Lecture Course "Data Security and Cryptology"
 

General Information

 

This is the first year to keep the course in English - previous 9 years it was kept in Estonian.

Lecture Materials (PPTs, both in English and Estonian)

  1. Introduction. Essense of Data Security. Data security, it’s essence and importance in contemporary information systems and in whole world. Availability, integrity and confidentiality, its importance in different information systems and in protection of IT assets. Standard model of security harming. Economical side of data security. Practical solving of security problem. Time: August 31st. Lecture PPT slides in English and in Estonian.
  2. Common Ways to Secure Digital Data. Security Threats, Classification. Main differencies of typical ways of achieving availability, integrity and confidentiality for paper-based and digital data. Importance of cryptography. Classification of threats, spontaneous threats and attacks. Environmental threats, human and technical failures. Attack sources, channels and methods, their' overview. Time: September 6th. Lecture PPT slides in English and in Estonian. 
  3. Vulnerabilities of Information Assets. Appliable Security Measues. Classification of vulnerabilities, their co-operability with threats. Types of differents classification of safeguards. Preventive, identifying and reconstructable safeguards, their’ sub-types. Organisational, physical and IT-related safegurds. Classification of safeguards in different standards. Time: September 13th. Lecture PPT slides in English and in Estonian. 
  4. Risk Management and its Methodics. Main goal of risk management. Four different  practical risk management methods – detailed risk analysis, baseline approach, mixed approach and informal approach. Their comparison. Quantitative and qualitative risk analysis, their presumptions and used methods. BSI and ISKE as a practical examples of risk management. Time: September 20th. Lecture PPT slides in English and in Estonian. 
  5. Traditional (Pre-Computer) Cryptography. Differencies between contemporary and classical cryptography. Traditional Crytography as a „hidden word“, i.e. as a tool for confidentiality. Substitution and permutation ciphers.  Most-of-spread ciphers (algoritms). End of classical cryptography and its reasons. Transition into contemporary cryptology. Time: September 27th. Lecture PPT slides in English and in Estonian. 
  6. Basics of Contemporary Cryptography. Main concepts, a role of a key in algorithms. Cryptography and cryptanalysis. Symmetric and  asymmetric cryptoalgorithms, cryptographic message digests, their’ usage. Exhaustive search, cryptoanalytic (breaking) methods.  Practical and theoretical security, a ways to achieve a practical security. Time: October 4th. Lecture PPT slides in English and in Estonian. 
  7. Symmetric Cryptoalgorithms. AES. Block and stream ciphers. Main indicators of a block cipher. Modes of a block cipher, cipher block chaining mode as the most-of-spread mode. Running block cipher as stream cipher, secure erasing. The story of AES its usage. Technical description of AES, possible attacks against AES. Realizations of AES. A hypotetical beaking machine. Time: October 11th. Lecture PPT slides in English and in Estonian. 
  8. Other Symmetric Cryptoalgorithms. IDEA. Skipjack. Blowfish. RC4. Their technical descriptions, practical usage, possible breaking (cryptanalytic) possibilities. DES as a retrospective view to history which gave us some classical concepts and structures. Properties of 3DES. Time: October 18th. Lecture PPT slides in English and in Estonian. 
  9. Asymmetric Cryptoalgorithms. RSA. Priciple of asymmetric and public-key encryption.  RSA. Mathematically generated keypair, one-way relation between public and private keys. Infeasible problems, introduction to computational complexity. Factorization and discrete logarithms as typical infeasible problems. Mathematical description of RSA, key generation and modular artitmetics. Cryptanalysis of RSA. Practical realisations, collaboration with symmetric algorithms. Time: October 25th. Lecture PPT slides in English and in Estonian. 
  10. Hash Functions. Cryptoprotocols, TLS. Theoretical background of hash functions, collisions, pseudo-collisions, one-way functions. SHA-1 and RIPEMD-160. SHA-2 and higher RIPEMD members for an enhanced security. Unsecure MD-family as a retrospectical view. MAC. Cryptographic protocols. TLS as a successor of SSL its description and usage. Necessity for certificates. Time: November 1st. Lecture PPT slides in English and in Estonian.
  11. Digital Signature, its Infrastructure and Usage in Estonia. Document, an evdentiary value of a document. Technical and legal digital signatures. The role of public-key algorithm, demands to both public and private key. Private key as a chip. Certificate, CAs, time-stamp authorities. Validity of approval, PKI. Estonian Digital Signature Act and digtial signature practices. Time: November 8th. Lecture PPT slides in English and in Estonian.
  12. Digital Signature as a Tool for Digital Record Management. Digital Archieving. Advantages and disadvantages of digital signature in comparison with handwritten signature and paper documents. Rrecommendations for main processes. Security aspects of digital record management. Original and copy of a document. Data carrier problem, data format problem and evidentiary value problem. Oversigning. Copies of digital and paper documents. Time: November 15th. Lecture PPT slides in English and in Estonian.
  13. Database Security. Network Security. Basics of relational database security. Intergrity versus accountability. Queue of hashes. Encrypting, a necessity to HSM. Firewall, secure remote access. VPN, cryptowalls. Time: November 22nd. Lecture PPT slides in English and in Estonian.
  14. Security Management (Organizational Security). Typical phases of security managament. Security policy, its’ structure and aim. Security forum and officer. Risk management process, basis for choosing different methods. Security plan. Securoity awareness programm. Follow-up activities. Time: November 29th. Lecture PPT slides in English and in Estonian.
  15. Legal Control of Data Security. Protecting of Personal Data. Estonian Public Information Act. Chief and autorized processors, their definitions. A legal database, State Information System, X-road. Protecting of personal data, corresponding European regulations.  Estonian national Personal Data Protection Act. Personal data, sensitive personal data. Principles of processing, regsitration process, mandatory safefguards. Comparison with ISKE. Time: December 6th. Lecture PPT slides in English and in Estonian.


The materials of the lecture course, held in autumn 2010 ara available at address http://www.itcollege.ee/~valdo/turve/2010/  (In Estonian).

Practices

·         Homework no 1

·         Materials (links) for October 18th

·         Materials (links) for October 25th

·         Materials (links) for November 1th

·         Homework no 2

·         Homework no 3 instead of practice 22nd of November

 

 

 

 

Grading and independent work

Independent work:

·         referative work, description is here (In Estonian) . Deadline - 14tk week

 

Grading: grade (mark ) will determine by the result of final test, 80 questions with multiple choices.

Final test is taken place in December 13th, 12pm in room 316.

Make sure you have made and marked all homework and referative work in order to pass the final test!

 

In order to access to the final test the independent work and practice works (will given  currently) must be done and passed (marked)

Contact

Valdo Praust
ph. +372 514 3262
email: mois@mois.ee