COMPUTER SECURITY AND DATA PROTECTIONAcademic Year 2020/2021 - 2° Year - Curriculum Data for sciences
Credit Value: 6
Scientific field: INF/01 - Informatica
Taught classes: 40 hours
Term / Semester: 1°
Nowadays data controllers must design information systems that provide the highest possible privacy guarantees. A fundamental enabler to achieve this is cryptography.
This class is intended to provide an introduction to the main concepts of modern cryptography and their usage to protect data e build secure systems. The main focus will be on constructions of various building blocks, such as encryption schemes, message authentication codes and digital signatures. We will try to understand what properties we expect from these objects, how to define these properties and how to construct schemes that realize them. We will also focus on schemes that are widely used in practice. These include, for instance, AES, SHA, HMAC and RSA. However, rather than using these tools as black box, we will show how they are built and the security level they provide. No programming will be required for this class.
The goals of this course, in terms of expected results, are
- Knowledge and understanding (Conoscenza e capacità di comprensione). Students will learn the fundamental ideas and principles underlying modern cryptography and modern secure systems.
- Applying knowledge and understanding (Capacità di applicare conoscenza e comprensione). On completion, the student will be able to securely use cryptographic tools like encryption schema and digital signatures and to understand their exact role in secure systems.
- Making judgements (Autonomia di giudizio). By studying concrete examples and common mistakes students will learn how to use solutions that providee high security guarantees.
- Communication skills (Abilità comunicative). On completion, students will acquire communication skills that will allow them to fluently communicate using the technical language of computer security.
- Learning skills (Capacità di apprendimento). On completion, students will acquire methodologies that will allow them to securely deal with problems that require the usage of secure solutions.
Lecture based (via slides).
Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce changes with respect to previous statements, in line with the programme planned and outlined in the syllabus.
Basics of Discrete math
Basics of Algorithms
Attendance of Lessons
Not mandatory but strongly suggested
Detailed Course Content
Introduction to the main ideas of this class.
Source: Cap 1 from 
A look back: Classical Ciphers and One Time Pad. Shift cipher and substitution cipher. Cryptanalysis of the substitution cipher. Perfect Security. The substitution cipher does not guarantee perfect security. One time pad. One time pad provides perfect perfect security.
Source: Cap 2 from 
Block Ciphers – AES The blockcipher Rijndael. Pseudorandom functions and relations to block ciphers. AES in practice. Birthday Paradox.
Source: Cap 3,4 from 
Symmetric encryption: Modes of operation. ECB, CBC$, CTRC and CTR$. Security notions for
Source: Cap 5 from 
Integrity and Hash functions. Collision resistant hash functions. Generic attacks to collision resistance. SHA3.
Source: Cap 6 from 
Message Authentication. Notion of security for MACs. The PRF as a MAC paradigm. CBC-MAC. HMAC.
Source: Cap 7 from 
Intro to asymmetric cryptography. One way functions and Trapdoor (one-way) functions. Number theory basics. Discrete logarithms. Computation Diffie Hellman problem and Key Exchange. Factoring and RSA.
Source: Cap 9, 10 from , relevant parts from 
Asymmetric encryption. Notions of security for asymmetric cryptosystems. The El-Gamal encryption scheme. Homomorphic Encryption (basics). RSA-OAEP.
Source: Cap 11 from  and slides
Digital Signatures. A notion of security for digital signatures. The Hash then invert paradigm for digital signatures. Digital Signatures in practice.
Source: Cap 12 from .
Bonus Application: Bitcoin
Source: Slides and Chapter 2 of 
 M. Bellare, P. Rogaway “Introduction to Modern Cryptography” Scaricabile da http://www.cs.ucsd.edu/~mihir/cse107/classnotes.html
 V. Shoup A Computational Introduction to Number Theory and Algebra Scaricabile da http://shoup.net/ntb/
 J. Katz, Y. Lindell “Introduction to Modern Cryptography” CRC press
 A. Miller, A. Narayanan, E. Felten, J. Bonneau, and S. Goldfeder “Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction”. Princeton University Press.
|1||Some classical ciphers and their cryptanalysis. Perfect Security and One time pad.||Cap 2 from |
|2||Block Cipher and AES||Cap 3,4 from |
|3||Symmetric Encryption||Cap 5 from |
|4||Integrity and Hash Functions||Cap 6 from |
|5||Message Authentication||Cap 7 from |
|6||Intro to Asymmetric Cryptography. One way Functions and Trapdoor Functions. Discrete Logarithms, Factoring and RSA.||Cap 9, 10 from , relevant parts from |
|7||Asymmetric encryption. The El-Gamal encryption scheme. Homomorphic Encryption (basics). RSA-OAEP.||Cap 11 from  and slides|
|8||Bitcoin. How Bitcoin achieves decentralization. Proof of Work.||Cap 2 from |
Learning Assessment Procedures
The exam consists in a written test followed by an oral exam. The written test typically consists in 5 (open) questions.
To pass the written part one should get a minimum of 18.
Midterms: There might be the possibility of a midterm exam followed by a final exam. The midterm covers the part on asymmetric encryption whereas the final will be on PK cryptaography and Bitcoin.
Learning assessment may also be carried out on line, should the conditions require it.
Examples of frequently asked questions and / or exercises
- Exercises on the crypto primitives (example: show that a given encryption scheme is not secure by providing an attack)
- Algorithms (ex: presenta and explain some of the algorithms studied in class)