Lecture Course "Data Security and
- Name: Data Security and
Cryptology (Andmeturve ja
- Location: Estonian IT College, autumn 2013
- Goal: To give a systematic overview of
contemporary data security and
cryptology, both from
theoretical and practical side.
Data security as a practical discipline will considered a little bit more
theoretically and cyrpotography as a deep theoretical discipline (and also
an important tool for data security) more practically
- Schedule (lectures): on Wednesdays between 12 and
2 pm, room 316
- Schedule (practices): on
Wednesdays since 2 pm, from 5th week
- Points: 5 ECTS
- Code: I378
- Grading: final test, 70 questions with
- Amount: 16 pairs of lectures, 12 pairs of
practices, 74 hours independent work description in Estonian
Lecture Materials (PPTs, both in English and Estonian)
Essense of Data Security. Data
security, it’s essence and importance in contemporary information systems
and in whole world. Availability,
integrity and confidentiality, its importance in different information
systems and in protection of IT assets. Standard model of security
harming. Economical side of data security. Practical solving of security problem. Time: September 4th. PPT slides of lectures. Echo
- Common Ways to Secure Digital Data.
Security Threats, Classification. Main differencies
of typical ways of achieving availability, integrity and confidentiality
for paper-based and digital data. Importance of cryptography.
Classification of threats, spontaneous threats and attacks. Environmental
threats, human and technical failures. Attack sources, channels and
methods, their' overview.
Time: September 11th. PPT slides of lectures. Echo
of Information Assets. Appliable Security Measues. Classification of vulnerabilities,
their co-operability with threats. Types of differents classification of
safeguards. Preventive, identifying and reconstructable safeguards, their’
sub-types. Organisational, physical and IT-related safegurds.
Classification of safeguards in different standards. Time: September 18th. PPT slides of lectures. Echo
Management and its Methodics. Main
goal of risk management. Four different
practical risk management methods – detailed risk analysis,
baseline approach, mixed approach and informal approach. Their comparison.
Quantitative and qualitative risk analysis, their presumptions and used
methods. BSI and ISKE as a practical examples of risk management. Time: September 25th. PPT slides of lectures. Echo
(Pre-Computer) Cryptography. Differencies
between contemporary and classical cryptography. Traditional Crytography
as a „hidden word“, i.e. as a tool for confidentiality. Substitution and
permutation ciphers. Most-of-spread
ciphers (algoritms). End of classical cryptography and its reasons.
Transition into contemporary cryptology. Time: October 2nd. PPT slides of lectures. Echo
of Contemporary Cryptography. Main
concepts, a role of a key in algorithms. Cryptography and cryptanalysis.
Symmetric and asymmetric
cryptoalgorithms, cryptographic message digests, their’ usage. Exhaustive
search, cryptoanalytic (breaking) methods.
Practical and theoretical security, a ways to achieve a practical
October 9th. PPT slides of lectures. Echo
Cryptoalgorithms. AES. Block
and stream ciphers. Main indicators of a block cipher. Modes of a block
cipher, cipher block chaining mode as the most-of-spread mode. Running
block cipher as stream cipher, secure erasing. The story of AES its usage.
Technical description of AES, possible attacks against AES. Realizations
of AES. A hypotetical beaking machine. Time: October 16th. PPT slides of lectures. Echo
Symmetric Cryptoalgorithms. IDEA.
Skipjack. Blowfish. RC4. Their technical descriptions, practical usage,
possible breaking (cryptanalytic) possibilities. DES as a retrospective
view to history which gave us some classical concepts and structures.
Properties of 3DES. Time: October 23th. PPT slides of lectures. Echo
Cryptoalgorithms. RSA. Priciple
of asymmetric and public-key encryption.
RSA. Mathematically generated keypair, one-way relation between
public and private keys. Infeasible problems, introduction to
computational complexity. Factorization and discrete logarithms as typical
infeasible problems. Mathematical description of RSA, key generation and
modular artitmetics. Cryptanalysis of RSA. Practical realisations,
collaboration with symmetric algorithms. Time: October 30th. PPT slides of lectures. Echo
Functions. Cryptoprotocols, TLS. Theoretical background of hash functions, collisions,
pseudo-collisions, one-way functions. SHA-1 and RIPEMD-160. SHA-2 and
higher RIPEMD members for an enhanced security. Unsecure MD-family as a
retrospectical view. MAC. Cryptographic protocols. TLS as a successor of
SSL its description and usage. Necessity for certificates. Time: November 6th. PPT slides of lectures. Echo
Signature, its Infrastructure and Usage in Estonia. Document, an evdentiary value of a
document. Technical and legal digital signatures. The role of public-key
algorithm, demands to both public and private key. Private key as a chip.
Certificate, CAs, time-stamp authorities. Validity of approval, PKI.
Estonian Digital Signature Act and digtial signature practices. Time: November 13th. PPT slides of lectures. Echo
Signature as a Tool for Digital Record Management. Digital Archieving. Advantages and disadvantages of digital
signature in comparison with handwritten signature and paper documents.
Rrecommendations for main processes. Security aspects of digital record
management. Original and copy of a document. Data carrier problem, data
format problem and evidentiary value problem. Oversigning. Copies of
digital and paper documents. Time: November 20th. PPT slides of lectures. Echo
Security. Network Security. Basics
of relational database security. Intergrity versus accountability. Queue
of hashes. Encrypting, a necessity to HSM. Firewall, secure remote access.
VPN, cryptowalls. Time:
November 27th. PPT slides of lectures. Echo
Management (Organizational Security). Typical phases of security managament. Security policy, its’
structure and aim. Security forum and officer. Risk management process,
basis for choosing different methods. Security plan. Securoity awareness
programm. Follow-up activities. Time: December 4th. PPT slides of lectures.
Control of Data Security. Protecting of Personal Data. Estonian Public Information Act. Chief
and autorized processors, their definitions. A legal database, State
Information System, X-road. Protecting of personal data, corresponding
European regulations. Estonian
national Personal Data Protection Act. Personal data, sensitive personal
data. Principles of processing, regsitration process, mandatory
safefguards. Comparison with ISKE.
The materials of the lecture
course, held in autumn 2012 ara available at address http://www.itcollege.ee/~valdo/turve/2012/ (in English). The materials of the lecture
course, held in autumn 2011 in Estonian are available at address http://www.itcollege.ee/~valdo/turve/2011/ .
Laboratory work materials and topics
>1st lab - German BSI baseline security standard IT Grundschutz. German
version 2009 (web version), English
version 2005 (PDF)
2nd lab - Estonian public
sector IT security standard ISKE
3rd lab - other general
(international) IT security standards - ITSEC, TCSEC, Common Criteria,
4th lab - password enthrophy (in
5th lab - symmetric cryptoalgorithm demos
6th lab - symmetric cryptoalgorithm demos
7th lab - hash algoritm
realization (homework no 2)
8th and 9th lab - digital signature and ID card with infrastructure
10th lab - secure authentication
>Referative work, description is here (In Estonian) . Deadline of referative work - 14tk week, Wednesday (day of lecture)
Homework no 1 (3rd lab)
Homework no 2 (7th lab)
Grading (exam / test)
grade (mark ) will be determined by the result of final test. Test constains 70
questions with multiple choices.
Test is taking place in December 18th 2pm, room 314.
NB! In order to access to the final
test the independent work and practice works (will given currently) must be
done and passed (marked)
ph. +372 514 3262