 ISBN 0-07-212285-4 |
 ISBN 0-07-138038-8 |
 ISBN 0-07-913759-8 |
The George Washington University
School of Engineering and Applied Science (SEAS)
Graduate Cryptography Course Outline
EMSE 298 IN / IN2
Management and Policy, The George Washington University, School of Engineering and
Applied Science (SEAS), Washington, DC
Contact Information:
Mobile:
Fax:
Business E-Mail:
GWU E-Mail:
Website:
1000
- 0330 Hrs EST
717-329-9836
717-258-5693
cto@infosec-technologies.com
crypto@gwu.edu
www.infosec-technologies.com
The ICSA Guide To Cryptography (GUIDE) by Randall K. Nichols, McGraw-Hill Professional Books, November 1999, 837 pages with CDROM. [ISBN 0-07-913759- 8]
Cryptography Decrypted (CD) by H.X. Mel and Doris Baker, Addison Wesley, 352 pages, April 2001. [ISBN 0-201-61647-5]
Wireless Security (WS) by Randall K. Nichols and Panos C Lekkas, McGraw-Hill Professional Books, December 2001, 637 pages. [ISBN 0-07-138038-8]
Course Overview
Cryptography is a maturing science that has global-ranging applications in business and Government. Every commercial establishment that either markets its products internationally or uses computer networks for global communications and customer services must be concerned with protecting its information assets from a variety of attacks. It is the purpose of this course to provide a practical survey of the principles, best practices, policy, and management of cryptography with respect to business and government applications, and more specifically commercial computer security systems. Special emphasis will be on cryptographic principles and improving communications security for wireless telephony and devices, e-business and government networks.
- How Cryptography works and lessons from Classical Cryptography History
- Key Management
- Modern Cryptography -Authentication, Confidentiality, Data Integrity and Non-Repudiation
- RSA vs. Elliptic Curve Cryptography (ECC) cryptosystems
- Secure E-Commerce and Internet Cryptography
- Public Key Infrastructure (PKI)
- Wireless Security - encryption features and standards
- Digital Signatures and Certification Authorities
- Cryptanalysis and Security of Cryptographic Systems
- Hands-on solutions to simple and moderate cryptograms
- Terrorist Cryptograms - Low Tech Codes [Brotherhood codes]
- Algorithms - both commercial and AES: Rijndael, GOST, Serpent, RC6, Misty, Twofish, IDEA
- SHA and Hash algorithms
- Policy decisions -PKI and COTS
- Implementation errors
- The myths of key size and crypto-strength and key escrow
- Traffic Analysis - Vertical Differentiation of Crypto Systems and Difficulties of System ID with AES Group using the ATS
- Cryptography and INFOSEC -due diligence
- Cryptography and INFOWAR - Terror
- Government / Privacy / Law Enforcement /Terrorism
The object will be to give the class a comfortable grounding in encryption systems. We will examine classical and modern systems. There will be three hands-on field exercises scheduled to demonstrate the "on-the-fire" side of encryption in the field. Class participation is very important. Team learning facilitates a better understanding of the critical issues. The class will be divided into working teams and assigned a semester long research paper on current technical / business / wireless / anti-terror / INFOWAR cryptographic issues.
- Introductions
- Administrative and Ethics
Issues
- Formation of working teams and suggestions for effective implementation
- TEAM RESEARCH PAPER Requirements and expectations - Cryptography and INFOWAR [Team leader requirements]
- How Cryptography Works and Historical Lessons from Classical Cryptography
Chapter 2: First Principles and Overview
Chapter 3: Historical Systems I.
Chapter 2: Substitution and Caesars Cipher
Chapter 3: Transposition Ciphers: Moving Around
Topics: Purposes of Encryption, Steganography, First Principles, Symmetric Cryptography, Asymmetric Cryptography, Hashes and Message Digests; Turning Point: DES; What Cryptography can protect, what it cannot. Threat models. Wireless is different.
WEEK 2: 10 June Historical Systems II and Code Machines up to DES
Reading assignments:
Chapter 5: Codes and Machines
Appendix G.
