Week 1: Overview

Dr Emiliano De Cristofaro
UCL Intro to Crypto 16/17

Instructors
Lecturer: Dr Emiliano De Cristofaro
E-mail: e.decristofaro@ucl.ac.uk
Office hours: Tue 4-6pm, in MPEB 6.04 (6th floor)

Demonstrators (tutorial sessions):

Andrea Cerulli (andrea.cerulli.13@ucl.ac.uk)
Apostolos Pyrgelis (apostolos.pyrgelis.14@ucl.ac.uk)

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

Myself
BSc/MSc from University of Salerno (Italy), 2005
PhD from University of California, Irvine, 2011
Research:
Cryptography applied to privacy-enhancing technologies
Network and Systems security
Web and Mobile Measurements

Research projects available Come to office hours

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

Timetable
Lectures:
Mon 10-11am, Medical Sciences G46 H O Schild LT
Tue 2-4pm, Gordon Street (25) Maths 500

Tutorials (mandatory):
Thu 9-11am, Roberts Building G08 Sir David Davies LT

Reading Week: November 7-11 (no class/tutorials)

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

Book
Katz, Lindell: Introduction to Modern Cryptography
Both first and second editions work, slides will report
corresponding chapters from the book
Slides/exam do not assume you study from this book, but
it will help you A LOT (trust me!)
Do not use unauthorized PDF versions!

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

More Books
Smart: Cryptography Made Easy
Menezes, van Oorschot, Vanston: Handbook of
Applied Crypto
Stalling: Cryptography and Network Security

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

Additional Resources
Moodle!!!
Regularly posted pointers, use the discussion forum!
Everybody should be automatically enrolled if not, use
self-enrollment key CryptoRulez

Proactively keep yourself updated:

Lots of good resources online
Subscribe to good blogs/media outlets to keep yourself
update on crypto (and security in general) news
Last Updated: 01/10/16

UCL Intro to Crypto 16/17

Assessment
Exam in May (65%)
Past exams (and solutions) available on Moodle
Pro-tip: you will NOT get a good mark unless you start
studying TODAY

Coursework (35%)
Two parts
Details to be announced next week

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

Some Ground Rules

Tutorials
Every week a set of exercises is posted, you must try to
solve them, then we go over together the solutions
By far the most effective way to learn

In-person meetings
During office hours (obviously J), but also in other time
slots if you get an appointment via email

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

Some Ground Rules

Use the discussion forum to ask questions
This way answers are available to everyone!
So, I wont answer topic-related questions via email

Class participation
Participate, participate, participate! Ask questions!
Please do not come late, it is very disruptive for others
Turn off cells, computers, tablets, etc.
Do not look for pokemons here! J
Last Updated: 01/10/16

UCL Intro to Crypto 16/17

10

The Good News You will...

1. Learn how to think from an adversarial viewpoint
(and adversarial != hacker)
2. Familiarize with asserting provable guarantees of
security against several kinds of adversaries
3. Become able to formalize adversarial models and
security properties
withstand the test of time!
Last Updated: 01/10/16

UCL Intro to Crypto 16/17

11

The Bad News

For some students, this is one of the hardest modules
Possibly the hardest out of the four core MSc Isec
Much easier if you are not scared by math

The exam is usually in early May

If you dont study hard during the term, you will not have
time to do so in April (especially if not taking cryptorelated optional modules in term 2)
Last Updated: 01/10/16

UCL Intro to Crypto 16/17

12

Some More Good News

We review all the theory/math background needed
Extensive tutorial/office hours support, take advantage!
You can learn from your predecessors mistakes!
Start studying early, review during term 2, use the book, etc.

You can take some awesome optional modules in Term 2

Will debunk the I want to be a hacker/be a filthy rich
security consultant, why crypto? is a myth!
Mindset from cryptography is INVALUABLE in the
workplace, will set you apart from your colleagues
Last Updated: 01/10/16

UCL Intro to Crypto 16/17

13

Cryptography is everywhere!
Secure communication:
Web traffic: HTTPS
Wireless traffic: WPA2
End-to-end encrypted chats: Whatsapp

Full-disc encryption
Content protection (e.g. DVD, Blu-ray)
User authentication
Last Updated: 01/10/16

UCL Intro to Crypto 16/17

14

A rigorous science
The three steps in cryptography:
1. Specify adversarys capabilities aka threat model
2. Propose a construction
3. Prove that breaking the construction, in that threat
model, is as hard as solving a problem that is known to
be hard to break

