Welcome to CS 590 (Practical and Applied Cryptography)!

Instructor: Christina Garman (clg@purdue.edu)

In 2016 more than 2 billion records and $450 billion were lost due to publicly-reported criminal and nation-state cyberattacks across the globe, and over 100 million medical records were stolen in the United States alone. The failure of our existing security infrastructure motivates the need for improved technologies, and cryptography provides a powerful tool for doing this. Over the past several years though, we have seen a number of serious vulnerabilities in the cryptographic pieces of systems, some with large consequences.

This course will cover cryptography as it is applied to real world systems, both in how to build secure systems as well as examining flaws and "breaks" in already deployed systems. We will also discuss the mistakes that led to these flaws, how these flaws could have been prevented, and various tools and techniques that exist for building cryptographic systems in practice. Students will have the opportunity to implement cryptographic schemes and explore cryptographic failures in practice, as well as engage in a semester-long research project related to applied cryptography. The course will consist of a combination of lectures and paper reading/discussions.

Time: Tu/Th 1:30pm-2:45pm
Location: Lawson B134
Syllabus

Prerequisites:

• CS 526 (Information Security) or CS 426 (Computer Security) or permission of the instructor

• Programming experience: Some of the assignments will require programming knowledge and we will be implementing cryptographic schemes, so you should be comfortable programming.

• Strongly recommend either: CS 355 (Introduction to Cryptography) or CS 555 (Cryptography and Data Security) but not required.

My office hours will be on Tuesdays from 3-4pm in my office (Lawson 3154G).

I will be available by appointment as well.

The course will consist of a combination of lectures and paper reading/discussions. Each student will be expected to present at least one paper and lead a discussion on the paper. We will also have a few projects, both in implementing cryptographic schemes as well as exploring cryptographic failures in practice. Finally, there will be a semester-long research project related to applied cryptography.

Because this is a seminar-style course and discussion will be important, part of your grade will include a participation component. So please attend class! If you cannot make class for any reason (such as job interviews, etc.), please let me know as you will not be penalized for this.

• Assignments: 50%

• Presentation(s): 10%

• Midterm: 15%

• Course Project: 15%

• Class participation: 10%

Final grades will be assigned on a curve at the end of the course.

This schedule is subject to change.

TBD

Date	Topics	Readings
8/21/18	Introduction
8/23/18	Introduction
8/28/18	Basics of Cryptography
8/30/18	Basics of Cryptography
9/4/18	Symmetric Cryptography	Symmetric Key Cryptography Notes
9/6/18	Symmetric Cryptography
9/11/18	Public Key Cryptography	Public Key Cryptography Notes Notes on Algebra and Number Theory
9/13/18	Public Key Cryptography
9/18/18	PKI, SSL/TLS	Optional: Lessons Learned in Implementing and Deploying Crypto Software Optional: Twenty Years of Attacks on the RSA Cryptosystem Optional: https://tlseminar.github.io/
9/20/18	SSL/TLS and Attacks [Protocols]

All projects will be submitted on Blackboard unless otherwise noted.

All assignments will be submitted on Blackboard unless otherwise noted.

• Assignment 1: Due Tuesday August 28th, 2018 at 1:30pm

• Project 1: Due Tuesday October 30th, 2018 at 11:59pm

TBA

Students are expected to have read the associated paper(s) BEFORE each class.

If you have any suggestions for papers that you would like to present, please let me know!

A Few Thoughts on Cryptographic Engineering

No textbook is required, but if you would like additional resources the following may be useful:

• Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone

• Modern Cryptography: Theory and Practice by Wenbo Mao

• Introduction to Modern Cryptography by Jonathan Katz and Yehuda Lindell

Resources for Cryptographic Background

The Department of Computer Science expects and enforces the highest standards of academic integrity and ethics. The Department takes severe action against academic dishonesty, which may include failing grades on an assignment or in a course, up to a recommendation for dismissal from the University.

Academic dishonesty is defined as any action or practice that provides the potential for an unfair advantage to one individual or one group. Academic dishonesty includes misrepresenting facts, fabricating or doctoring data or results, representing another's work or knowledge as one's own, disrupting or destroying the work of others, or abetting anyone who engages in such practices.

Academic dishonesty is not absolute because the expectations for collaboration vary. In some courses, for example, students are assigned to work on team projects. In others, students are given permission to collaborate on homework projects or to have written materials present during an examination. Unless otherwise specified, however, the CS Department requires all work to be the result of individual effort, performed without the help of other individuals or outside sources. If a question arises about the type of external materials that may be used or the amount of collaboration that is permitted for a given task, each individual involved is responsible for verifying the rules with the appropriate authority before engaging in collaborative activities, using external materials, or accepting help from others.

A student accused of academic dishonesty must be afforded due process as defined by Purdue University procedures. The Dean of Students Office may be notified concerning an academic dishonesty incident as provided by Purdue University procedures.

Last modified Tues 21 August 2018.