Information Security Seminar
FEKT-VSIBAcad. year: 2018/2019
The course covers the topics of advanced cryptography and implementation of cryptographic algorithms used for assuring ICT system security. In particular, the course covers: formal proofs based on simulation paradigms, standard security model and random oracle security model, security definitions of signature schemes, security definitions of encryption schemes, security definitions of privacy-enhancing schemes, security frameworks (UC – Universal Composability Framework), implementation aspects of modern cryptographic schemes, particularly the commitment schemes, group signatures and privacy-enhancing schemes, such as attribute-based schemes.
Learning outcomes of the course unit
By passing the course, students will get the knowledge of advanced cryptography, in particular of the trends in modern cryptographic protocol design. Students will obtain the skills necessary for secure design based on provable security using widely accepted formal models and definitions. Students will be able to design modern protocols and understand the specifications of upcoming cryptographic systems. By passing the course, students will learn the actual state in the implementation and use of cryptographic algorithms in real-world systems for assuring ICT security.
Students must have the background in symmetric and asymmetric cryptography and discrete mathematics equivalent to knowledge provided by compulsory courses BZKR and TAKR of the Bachelor’s program T-IBP.
Recommended optional programme components
Recommended or required reading
BURDA, Karel. Aplikovaná kryptografie. 1. vyd. Brno: VUTIUM, 2013. ISBN 978-80-214-4612-0.
MENEZES, Alfred, Paul C VAN OORSCHOT a Scott A VANSTONE. Handbook of applied cryptography. Boca Raton: CRC Press, c1997. Discrete mathematics and its applications. ISBN 0-8493-8523-7.
Koblitz, Neal; Menezes, Alfred J. (2015). “The Random Oracle Model: A Twenty-Year Retrospective” (PDF). Another Look. Retrieved 6 March 2015.
Canetti, Ran. ”Universally composable security: a new paradigm for cryptographic protocols," Foundations of Computer Science, 2001. Proceedings. 42nd IEEE Symposium on, 2001, pp. 136-145.
Camenisch, J., Krenn, S., Lehmann, A., Mikkelsen, G., Neven, G. and Pedersen, M. ”Formal Treatment of Privacy-Enhancing Credential Systems", Selected Areas in Cryptography - SAC 2015, Sackville, New Brunswick, Canada, August 12–14, 2015.
Damgård, I. (2007). "A "proof-reading" of Some Issues in Cryptography". Automata, Languages and Programming, 34th International Colloquium, ICALP 2007, Wroclaw, Poland, July 9-13, 2007. Proceedings. LNCS 4596: 2–11
Planned learning activities and teaching methods
Methods of educations are described in the article 7 of the BUT’s Study and Examination Regulation. Teaching methods include seminar. Course is taking advantage of e-learning (Moodle) system.
Assesment methods and criteria linked to learning outcomes
The maximum of 30 points is given upon completion of the theoretical test in seminar. The maximum of 70 points can be gained by completing the final project.
Language of instruction
1. Formal proofs of cryptographic system properties
2. Random oracle model
3. Standard model
4. Universally Composable Framework
5. Formal definitions of encryption schemes
6. Formal definitions of basic cryptographic primitives schemes
7. Formal definitions of signature schemes
8. Formal definitions of privacy-enhancing schemes
9. Modern cryptographic schemes – group signatures
10. Modern cryptographic schemes – authentication, identification schemes
11. Modern cryptographic schemes – privacy protection
12. Implementation aspects of modern cryptography
The goal of the course is to provide students with the overview of the actual trends in cryptography and system security. Students will learn the advanced techniques used in modern cryptography that are based on the provable security concept. Furthermore, formal security models and security proving techniques are covered. This theoretical knowledge is illustrated using practical examples of the architectures and implementations of modern encryption schemes, signature schemes and privacy-enhancing schemes.
Specification of controlled education, way of implementation and compensation for absences
The conditions for the successful course completion are stated in the yearly updated supervisor’s notice.