Lecture Course "Data Security and
Cryptology"
General Information
- Name: Data Security and
Cryptology (Andmeturve ja
krüptoloogia)
- Location: Estonian IT College, autumn 2010
- Goal: To give a systematic overview of
contemporary data security and
cryptology, both from
theoretical and practical side.
Data security as a practical discipline will considered a little bit more
theoretically and cyrpotography as a deep theoretical discipline (and also
an important tool for data security) more practically
- Schedule (lectures): on Tuesdays between 12 and 2
pm, room 316
- Schedule (practices): on
Tuesdays since 2 pm, from 5th week
- Points: 3,0
- Code: I378
- Grading: final test, 80 questions with
multiple choices
- Amount: 16 pairs of lectures, 12 pairs of
practices, 64 hours independent work description in Estonian
This is the first year to keep the course in
English - previous 9
years it was kept in Estonian.
Lecture Materials (PPTs, both in English and Estonian)
- Introduction.
Essense of Data Security. Data
security, it’s essence and importance in contemporary information systems
and in whole world. Availability,
integrity and confidentiality, its importance in different information
systems and in protection of IT assets. Standard model of security
harming. Economical side of data security. Practical solving of security problem. Time: August 31st. Lecture PPT slides
in
English and in
Estonian.
- Common Ways to Secure Digital Data.
Security Threats, Classification. Main differencies
of typical ways of achieving availability, integrity and confidentiality
for paper-based and digital data. Importance of cryptography.
Classification of threats, spontaneous threats and attacks. Environmental
threats, human and technical failures. Attack sources, channels and
methods, their' overview. Time: September 6th. Lecture PPT slides in
English and in
Estonian.
- Vulnerabilities
of Information Assets. Appliable Security Measues. Classification of vulnerabilities,
their co-operability with threats. Types of differents classification of
safeguards. Preventive, identifying and reconstructable safeguards, their’
sub-types. Organisational, physical and IT-related safegurds.
Classification of safeguards in different standards. Time: September 13th. Lecture PPT
slides in
English and in
Estonian.
- Risk
Management and its Methodics. Main
goal of risk management. Four different
practical risk management methods – detailed risk analysis,
baseline approach, mixed approach and informal approach. Their comparison.
Quantitative and qualitative risk analysis, their presumptions and used
methods. BSI and ISKE as a practical examples of risk management. Time: September 20th. Lecture PPT
slides in
English and in
Estonian.
- Traditional
(Pre-Computer) Cryptography. Differencies
between contemporary and classical cryptography. Traditional Crytography
as a „hidden word“, i.e. as a tool for confidentiality. Substitution and
permutation ciphers. Most-of-spread
ciphers (algoritms). End of classical cryptography and its reasons.
Transition into contemporary cryptology. Time: September 27th. Lecture PPT slides in
English and in
Estonian.
- Basics
of Contemporary Cryptography. Main
concepts, a role of a key in algorithms. Cryptography and cryptanalysis.
Symmetric and asymmetric
cryptoalgorithms, cryptographic message digests, their’ usage. Exhaustive
search, cryptoanalytic (breaking) methods.
Practical and theoretical security, a ways to achieve a practical
security. Time:
October 4th. Lecture PPT slides in
English and in
Estonian.
- Symmetric
Cryptoalgorithms. AES. Block
and stream ciphers. Main indicators of a block cipher. Modes of a block
cipher, cipher block chaining mode as the most-of-spread mode. Running
block cipher as stream cipher, secure erasing. The story of AES its usage.
Technical description of AES, possible attacks against AES. Realizations of
AES. A hypotetical beaking machine. Time: October 11th. Lecture PPT slides in
English and in
Estonian.
- Other
Symmetric Cryptoalgorithms. IDEA.
Skipjack. Blowfish. RC4. Their technical descriptions, practical usage,
possible breaking (cryptanalytic) possibilities. DES as a retrospective
view to history which gave us some classical concepts and structures.
Properties of 3DES. Time:
October 18th. Lecture PPT slides in
English and in
Estonian.
- Asymmetric
Cryptoalgorithms. RSA. Priciple
of asymmetric and public-key encryption.
RSA. Mathematically generated keypair, one-way relation between
public and private keys. Infeasible problems, introduction to
computational complexity. Factorization and discrete logarithms as typical
infeasible problems. Mathematical description of RSA, key generation and
modular artitmetics. Cryptanalysis of RSA. Practical realisations,
collaboration with symmetric algorithms. Time: October 25th. Lecture PPT slides in
English and in
Estonian.
- Hash
Functions. Cryptoprotocols, TLS. Theoretical background of hash functions, collisions,
pseudo-collisions, one-way functions. SHA-1 and RIPEMD-160. SHA-2 and
higher RIPEMD members for an enhanced security. Unsecure MD-family as a
retrospectical view. MAC. Cryptographic protocols. TLS as a successor of
SSL its description and usage. Necessity for certificates. Time: November 1st. Lecture PPT slides
in
English and in
Estonian.
- Digital
Signature, its Infrastructure and Usage in Estonia. Document, an evdentiary value of a
document. Technical and legal digital signatures. The role of public-key
algorithm, demands to both public and private key. Private key as a chip.
Certificate, CAs, time-stamp authorities. Validity of approval, PKI.
Estonian Digital Signature Act and digtial signature practices. Time: November 8th. Lecture PPT
slides in
English and in
Estonian.
- Digital
Signature as a Tool for Digital Record Management. Digital Archieving. Advantages and disadvantages of digital
signature in comparison with handwritten signature and paper documents.
Rrecommendations for main processes. Security aspects of digital record
management. Original and copy of a document. Data carrier problem, data
format problem and evidentiary value problem. Oversigning. Copies of
digital and paper documents. Time: November 15th. Lecture PPT slides in English
and in
Estonian.
- Database
Security. Network Security. Basics
of relational database security. Intergrity versus accountability. Queue of
hashes. Encrypting, a necessity to HSM. Firewall, secure remote access.
VPN, cryptowalls. Time:
November 22nd. Lecture PPT slides in
English and in
Estonian.
- Security
Management (Organizational Security). Typical phases of security managament. Security policy, its’
structure and aim. Security forum and officer. Risk management process,
basis for choosing different methods. Security plan. Securoity awareness
programm. Follow-up activities. Time: November 29th. Lecture PPT slides in
English and in
Estonian.
- Legal
Control of Data Security. Protecting of Personal Data. Estonian Public Information Act. Chief
and autorized processors, their definitions. A legal database, State
Information System, X-road. Protecting of personal data, corresponding
European regulations. Estonian
national Personal Data Protection Act. Personal data, sensitive personal
data. Principles of processing, regsitration process, mandatory
safefguards. Comparison with ISKE. Time: December 6th. Lecture PPT slides in
English and in
Estonian.
The materials of the lecture
course, held in autumn 2010 ara available at address http://www.itcollege.ee/~valdo/turve/2010/
(In Estonian).
Practices
·
>Homework no 1
·
Materials (links) for October 18th
·
Materials (links) for October 25th
·
Materials (links) for November 1th
·
Homework no 2
·
Homework no 3 instead of practice 22nd of
November
Grading and independent work
>Independent work:
·
referative work, description is
here (In Estonian) . Deadline - 14tk week
Grading: grade (mark ) will
determine by the result of final test, 80 questions with multiple choices.
Final
test is taken place in December 13th, 12pm in room 316.
Make sure you have made
and marked all homework and referative work in order to pass the final test!
In order to access to the
final test the independent work and practice works (will given currently) must be done and passed (marked)
Contact
Valdo Praust
ph. +372 514 3262
email: mois@mois.ee