WM9C5-15 Management of Cryptosystems
Modern cyber systems use cryptography to protect various properties of data (confidentiality, integrity, authenticity etc) when it is stored on or moving between computer systems. Examples include the encryption of data at rest on mass storage devices such as disc drives or USB removable drives; protection of data in transit between a user's web browser and the web server where they are engaged in some sort of financial transaction; authentication protocols to assure one part of a system as to the identity of another part of the system with which is interacting; and the underlying properties that give cryptocurrencies their perceived value.
This module equips participants with critical insight into the application of cryptography in a range of practical scenarios. There is an emphasis on how cyber security consultants position cryptosystems in system designs. The focus is on understanding the resulting properties of sophisticated cryptographic protocols, algorithms and configurations, rather than on analysis of the deep mathematics within. The module analyses standard cryptographic patterns that may be applied to achieve particular patterns of protection in typical scenarios.
Practical exercises are used to demonstrate cryptographic principles. Participants engage with cryptographic hashes to understand their strengths and weaknesses concerning data integrity. Participants are provided a detailed understanding of different attacks (brute force, dictionary, rainbow tables, synthetic collisions) and mitigations (salting, stretching, large keyspace). Participants are exposed to symmetric and public key encryption. Particular attention is paid to the use of hybrid systems to address the key exchange problem in a computationally efficient manner, securing confidentiality over time and in transit. This is developed to show how a public key infrastructure also offers assurance through digital signatures. The challenge of having the relevant key available for authorised use, yet unavailable for unauthorised use is a common theme.
Important cryptographic protocols – such as X509 PKI (Public Key Infrastructure), IPSec (Internet Protocol Security), TLS (Transport Layer Security), SSH (Secure SHell) – are analysed in detail in order to establish where that most human requirement, trust, is located. Most importantly, participants are presented with a critical understanding of how and when a given protocol should (not) be used in a system design scenario.
Cryptosystems are pivotal to various blockchain technologies including cryptocurrencies. The module explores the role of cryptography in these technologies and equips participants with a detailed working knowledge of these applications.
This is an indicative module outline only to give an indication of the sort of topics that may be covered. Actual sessions held may differ.
- Cryptographic hashes. Understand terminology: hash, digest, message authentication code, function. Hash properties: irreversible, deterministic, collision resistance, length. Application: authentication, known good / bad files, file integrity. Cryptographic attacks: brute force, rainbow tables, password salting / stretching, collisions. Hash algorithms: MD5, SHA, and others.
- Encryption theory. Terminology: plaintext, ciphertext, key, algorithm, protocol. Concepts: entropy, one-time pad, complexity, initialisation vectors.
- Symmetric encryption. Encryption over distance or time – the key exchange problem. Example algorithms – DES, Triple DES, AES.
- Asymmetric encryption. Properties: encrypting for known recipient, signing by authentic sender. Establishing trust: certificate authenticity, hierarchy (X509) and web (OpenPGP), certificates. Consequences of loss of key control – revocation certificates.
- Hybrid encryption. Using asymmetric encryption to share symmetric key. SSL/TLS
- Other specific protocols. Kerberos, IPSEC
- Data protection. At rest, in transit
- Blockchain and Virtual currencies. Distributed consensus, peer-to-peer network, the ‘51% attack’, immutability, apparent anonymity. Virtual currencies: bitcoin Ethereum, wallets, transactions, smart contracts, anonymity and privacy in the Bitcoin ecosystem.
By the end of the module, students should be able to:
- Critically analyse the properties of cryptographic functions such as symmetric/asymmetric encryption systems and hashes
- Evaluate competing cryptographic techniques in the solution of well defined cyber problems.
- Design and simulate cryptosystems to meet desired cyber security outcomes
- Critically analyse the properties of cryptographic protocols.
Indicative reading list
Schneier, B., Kohno, T. and Ferguson, N., 2013. Cryptography engineering: design principles and practical applications. Wiley.
Anderson, R., 2008. Security engineering. John Wiley & Sons.
The module content draws upon and highlights research within the domain. Module assessment typically requires participants to perform further research in order to prepare an appropriate response to the assessment task.
Although the module is largely dedicated towards the development of discipline-specific technical, professional and analytical skills, these are necessarily interdisciplinary in nature ranging from abstract mathematics to human trust.
The module is designed for an international cohort. Learning materials and examples will be drawn from a range of disciplines and cultures.
Subject specific skills
Equip student to configure cryptosystems to achieved desired properties.
Critical thinking, problem solving.
|Lectures||7 sessions of 1 hour (5%)|
|Practical classes||23 sessions of 1 hour (15%)|
|Online learning (independent)||37 sessions of 1 hour (25%)|
|Assessment||83 hours (55%)|
Private study description
No private study requirements defined for this module.
No further costs have been identified for this module.
You must pass all assessment components to pass the module.
Assessment group A1
|Application of Cryptpography in a Scenario||100%||83 hours|
The specific scenario and the related cryptographic activity will vary from year to year.
Submitted report will be 2,500 words
Feedback on assessment
Feedback will be provided via Tabula using standard WMG feedback mechanisms.
If you take this module, you cannot also take:
- ES94N-10 Crypto-systems & Data Protection
- ES94N-15 Crypto-systems & Data Protection
This module is Core for:
- Cyber Security Management (New Degree)