The goal of this teaching course is to introduce the theory and practice of modeling secure cryptographic systems and protocols based on the state of the art. It further aims to train cybersecurity skills aimed at identifying potential threats to a computer system and defending its security perimeter.

01. Confidentiality and symmetric key cryptography. 
    01.01 Shannon ciphers.
    01.02 Semantic security.
    01.03 Stream ciphers.
    01.04 Block ciphers.
    01.05 Pseudo-random functions.
    01.06 Security against chosen plaintext attack.

02. Integrity, MAC, and hashing algorithms.
    02.01 Message authentication code (MAC).
    02.02 Keyed hash functions.
    02.03 Keyless hash functions. 
    02.04 Hashing applications.

03. Authentication and asymmetric key cryptography.
    03.01 Authenticated encryption.
    03.02 Applications of authenticated encryption.
    03.03 RSA and Diffie-Hellman.
    03.04 Public key cryptography.
    03.05 Security against chosen ciphertext attack.
    03.06 Digital signatures.
    03.07 Signcryption.

04. Cryptographic protocols.
    04.01 Identification protocols.
    04.02 Zero-knowledge proofs (ZKP).
    04.03 Authenticated key exchange.
    04.04 Advanced authentication protocols.
    04.05 Formal verification of cryptographic protocols.

05. Cybersecurity: attack and defense.
    05.01 Security perimeter.
    05.02 Kill chain: vulnerability search.
    05.03 Kill chain: breach, escalation, and damage.
    05.04 Kill chain: risk management and security policy.
    05.05 Kill chain: defense strategies.
    05.06 Exercises of penetration testing.
    05.07 Security of the new technologies.

There are no mandatory prerequisites.

Knowledge and understanding: the student will be able to understand the theoretical notions behind the definition of cryptographic primitives and behind the construction of secure cryptographic protocols and systems, the solutions aimed at ensuring the main classes of security properties, the management issues for corporate security perimeters and the defense techniques against cyberattacks.

Applying knowledge and understanding: the student will be able to understand the main characteristics that make cryptographic protocols secure and corporate computer systems vulnerable to cyberattacks, with the aim of being able to apply such a knowledge for the modeling of secure systems with respect to the main security properties.

Making judgements: the student will be able to identify the main vulnerabilities of a corporate computer system and to verify the robustness of security perimeters, by specifying which defense tools are more adequate in this respect.

Communication skills: the student will be able to explain appropriately how and by which technologies it is possible to guarantee the security of corporate systems. The student will be also able to determine strengths and weaknesses of the main securing techniques.

Learning skills: the student will learn the capability of estimating the security properties of a cryptographic system and the main analysis techniques used for the verification of the security perimeter of corporate systems.

The teaching material prepared by the lecturer in addition to recommended textbooks (such as for instance slides, lecture notes, exercises, bibliography) and communications from the lecturer specific to the course can be found inside the Moodle platform › blended.uniurb.it

Examples of projects conducted and presented in seminar form are available within the Moodle platform for blended learning.

Teaching

Theory lectures and laboratory exercises, both face-to-face and on-line.

Teaching is delivered in a blended mode, that is, lectures are held simultaneously in the classroom and from remote within the Moodle platform.

Innovative teaching methods

Problem-based learning.

Attendance

Although recommended, course attendance is not mandatory.

Course books

Sections 01 to 04 are covered by Niels Ferguson, Bruce Schneier: Practical cryptography,  J. Wiley Editor, 2003.

Section 05 is covered by Cybersecurity: Attack and Defense Strategies, Yuri Diogenes and Erdal Ozkaya, Pack Pub., 2018.

Assessment

The exam consists of an oral test and a project, which contribute equally to determining the final grade.

The oral test includes three questions, one for each section of the course syllabus that is not already covered by the project topics. The purpose of the oral is to assess communication skills and the level of understanding of the subject matter. Each of the criteria is evaluated based on a four-level rating scale with equal weight assigned to each criterion.

The project must be agreed with the lecturer and involves three different alternative modes: a paper on the in-depth study of a topic on which the student is asked to prepare and present a 15-minute seminar, or the formal analysis of a cryptographic protocol using automatic verification tools, or the implementation of a virtual network where examples of penetration testing and validating defense models can be carried out. The purpose of the project is to assess the ability to learn and apply knowledge and understanding, independent judgment, and communication skills. Each of the criteria is evaluated based on a four-level rating scale with equal weight assigned to each criterion.

Disability and Specific Learning Disorders (SLD)

Students who have registered their disability certification or SLD certification with the Inclusion and Right to Study Office can request to use conceptual maps (for keywords) during exams.

To this end, it is necessary to send the maps, two weeks before the exam date, to the course instructor, who will verify their compliance with the university guidelines and may request modifications.

Teaching

As for attending students.

Attendance

As for attending students.

Course books

As for attending students.

Assessment

As for attending students.

Disability and Specific Learning Disorders (SLD)

Students who have registered their disability certification or SLD certification with the Inclusion and Right to Study Office can request to use conceptual maps (for keywords) during exams.

To this end, it is necessary to send the maps, two weeks before the exam date, to the course instructor, who will verify their compliance with the university guidelines and may request modifications.