ves

The aim of the course is to give the students in depth knowledge of techniques used to create secure communication protocols. The students shall after the course be able to:

• describe the principles and properties of the three basic cryptographic functions (secret key, public key, and message digests).
• explain how these functions can be used to efficiently encrypt and integrity protect a message.
• list and motivate common mechanisms in block ciphers.
• design/evaluate a security protocol with respect to the comparable strength of its encryption, integrity protection and authentication components.
• describe and compare various "modes of operation" to encrypt large messages when using secret key cryptography (ECB, CBC, Counter, etc.).
• explain the procedure to acquire private and public keys in RSA, and describe why it's difficult for an attacker to find Bob's private key given his public key.
• describe the Diffie-Hellman message exchange, and explain what it can be used for.
• list and compare alternatives for authenticating users (passwords, smart cards, biometrics, ...).
• explain how secret key and public key cryptography can be used in authentication systems.
• describe common attacks on authentication systems, list good design principles to avoid such attacks, and be able to evaluate if a given authentication system is subject to such attacks.
• describe the principles of "strong password protocols" and explain how they can be used for credential download (e.g., a private key).
• describe the role of trusted third parties (KDCs and CAs) in authentication systems.
• explain the principles of the Kerberos authentication system.
• describe and compare/evaluate various PKI trust models according to criteria such as "vulnerability to CA compromise", "ease of deployment", and "risk of CA monopoly".
• list and describe good design principles for authenticated keying protocols (identity hiding, perfect forward secrecy, resistance to DoS attacks, session resumption, etc., and be able to evaluate a given protocols according to these principles.
• describe and compare the services provided by IPsec and TLS/SSL.

Course Organisation

Prerequisites

Basic knowledge in Data communications and Internetworking.

Course enrollment

How to enroll to the course depends on what kind of student you are.

• Internetworking and NordSecMob Master students: The course is mandatory for KTH Internetworking (IW) and NordSecMob Master Students, thus they will be signed up automatically. However, when the course start you should register with the course leader (preferrably during the first lecture)
• Other KTH students (including DSV students and exchange students):
  1. Prerequisites: If you meet the prerequisites (see "Prerequisites" above) you can sign-up for the course. Otherwise, you should contact the course coordinators to check if you have the required background.
  2. Apply via student counselor: You apply for the course via your student counselor.
  3. Registration: When the course starts you should register with the course coordinator, preferrably during the first lecture. (If you arrive too late you may have to wait until next year before finishing the course.)
• Students not enrolled with any KTH program, i.e., students who like to take the course as "free standing course" (fristående kurs):
  1. Apply for "free standing course" (fristående kurs): For the procedure to apply to take this course as a "free standing course", see general KTH information about "Kurser för frisående studerande" (unfortunately this information is only in swedish). The form (blankett) you should use is the form for program courses.
  2. Prerequisites: Contact the course coordinator to check if you have the required background.
  3. Registration: When the course starts you should register with the course coordinator, preferrably during the first lecture. (If you arrive too late you may have to wait until next year before finishing the course.)

Course Staff

• Course coordinators: Peter Sjödin and Markus Hidell will be giving lectures
• Raul Jimenez will be suprvising seminars and lab sessions
  
• Examiner is Peter Sjödin

Course Literature

The course book is "Network Security - Private Communication in a public world". Charlie Kaufman, Radia Perlman and Mike Speciner. Prentice Hall. Second Edition 2002, ISBN: 0130460192.

The book is available at the "Student Book Store" in KTH Forum, Kista.