This course presents an in-depth study of cryptography and its applications to information and computer security. Privacy and security are central to our emerging “information society”, and cryptography is a key technology for achieving them; it is also a fascinating field of study in its own right.
Cryptography lies at the center of this course, but we will be approaching the subject broadly. On the one end, we’ll look at problems of computer and information security and see how cryptographic tools can be used to solve them. We’ll also touch on some social issues surrounding the use of cryptography. At the other end, we’ll explore the mathematical structures from which cryptographic primitives are built, and learn how to use some of these techniques in real-world scenarios.
The course says ‘Computer Security and Privacy’ - what is all this nonsense about ‘information security’?
Information security, broadly defined, involves controlling the dissemination of information. It includes issues of privacy, data integrity, authenticity, and authority. Because of the ease with which information can be copied and transmitted, traditional physical means of control are of limited efficacy. Cryptography gives a way to build logical controls on the flow of information that are largely independent of the physical properties of the devices used to transmit and store information. In addition to this, while we may rely on cryptography for access control and protection of sensitive data, computer security also includes topics such as physical security, access restrictions, activity monitoring, and control of software defects that go way beyond what will be covered in this course.
Mathematical tools for cryptography; a survey of such symmetric and public key cryptographic techniques as DES, RSA, and zero-knowledge proofs, and their application to problems of maintaining privacy and security in computer networks (such as digital signatures and key management). We will also look at some aspects of network security such as user authentication, SSL, etc.
There will be a focus on technology, with consideration of such societal issues as balancing individual privacy concerns against the needs of law enforcement, vulnerability of societal institutions to electronic attack, export regulations and international competitiveness, and development of secure information systems.
In addition to two 90-minute lectures each week, we will also hold a number of extra sessions throughout the semester for tests and review. Overall, you will probably spend 10 hours per week on this course.