# Computer Security:  2017-2018

 Lecturer Degrees Term Michaelmas Term 2017  (16 lectures)

## Overview

Computer security pervades every aspect of the modern online experience, now reaching into mobile phones and games consoles as well as conventional computers. This course covers some of the fundamental principles of computer security.

After identifying some different aspects of security, a number of practical challenges will be presented. For each one, the aim is to specify the requirements of a solution, explain an appropriate (mathematics-based) tool, and then discuss pitfalls, attacks, and countermeasures. Topics covered include will one-way functions, symmetric and asymmetric block ciphers, keyed hashes, digital signatures, and simple key exchange protocols.

## Learning outcomes

An understanding of the differences between various forms of computer security, where they arise, and appropriate tools to achieve them; an appreciation of some common security pitfalls; knowledge of appropriate ways to quantify security.

This is a course for computer scientists, not system administrators. Don't expect to learn how to build "secure" websites, nor how to install firewalls.

## Prerequisites

• Basic modular arithmetic (as amply covered by the Discrete Mathematics course).
• Elementary discrete probability (as amply covered by the first-year Probability course).
• Java for the practicals. No advanced structures or techniques will be required.

## Practicals

There will be two practicals, with preparatory reading in weeks 2 and labs in weeks 3-8.

## MSc Assessment

There will be a take-home exam, similar to problem sheets but with a smaller number of longer questions, to be completed during the Christmas vacation.

## Synopsis

Introduction [1 lecture]. Motivating example, definitions of security aspects.

Access control [1 lecture]. Models of security and the example of Unix permissions.

Symmetric key ciphers [3 lectures]. Block ciphers, Kerckhoffs' Principle, attack models, examples of attacks (including meet-in-the-middle). Perfect security, Shannon's conditions, Vernam cipher and the one-time pad. Feistel networks, DES, state-of-art encryption. Block modes, stream ciphers.

Cryptographic hash functions [2-3 lectures]. One-way and cryptographic hash functions, relationships with other security properties; attacks on iterative algorithms. Hashes for password storage and key generation: offline attacks, strengthening by salting and stretching, examples in practice. Hashes for message integrity, collision resistance. The Merkle-Damgard construction, padding, MD4 and its successors.

Asymmetric key ciphers [2-3 lectures]. The RSA cryptosystem: proof of correctness, discussion of efficiency. The RSA security assumption, relationship with integer factorization. Discussion of appropriate key size. Homomorphic property, number theoretic attacks, PKCS v1.5 padding. Brief survey of alternative public key ciphers.

Message authentication & digital signatures [2-3 lectures]. The Dolev-Yao model. Message authentication codes, HMAC. Digital signatures, attack models. RSA signatures, textbook weaknesses, and PKCS v1.5 padding. Combining signatures and encryption. Brief survey of alternative signature schemes.

Protocols [3 lectures]. Entity-entity authentication protocols given shared secret or public keys, weaknesses and attacks. Key distribution and certification, chains of trust, PKI. Mediated authentication protocols, weaknesses and attacks. The SSL/TLS application layer protocol.

## Syllabus

Aspects of securitysecurity models. Tools for achieving particular security goals, attacks, and countermeasures: one-way functions, symmetric and asymmetric block ciphers including key generation and block modes, keyed hashes, digital signatures, simple key exchange protocols. Applications in practice.