Contact Information:

10:00 AM – 10:00 PM EST
717-258-5693
717-329-9836
cto@infosec-technologies.com
crypto@gwu.edu
www.infosec-technologies.com

Neils Ferguson and Bruce Schneier, Practical Cryptography (PC), Wiley, April 2003. [0-471-22894-X]

Cryptography Decrypted (CD) by H.X. Mel and Doris Baker, Addison Wesley, 352 pages, April 2001. [ISBN 0-201-61647-5]

Randall K Nichols and Panos C Lekkas, Wireless Security, (WS) McGraw-Hill Professional Books, January 2002. [ISBN: 0-07-138038-8.] One of the most comprehensive references on the subject, by far.

Dan Verton, Black Ice: The Invisible Threat of Cyber-Terrorism (ICE) Osborne, 2004 [Connecting the dots between physical and cyber terrorism]

Bruce Schneier, Beyond Fear: Thinking Sensibly About Security In an Uncertain World, (BF) Copernicus Books, 2003. [One of his best works!]

Randall K. Nichols, The ICSA Guide To Cryptography (GUIDE) McGraw-Hill Professional Books, November 1999, 837 pages with CDROM. [ISBN 0-07-913759- 8] (Getting harder to find but with pearls)

Course Overview

Cryptography is a maturing science that has global-ranging applications in business and Government. Every commercial establishment that either markets its products internationally or uses computer networks for global communications and customer services must be concerned with protecting its information assets from a variety of attacks. It is the purpose of this course to provide a practical survey of the principles, best practices, policy, and management of cryptography with respect to business and government applications, and more specifically commercial computer security systems. Special emphasis will be on cryptographic principles and improving communications security for wireless telephony and devices, e-business and government networks. Special emphasis will be on terrorist communications and their identification.

• How Cryptography works and lessons from Classical Cryptography History
• Key Management
• Modern Cryptography -Authentication, Confidentiality, Data Integrity and Non-Repudiation
• RSA vs. Elliptic Curve Cryptography (ECC) crypto systems
• Secure E-Commerce and Internet Cryptography
• Public Key Infrastructure (PKI)
• Wireless Security - encryption features and standards
• Digital Signatures and Certification Authorities
• Cryptanalysis and Security of Cryptographic Systems
• Hands-on solutions to simple and moderate cryptograms
• Terrorist Cryptograms - Low Tech Codes [Brotherhood codes]; Al-Quada Communications.
• Algorithms - both commercial and AES: Rijndael, GOST, Serpent, RC6, Misty, Twofish, IDEA
• SHA and Hash algorithms
• Policy decisions -PKI and COTS
• Implementation errors
• The myths of key size and crypto-strength and key escrow
• Traffic Analysis - Vertical Differentiation of Crypto Systems and Difficulties of System ID with AES Group using the ATS
• Cryptography and INFOSEC -due diligence
• Cryptography and INFOWAR - Terror
• Government / Privacy / Law Enforcement /Terrorism

WEEK 1: 12 January 2004
First Principles
Historical Systems I

• Introductions
• Administrative and Ethics Issues
• Non-duplicated Required Bullets for each class period.
• Formation of working teams and suggestions for effective implementation; Team leader requirements
• TEAM RESEARCH PAPER Requirements an expectations - Cryptography, INFOWAR and AES or Cyber-Terror as Topics
• How Cryptography Works and Historical Lessons from Classical Cryptography
• Choice of Biometric Midterm topics
• Download PGP for Robust Us

CD: (required)
Chapter 1: Secret Key Cryptography Locks and Keys
Chapter 2: Substitution and Caesars Cipher
Chapter 3: Transposition Ciphers: Moving Around

PC: (required)
Chapter 1: Our Design Philosophy
Chapter 2: The Context of Cryptography

BF: (optional)
Chapter 1: All SEcurity Involves Trade-Offs
Chapter 2: Security Trade-Offs are Subjective

ICE: (optional)
Chapter 1: Cyber-Terrorism: Fact or Fiction?
Appendix C: Remarks on Cyber-Terrorism

In-Class slides will be available to all students.

Topics: Purposes of Encryption, Steganography, First Principles continued, Symmetric Cryptography, Asymmetric Cryptography; What Cryptography can protect, what it cannot. Threat models. Wireless is different. Applications in Cyber Space.

CD: (required)
Chapter 4: Diffuse and Confuse - How Cryptographers Win the End Game
Chapter 5: DES isn't strong anymore

PC: (required)
Chapter 3: Introduction To Cryptography

BF: (optional)
Chapter 3: Security Trade-Offs Depend On Power and Agenda
Chapter 4: Systems and How they Fail

WS: (optional)
Chapter 1: Why Wireless is Different

ICE: (optional)
Chapter 2: Black-Ice Cyber-Terrorism Hidden Dangers
Appendix A: Critical Infrastructures

Topics: Lessons from Classical History: Principal of Cryptographic Universality, Basic operations - substitution and transposition, block and stream ciphers, product ciphers, statistical identification. Examples - Civil War, Kennedy, W.W.II, Viggy and Delastelle systems. Some insights into Pearl Harbor intelligence failure. Some insights into the 9/11 intelligence failures.

