Department of Computer Science
University of Auckland
Private Bag 92019
Auckland, New Zealand
Many books cover DES encryption at the bit-flipping level, but here the author discusses multiple encryption protocols, weaknesses, applications, and other crypto security issues from a higher level. Since the slides are support material for a complete lecture course, a great deal of background context is not available from simply reading the slides. Some of the claims and comments should be viewed in the context of a complete instructor-led course. Approximately 150 images accompany the slides which cannot be distributed for copyright reasons.
Security threats and requirements, services and mechanisms, historical ciphers, cipher machines, stream ciphers, RC4, block ciphers, DES, breaking DES, brute-force attacks, other block ciphers (triple DES, RC2, IDEA, Blowfish, CAST-128, Skipjack, GOST, AES), block cipher encryption modes, public-key encryption (RSA, DH, Elgamal, DSA), elliptic curve algorithms, hash and MAC algorithms (MD2, MD4, MD5, SHA-1, RIPEMD-160, the HMAC's).
Key management, key distribution, the certification process, X.500 and X.500 naming, certification hierarchies, X.500 directories and LDAP, the PGP web of trust, certificate revocation, X.509 certificate structure and extensions, certificate profiles, setting up and running a CA, CA policies, RA's, timestamping, PGP certificates, SPKI, digital signature legislation.
IPSEC, ISAKMP, Oakley, Photuris, SKIP, ISAKMP/Oakley, SSL, non-US strong SSL, SGC, TLS, S-HTTP, SSH, SNMP security, email security mechanisms, PEM, the PEM CA model, PGP, PGP keys and the PGP trust model, MOSS, PGP/MIME, S/MIME and CMS, MSP.
User authentication, Unix password encryption, LANMAN and NT domain authentication and how to break it, Netware 3.x and 4.x authentication, Kerberos 4 and 5, Kerberos-like systems (KryptoKnight, SESAME, DCE), authentication tokens, SecurID, S/Key, OPIE, PPP PAP/CHAP, PAP variants (SPAP, ARAP, MSCHAP), RADIUS, TACACS/XTACACS/TACACS+, ANSI X9.26, FIPS 196, biometrics, PAM.
Electronic payment mechanisms, Internet transactions, payment systems (Netcash, Cybercash, book entry systems in general), Digicash, SET, the SET CA model.
Why security is hard to get right, buffer overflows, protecting data in memory, storage sanitization, data recovery techniques, random number generation, TEMPEST, snake oil crypto, selling security.
Smart cards, smart card file structures, card commands, electronic purse standards, attacks on smart cards, voice encryption, GSM security and how to break it, traffic analysis, anonymity, mixes, onion routing, mixmaster, crowds, steganography, watermarking, misc. crypto applications (hashcash, PGP Moose).
History of crypto politics, digital telephony, Clipper, Fortezza and Skipjack, post-Clipper crypto
politics, US export controls, effects of export controls, legal challenges, French and Russian controls,
non-US controls (Wassenaar), Menwith Hill, Echelon, blind signal demodulation, Echelon and export
controls, Cloud Cover, UK DTI proposals, various GAK issues.
