4. When reductions fail: dealing with the lowest layer
| Wk | Topic | Textbook reading | Optional resources | Due date |
| 11 | Designing ciphers & random number generators | Egele et al: An empirical study of cryptographic misuse in Android applications (this is the topic of Prof. Egele's guest lecture) |
| |
| 12 | Cryptanalysis |
The Block Cipher Companion, chapters 6-7 |
|
Part 5. Special topics
| Wk | Topic | Textbook reading | Optional resources | Due date |
| 13 | Protected computing | Fuller et al. Cryptographically protected database search | Lab 9 due 4/27 | |
| 14 | Law + crypto |
| Lab 10 due 5/2 |
#pin
| Name | Office Hours | |
|---|---|---|
Hanson Duan | When? Where? | |
Mayank Varia | When? Where? | |
Sarah Scheffler | When? Where? |
Textbooks
Textbooks
Lecture materials
Lecture materials
Lecture date
May 2, 2018
Apr 30, 2018
Apr 25, 2018
Apr 18, 2018
Apr 9, 2018
Apr 4, 2018
Mar 28, 2018
Mar 26, 2018
Mar 21, 2018
Mar 19, 2018
Mar 14, 2018
Mar 12, 2018
Feb 28, 2018
Feb 26, 2018
Feb 20, 2018
Feb 14, 2018
Feb 12, 2018
Feb 7, 2018
Feb 7, 2018
Feb 5, 2018
Jan 31, 2018
Jan 29, 2018
Jan 24, 2018
Jan 22, 2018