Chapter 5: DES isn't strong anymore
Chapter 6: Evolution of Cryptography: Going Global
Chapter 2: Wireless INFOWAR
Topics: Lessons from Classical History: Principal of Cryptographic Universality, Basic operations - substitution and transposition, product ciphers, statistical identification. Examples - Civil War, Kennedy, W.W.II, Viggy and Delastelle systems. Some insights into Pearl Harbor intelligence failure.
***SUBMIT CHOICE OF RESEARCH TOPIC and Get Started!***
WEEK 3: 17 June: Cryptographic Standards and Algorithms
*** TEAM OUTLINES DUE ***
Reading assignments:
Appendix A.
Chapter 6 DES and Information Theory
Chapter 8: Algorithms: pp. 236-252, review pp. 20-23, 234,
291- 297.
Appendices C & D & F
Chapter 8: Problems with Secret Key Exchange
Topics: Brief review of ISO/IEC, FIPS, PKIX, ANSI, RFCs and the Rainbow Series. Problems with standards. API framework, IETF. RSA standards. International issues – Common Criteria and Certification.
Topics: a layman's introduction to both commercial algorithms and AES (especially Rijndael). Review of IDEA, DES, 3DES, RC5, and Elliptic Curve Cryptography (ECC), Comparison of hardware and software characteristics. Cryptographic systems -IFP, DLP, ECC, Security / Strength Comparisons. Teams will pick one algorithm and research it, present to class: Rijndael, GOST, Serpent, RC6, RC5, Misty, Twofish, IDEA-128, SHA-1
WEEK
4: 24 June Modern Cryptography - Authentication, Confidentiality,
and Data
Integrity and Non-Repudiation
Reading assignments:
Chapter 10: Confidentiality Using Keys
Chapter 11: Making Public Keys: Math Tricks
Appendixes A & B
Class Team Exercise 2 - PGP Key exchange and discussion of trust models. Exacting and robust authentication.
WEEK 5: 8 July February Internet Cryptography Note: July 1 is a holiday.
Reading assignments:
Chapter 13: Hashes: Non-Keyed message Digest
Chapter 14: Message Digest Assurances
Topics: Channels, ISO model, Authentication, Identification, Secure Pipes-SSL, VPN, PKI, anonymous remailers, Internet threat model. Which layer Certificates and CA's.
Handout: Identity, Authentication and Authorization on the World Wide Web. Handout LANs.
Class Team Exercise 3 - Improving a Virus (or worm) by encryption. [Weapons Grade]. Using malicious code to strike the enemies eyes.
WEEK 6: 15 July Teams I
TEAMS - In class project time; Research Discussions with teams
FIRST FORMAL REVIEW OF RESEARCH - Crunch Time
***MIDTERM ALGORITHM PAPERS DUE***
WEEK 7: 22 July Digital Signatures and Trust
Reading assignments:
Chapter 12: Certificate Authorities
Chapter 16 Digital Certificates
Chapter 17: X.509 Public Key Infrastructure
Handout: Digital Signatures and Certification Authorities - Technology, Policy and Legal Issues.
WEEK 8: 29 July Teams II
Reading assignments:
Chapter 15: Internet Cryptography
Chapter 19: Real-World Systems: Secure E-Mail
***Courtesy Review of Draft Research Papers.***
TEAMS - In class project time
Discussion: Government Requirements /Privacy/ International Trust / Export Issues
WEEK 9: 5 August Cryptanalysis and Security of Cryptographic Systems
Reading assignments:
Chapter 11: Hardware Implementations
Topics: System Identification and Key Clustering. Cryptanalytic attacks. Principals of vertical and horizontal differentiation based on repetitions, entropy, PRNG testing, compression and graphical analysis. Side channel attacks, differential and linear cryptanalysis, character and bit level analysis.
Demonstration: identification of traffic, signatures, and strength of encryption systems.
WEEK 10: 12 August E-Commerce and VPNs
Reading assignments:
Chapter 19: Cryptography in Electronic Commerce Systems
Chapter 20: Role-Based Crypto.
Chapter 16: Policy
Chapter 21: IPSec Overview
Chapters 22 & 23: Cryptographics Gotcha's and Protecting Keys
WEEK 11: 19 August: RESEARCH PAPERS DUE
***TEAM
RESEARCH PAPERS DUE***
Team Presentations on their assigned topics
***FINAL
GRADES***