Class Team Exercise 1 - Construction of simple encryption system "on the fly", Use of the ENIGMA Simulation or CSP 1500; use of commercial compression codes – Bentley; comparison with modern equivalents. 2nd part: Cryptanalysis of Simple Risties and Patties.

***SUBMIT CHOICE OF RESEARCH TOPIC and Get Started!***

CD: (required)
Chapter 7: Secret Key Assurances
Chapter 8: Problems with Secret Key Exchange

PC: (required)
Chapter 4: Block Ciphers
Chapter 5: Block Cipher Modes

BF: (optional)
Chapter 5: Knowing the Attackers
Chapter 6: Attackers never change their tunes, Just their instruments

ICE: (optional)
Chapter 3: Terror on the Wire: The Internet as a Weapon

Topics: Brief review of ISO/IEC, FIPS, PKIX, ANSI, RFCs and the Rainbow Series. Problems with standards. API framework, IETF. RSA standards. International issues – Common Criteria and Certification.

Topics: a layman's introduction to both commercial algorithms and AES (especially Rijndael). Review of IDEA, DES, 3DES, RC5, and Elliptic Curve Cryptography (ECC), Comparison of hardware and software characteristics. Cryptographic systems - IFP, DLP, ECC, Security / Strength Comparisons. Teams / Individuals will pick one algorithm and research it, PowerPoint present to class on next class period: Rijndael, GOST, Serpent, RC6, RC5, Misty, Twofish, IDEA-128, SHA-1, MARS, Blowfish, Cast-128, Hornet, Diamond, ECC, DH, any other AES candidate (first round), etc.

CD: (required)
Chapter 9: Public Key Cryptography: Public Exchange of Keys
Chapter 10: Confidentiality Using Keys
Chapter 11: Making Public Keys: Math Tricks
Appendixes A & B

PC: (required)
Chapter 6: Hash Functions
Chapter 7: Message Authentication Codes
Chapter 8: The Secure Channel
Chapter 21: Standards

BF: (optional)
Chapter 7 Technology creates security imbalances
Appendix B: PDD-63 at a glance

ICE: (optional)
Chapter 4: Terror on the Air: The Wireless Threat

CD: (required)
Chapter 12: Creating Digital Signatures Using the Private Key
Chapter 13: Hashes: Non-Keyed message Digest

PC: (required)
Chapter 9: Implementation Issues (I)

BF: (optional) (highly recommended)
Chapter 8: Security is a weakest link problem

WS: (optional) (highly recommended)
Chapter 5: Cryptographic Security

ICE: (optional) (highly recommended)
Chapter 5: Al-Quada: In search of Bin-Laden’s Hackers

Topics: Channels, ISO model, Authentication, Identification, Secure Pipes-SSL, VPN, PKI, anonymous remailers, Internet threat model. Which layer Certificates and CA's.

Class Team Exercise 2 - PGP Key exchange, shared keys and discussion of trust models or Zendian Problems cryptanalysis and Traffic Analysis problem.

***MIDTERM BIOMETRIC ENCRYPTION PAPERS / POWERPOINT PRESENTATIONS DUE***

Reading assignments:

Key Management

Multiple Bullets Due

CD: (required)
Chapter 14: Message Digest Assurances

PC: (required)
Chapter 10: Generating Randomness
Chapter 12: Diffie- Hellman
Chapter 13: RSA

BF: (optional)
Chapter 9: Brittleness makes for bad security

ICE: (optional)
Chapter 6: Web of Terror: What Al-Quada knows about the US

Topics: Digital signatures-What they are, what they do, can we trust them document signing; trust, X509 certificates, international issues - wide spectrum of legal responses. Legal resources from McBride-Coles.

Class Team Exercise 3 - Improving a Virus (or worm or RAT or Web Bug) using encryption and random number generation [Weapons Grade]. Using malicious code to strike the enemies eyes.

Handout: Digital Signatures and Certification Authorities - Technology, Policy and Legal Issues.

Reading assignments:

PKI and Protocols

CD: (required)
Chapter 15: Comparing Secret key, Public Key and Message Digests

PC: (required)
Chapter 14: Introduction To Cryptographic Protocols
Chapter 15: Key Negotiation Protocols

BF: (optional)
Chapter 10: Security revolves around people
Chapter 11: Detection works where Prevention fails
Chapter 12: Detection is Useless without Response

ICE: (optional)
Chapter 7: 9/11: The Cyber-Terrorist Attack

***Courtesy Review of Draft Research Papers.***

TEAMS - In class project time

Discussion: Government Requirements /Privacy/ International Trust / Export Issues

CD: (required)
Chapter 16: Digital certificates
Chapter: 17 X.509 Public Key Infrastructure

PC: (required)
Chapter 16: Implementation Issues (II)

Guide: (optional)
Chapter 21: System Analysis and Identification

BF: (optional)
Chapter 13: Identification, Authentication, and Authorization
Chapter 14: All Countermeasures have some value, but no countermeasure is perfect

WS: (optional)
Chapter 12: Hardware Perspectives for End-to-End Security

WEEKs 10: 15 March 2004

ICE: (optional)
Chapter 9: Dark Winter: Technology and Early Warning
Chapter 10: Security, Terror and Liberty
Chapter 11: The War on Terror: Mobilizing for the Future

Multiple Bullets due.

TEAMS - In class project time; Research Discussions with teams