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

15

Correctness vs. Security

Program or system correctness: program satisfies
specification
For reasonable input, get reasonable output

Program or system security: program properties preserved

in face of attack
For unreasonable input, output not completely disastrous

Main difference: adversary

Active interference from a malicious agent
It is very difficult to come up with a model that captures all
possible adversarial actions
Last Updated: 01/10/16

UCL Intro to Crypto 16/17

16

Security Goals
Properties of a system must be maintained despite a
resourced strategic adversary
Examples of properties:
Confidentiality, e.g. only authorized principals may read
Integrity, e.g. only authorized principals may write
Availability, e.g. authorized principals can access the
system

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

17

Meet Alice, Bob, and Eve!

Alice
Last Updated: 01/10/16

Bob
UCL Intro to Crypto 16/17

Eve
18

Crypto core

Talking
to Alice

Talking
to Bob
Alice

Key establishment:

Bob

attacker???

Secure commuinication:

m1

m2
confidentiality and integrity

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

19

But crypto can do much more

Digital signatures / Authentication

Anonymous communication

Alice
signature

Who did I
just talk to?

Alice

Last Updated: 01/10/16

Bob

UCL Intro to Crypto 16/17

What else???
20

Confidentiality: Encryption 1/2

Alice wants to send a confidential message M to Bob
M is the plaintext
An eavesdropping adversary Eve should NOT learn M

Encryption
Alice and Bob (somehow) share a secret key k
Alice and Bob agree on a cipher algorithm (e.g., AES)
ct <- Ek(M), send ct over
m <- Dk(ct)

[ct is the ciphertext]

What kind of encryption is this?

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

21

Confidentiality: Encryption 2/2

What if Alice and Bob do NOT share a secret key k?
When you visit google.com, do you share a key with Google?

They can use a public-key cipher algorithm, which has

two different kinds of keys:
(1) a public key PK that everyone can use to encrypt
(2) a secret key SK that only the owner can use to decrypt
ct <- EPK(M)
m <- DSK(ct)
Last Updated: 01/10/16

UCL Intro to Crypto 16/17

22

Hybrid Encryption
Can I use public-key and symmetric-key crypto
together???

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

23

Intro to Crypto
Symmetric Key Crypto

Public Key Crypto

Confidentiality

Theoretical Ciphers
Block Ciphers (e.g., AES)
Stream Ciphers (e.g., RC4)

Public-Key Cryptosystems
(e.g., RSA, ElGamal)

Authentication

Message Authentication
Codes (e.g., HMAC)

Digital Signatures
(e.g., RSA, DSA)

Integrity

Last Updated: 01/10/16

Hash functions (e.g., SHA)

UCL Intro to Crypto 16/17

24

Cryptanalysis
Attacks on schemes
Best known attacks
Attacks when you modify schemes a bit
Attacks on home-brew cryptography

Who is winning?
Cryptographers?
Cryptanalysts?
Cat and mouse game?
Last Updated: 01/10/16

UCL Intro to Crypto 16/17

25

Security
Cannot really test whether a scheme is secure
No matter what kind of experiments you run adversary might
do something unexpected
How can you anticipate all attacks in advance?

Need a theory of cryptography

Use security models formulated in math language
Gives unequivocal precision

The term secure is widely abused

When somebody says XYZ is secure, ask them what they
mean by the word secure
Last Updated: 01/10/16

UCL Intro to Crypto 16/17

26

Security model
What do we want to protect?
What are the conditions for the adversary to win?

What resources goes the adversary have?

Money, computing power,

What system access does the adversary have?

Insider/outsider, sees public key, wiretapping,

What is the systems desired lifetime?

10 seconds, 1 year, infinity,
Last Updated: 01/10/16

UCL Intro to Crypto 16/17

27

OpenSSL
Open-source implementation of SSL and TLS
Three main components:
openssl command line tool
crypto C/C++ library implementing cryptographic
algorithms (and underlying data/numeric support)
Essentially, implementation of all algorithms well study

ssl C/C++ library

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

28

This Weeks Homework

Try to read Chapter 1 and 2 from KL book

Install and play with OpenSSL
Tomorrow: Classical Cryptography
Tutorials: Math review

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

29

Install OpenSSL
sudo apt-get install openssl
Installs the command line tool
Then, execute openssl speed

sudo apt-get install libssl-dev

Installs the library

Last Updated: 01/10/16

UCL Intro to Crypto 16/17

30