COMPUTER SECURITY AND DATA PROTECTION

Academic Year 2024/2025 - Docente: Dario CATALANO

Risultati di apprendimento attesi

General Objectives.

-       Aim and scope: Nowadays data controllers must design information systems that provide the highest possible privacy guarantees. A fundamental enabler to achieve this is cryptography.  This class is intended to provide an introduction to the main concepts of modern cryptography and their usage to protect data e build secure systems.

 

Synthetic General Description.
The class will focus on basic cryptographic techniques. We will also explore interplays with the practically relevant topic of differential privacy.

We’ll study building blocks such as encryption schemes, digital signatures. We’ll understand what properties we expect from these objects, how to define these properties and how to construct concrete schemes that realize them. The focus will be on schemes that are widely used in practice. These include, for instance, AES, SHA, HMAC and RSA. However, rather than using these tools as black box, we will show how they are built and the security level they provide. No programming will be required for this class. 

 

Expected Learning Results

-       Knowledge and understanding (Conoscenza e capacità di comprensione). Students will learn the fundamental ideas and principles underlying modern cryptography and modern secure systems.

 

-       Applying knowledge and understanding (Capacità di applicare conoscenza e comprensione). On completion, the student will be able to securely use cryptographic tools like encryption schema and digital signatures and to understand their exact role in secure systems.

 

-       Making judgements (Autonomia di giudizio). By studying concrete examples and common mistakes students will learn how to use solutions that providee high security guarantees.

 

-       Communication skills (Abilità comunicative). On completion, students will acquire communication skills that will allow them to fluently communicate using the technical language of computer security.

 

-       Learning skills (Capacità di apprendimento). On completion, students will acquire methodologies that will allow them to securely deal with problems that require the usage of secure solutions.

Course Structure

Lecture based (via slides). 

Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce changes with respect to previous statements, in line with the programme planned and outlined in the syllabus.

Required Prerequisites

Basic notions in probability, algebra and computing.

Attendance of Lessons

Not mandatory but strongly suggested

Detailed Course Content

1.     Symmetric Cryptography  (3 CFU)

1.1.  Classical Ciphers and One-time pad

1.2.  Perfect Security

1.3.  Blockciphers and AES.

1.4.  Symmetric Encryption

1.5.  Hash functions

1.6.  Message Authentication

2.     Asymmetric Cryptography (2 CFU)

2.1.  Number theory basics

2.2.  Asymmetric encryption

2.3.  Digital Signatures

3.     Differential Privacy (1 CFU)

Textbook Information

[1] M. Bellare, P. Rogaway “Introduction to Modern Cryptography” Scaricabile da http://www.cs.ucsd.edu/~mihir/cse107/classnotes.html

[2] V. Shoup A Computational Introduction to Number Theory and Algebra Scaricabile da http://shoup.net/ntb/

[3] J. Katz, Y. Lindell “Introduction to Modern Cryptography” CRC press

Course Planning

 SubjectsText References
1Some classical ciphers and their cryptanalysis. Perfect Security and One time pad. Cap 2 from [1]
2Block Cipher and AESCap 3,4 from [1]
3Symmetric Encryption Cap 5 from [1]
4Integrity and Hash Functions Cap 6 from [1]
5Message Authentication Cap 7 from [1]
6Intro to Asymmetric Cryptography. One way Functions and Trapdoor Functions. Discrete Logarithms, Factoring and RSA.Cap 9, 10 from [1], relevant parts from [2]
7Asymmetric encryption. The El-Gamal encryption scheme. Homomorphic Encryption (basics). RSA-OAEP.Cap 11 from [1] and slides
8Differential PrivacyLecture notes and slides

Learning Assessment

Learning Assessment Procedures

There will be an (open) written exam, followed by an oral exam. The written part counts for 80% of the grade. Books, notes and electronic devices are not allowed during the exam. 


Midterms: There might be the possibility of a midterm followed by a final exam. The midterm covers the part on symmetric encryption whereas the final will be on the remaining part of the class. 


Grades

   Failed: the student does not know the basic concept of the course and has completed less than 40% of the required assignemnts

   18-20: the student has a basic knowledge of the topics of the course but he has great difficulties in applying them to practical exercises and problem solving pipelines.

   21-24: the student has a basic knowledge of the topics of the course and he is able to solve simple problems and exercises with some guidance from the teacher.

   25-27: the student has a good knowledge of the topics of the course and can complete the assignement in autonomy with minor errors

   28-30 e lode: The student has full knowledge of the topics of the course and is able to complete in autonomy assignements making connections and with only very minimal occasional mistakes.

 


Examples of frequently asked questions and / or exercises

  • Exercises on the crypto primitives (example: show that a given encryption scheme is not secure by providing an attack)
  • Algorithms (ex: presenta and explain some of the algorithms studied in class)
ENGLISH VERSION