Description

This course introduces the science and art behind the design, security analysis, and implementation cryptanalysis of modern day cryptosystems.

First, we will examine several primitives including block ciphers and collision-resistant hash functions, which we will apply in order to design cryptosystems that protect the privacy and authenticity of data at rest and in transit. Second, we will examine how cryptography can overcome, or be harmed by, systems security concerns. Third, we will explore the state of the art in secure messaging systems that leverage public and secret key cryptography to protect communications even in the case of prior or future device compromise. Finally, we will examine the mathematical strength of block ciphers and hash functions toward common types of mathematical cryptanalysis.

General Information

Meeting times
This class meets Mondays and Wednesdays at 12:20-1:35 in room MCS B25.
VPN information
Some of the textbooks and reading assignments require access to the websites of publishers like Springer, IEEE, and ACM. You will only be able to access these papers if you are on the BU network or if you VPN into it. Instructions to VPN into the BU network are located here: http://www.bu.edu/tech/services/support/remote/vpn/. Alternatively, prepending "http://ezproxy.bu.edu/login?url=" to the front of a URL allows you to view a single website through the BU network without the need to VPN.
Office hours
Mayank's office hours are typically Wed 3-5pm in MCS room 164. If you want to meet with me at an alternative time, send me a Piazza post stating a few times that you're available.

Additionally, Hanson Duan's office hours are Thursday 4-6pm in MCS 164.
Lab grading rubric
Most lab questions are graded on a scale of 0-10 points using the rubric below. The rubric has two components: an automated grade and a manual grade. (There will be a few problems that deviate from this plan, and they will be clearly marked on the lab assignment itself.)

*Rubric for automated scoring*
The graders will write a script that tests if your program outputs the right answer. You'll get 2 points if so and 0 points otherwise. There is no subjectivity to this portion of the grade.

Make sure your program only prints the requested output. Do not prepend it with any text like "the answer is: [blah]." If you do so, then you will lose the 2 points for the automated grade.

There is one caveat to the automated scoring: if you simply output the correct answer without providing any context, you will receive 0 points. (That is: the automated portion of the grade will be manually docked.)

*Rubric for manual scoring*
8 - full credit
6 - mostly correct, but with a minor procedural error
4 - made substantial progress, but missing at least one major concept
2 - made at least one conceptual observation
0 - the response doesn't make any substantial progress toward the solution

If you document your code, the reviewers may give you the benefit of the doubt and put you in between two categories. If you don't document your code and as a result the graders cannot follow your methodology, then they may put you in a lower category than you felt like you would achieve. Basically: make sure to explain your work!

Announcements

Course schedule
1/22/18 10:07 AM

This post will be continually updated as new readings and assignments are posted.

Part 1. The power of random-looking permutations

WeekTopicTextbook readingOptional resourcesDue date
1Introduction & building blocks Lab 1 due 1/26
2Message authenticity Lab 2 due 2/4
3Hash functionsThe Hash Function BLAKE, Sections 1.1, 2.1, 2.2, and 2.4. Lab 3 due 2/9
4Encryption via encipheringIntroduction to Modern Cryptography, Sections 4.1 through 4.7. (The rest of the chapter is optional but worthwhile to read if you have the time.) Lab 4 due 2/16

Part 2. Cryptography meets reality: a love/hate story

WkTopicTextbook readingOptional resourcesDue date
5Encrypting data at restThe Block Cipher Companion, Sections 4.1 through 4.4 and also Sec 4.6. Everything here should be review except for CFB and OFB modes (Sec 4.2.1 and 4.2.2); just ignore those.Test on 2/21, no lab
6Padding oraclesA Graduate Course in Applied Cryptography, pages 350-354 (that is, Sections 9.4.2 and 9.4.3) Lab 5 due 3/2
(spring break)
7Side channelsSystematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices Lab 6 due 3/16
8Authenticated encryptionA Graduate Course in Applied Cryptography, Sections 9.1-9.6 (i.e., pages 347-370), except the part you already read in Week 6 Lab 7 due 3/23

Part 3. Structured forgetfulness: dropping keys before they can be stolen

WkTopicTextbook readingOptional resourcesDue date
9Authenticated key exchange

Models of authenticated key exchange

Group keying

No lab due this week
10Key evolution & ratcheting
  • Itkis' survey on Forward security
  • EFF blog post on security, privacy, and anonymity properties one might want in a messaging system

Test on 4/2

Lab 8 due 4/6

Part 4. When reductions fail: dealing with the lowest layer

WkTopicTextbook readingOptional resourcesDue date
11Designing ciphers & random number generatorsEgele et al: An empirical study of cryptographic misuse in Android applications (this is the topic of Prof. Egele's guest lecture)
12Cryptanalysis

The Block Cipher Companion, chapters 6-7

Part 5. Special topics

WkTopicTextbook readingOptional resourcesDue date
13Protected computingFuller et al. Cryptographically protected database search

Lab 9 due 4/27
14Law + crypto

All the crypto code you’ve ever written is probably broken

Lab 10 due 5/2

#pin

Staff Office Hours
NameOffice Hours
Hanson Duan
When?
Where?
Mayank Varia
When?
Where?
Sarah Scheffler
When?
Where?