Open Site Navigation

Cryptography

Cryptography is an indispensable tool for protecting information in computer systems. Cryptography provides important tools for ensuring the privacy, authenticity, and integrity of the increasingly sensitive information involved in modern digital systems. Nowadays, core cryptographic tools, including encryption, message authentication codes, digital signature, key agreement protocols, etc., are used behind millions of daily on-line transactions. In this course, we will unveil some of the "magic" of cryptography. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The objective of the course is to provide a basic understanding of the various issues related to information systems security (esecurity). The course will present an overview of the risks encountered in information systems security, and the tools used for resolving these risks.

Cryptography

Course Modules

Overview Of E-security


  • Threats, risks, consequences
  • Sources of threats
  • Attacks classification
  • Preventive measures, remedial measures




Cryptography For E-security


  • Historical perspective
  • Confusion vs. diffusion
  • Stream ciphers vs. block ciphers
  • Keys and key management
  • Key exchange (peer to peer, peer - keyserver - peer)
  • Diffie Helman key sharing scheme
  • Symmetric key cryptography vs asymmetric key cryptography
  • Trapdoor functions




Given A Scenario, Perform Virtual Resource Migration


  • Establish requirements
  • Maintenance scheduling
  • Reasons
  • Storage migration
  • Online vs. offline migrations
  • Physical to Virtual (P2V)
  • Virtual to Virtual (V2V)
  • Virtual to Physical (V2P)




Hash Digests


  • Properties of cryptographic hash functions
  • Merkle Damgard construction
  • md family
  • sha family
  • Digital signatures
  • sha3




GPG


  • Overview of GPG
  • Commands and CLI
  • GPG trust model
  • GUI – KGPG, Seahorse
  • Frontends – Kleopatra, enigmail




Block Ciphers


  • Block cipher principles
  • Feistel networks
  • S boxes and P boxes
  • Block cipher modes of operation
  • DES
  • 3DES
  • AES




Public Key Encryption


  • Public key crypto systems
  • RSA algorithm
  • Elliptic Curve cryptography




Practical Applications


  • PKI, CA. X509 certificates
  • SSL/TLS, HTTPS
  • IPV6 and IPSEC
  • Proxies and Firewalls




Misc. Techniques


  • Encryption using non-cryptographic tools (vi, zip)
  • Authentication principles and methods
  • Passwords, two-factor authentication
  • One-way encryption
  • Steganography
  • Hamming
  • Chaffing and Winnowing




Management Aspects


  • System Administration policies
  • Security audit
  • Penetration testing and ethical hacking
  • Mandatory Access control, Discretionary Access Control
  • Monitoring and logging tools
  • Legal aspects





Duration of the courses: 120 Hours

Prerequisites

Participants will be expected to have a fairly good background in discrete mathematics. Since the tools used in this course will be based on Linux/FOSS, participants will need to be comfortable working with Linux/FOSS.

Key Benefits

Through this course, the participant will learn about encryption and decryption functionality, the strengths and weaknesses of various algorithms, digital signatures, public-key cryptography, industry best practices.