MTU Courses - CYBR9004 - Cryptography and Protocols

Module Details

Module Code:	CYBR9004
Title:	Cryptography and Protocols
Long Title:	Cryptography and Protocols
NFQ Level:	Expert
Valid From:	Semester 1 - 2022/23 ( September 2022 )

Duration:	1 Semester

Credits:	5

Field of Study:	4817 - Cyber Skills

Module Delivered in:	1 programme(s)

Module Description:

Cryptography is integral to our online world and information systems. It is essential that when building these systems we understand the significance of the cryptographic applications we use. In this module the student will learn the fundamentals of cryptography and its application in security protocols. These protocols allow systems to achieve information security, privacy and trust. Students will learn the mathematics and cryptographic tools to analyse and understand the strengths and shortcomings of such security protocols and will develop an understanding of how to improve insecure systems. This module was developed under the CyberSkills HCI Pillar 3 Project. Please refer to consortium agreement for ownership.

Learning Outcomes
On successful completion of this module the learner will be able to:
#	Learning Outcome Description
LO1	Apply mathematical concepts (number theory, geometry and group theory) to understand the working and capabilities of symmetric cryptography, public key cryptography, digital signatures and hash functions.
LO2	Critically evaluate and enable real-world implementations of symmetric cryptography, public key cryptography, digital signatures and hash functions.
LO3	Develop security protocols which leverage cryptographic techniques to achieve confidentiality, authentication and key exchange.
LO4	Analyse future cryptographic needs and applications of cryptography to achieve system security.
LO5	Evaluate technical and research papers which will aid continuous learning and students' ability to stay up to date with best practice in the field.

Dependencies
Module Recommendations This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named MTU module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).

Incompatible Modules These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list.
No incompatible modules listed
Co-requisite Modules
No Co-requisite modules listed
Requirements This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
No requirements listed

Indicative Content
Introduction to cryptography What are the key security objectives? What are the attacks? What protections do we expect? Introduce the three fundamental building blocks in cryptography: symmetric cryptography, public-key cryptography and hash functions. Cover the notation used in cryptography.
Symmetric cryptography Types of symmetric cryptography; stream ciphers, block ciphers. Begin with the core fundamentals of the technology and then implement and evaluate real implementations. E.g. 3DES, AES modes, Blowfish, etc.
Public-key cryptography Begin with the number theory, primes and factorization knowledge students need to understand Diffie-Hellman and RSA. Real-world implementations of both will then be studied. Elliptic curve cryptography and post-quantum solutions will also be examined. PKIs.
Hash functions and Digital Signatures Hashing and salting techniques. Hash functions such as MD5, SHA, RIPEMD. Signature schemes with appendix, with recovery and with hash and redundancy functions.
Security protocols Protocol notation. With a focus on the underlying cryptography, protocols for confidentiality, authentication and key establishment will be analysed (Kerberos, NSPK, NSSK, X.509, PGP, IPSec, ZKP). Focused on examples and exercises designed to develop student's ability to self-research and critically examine new technologies and developments.

Assessment Breakdown	%
Module Content & Assessment
Coursework	100.00%

Assessments

Coursework

Assessment Type	Short Answer Questions	% of Total Mark	50
Timing	Week 9	Learning Outcomes	1,2,3
Assessment Description Students will be asked to regularly complete questions, labs, tasks and MCQs as part of the course work. Students will submit this work for assessment in Week 9.

Assessment Type	Project	% of Total Mark	50
Timing	Sem End	Learning Outcomes	1,2,3,4,5
Assessment Description Students will submit a project that studies an information system. Students will discuss the cryptography and protocols that should be imbedded in that system to make it secure. Students should reference the strengths and weaknesses of the chosen implementation.

No End of Module Formal Examination

Reassessment Requirement
Coursework Only This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.

The University reserves the right to alter the nature and timings of assessment

Module Workload

Workload: Full Time
Workload Type	Contact Type	Workload Description	Frequency	Average Weekly Learner Workload	Hours
Lecture	Contact	Lectures covering the theoretical concepts underpinning the learning outcomes.	Every Week	2.00	2
Lab	Contact	Lab to support the learning outcomes.	Every Week	2.00	2
Independent & Directed Learning (Non-contact)	Non Contact	Independent learning by the student.	Every Week	3.00	3
Total Hours					7.00
Total Weekly Learner Workload					7.00
Total Weekly Contact Hours					4.00

Workload: Part Time
Workload Type	Contact Type	Workload Description	Frequency	Average Weekly Learner Workload	Hours
Lecture	Contact	Lectures covering the theoretical concepts underpinning the learning outcomes.	Every Week	2.00	2
Lab	Contact	Lab to support the learning outcomes.	Every Week	2.00	2
Independent & Directed Learning (Non-contact)	Non Contact	Independent learning by the student.	Every Week	3.00	3
Total Hours					7.00
Total Weekly Learner Workload					7.00
Total Weekly Contact Hours					4.00

Recommended Book Resources
Module Resources
Niels Ferguson, Bruce Schneier, Tadayoshi Kohno. (2011), Cryptography engineering: design principles and practical applications, Wiley, [ISBN: 9780470474242].
Supplementary Book Resources
Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. (1996), Handbook of Applied Cryptography, CRC Press, Inc., [ISBN: 0-8493-8523-7]. Dan Boneh and Victor Shoup. (2020), A Graduate Course in Applied Cryptography, Stanford University. Manning Publications. Real World Cryptography.
Recommended Article/Paper Resources
Gavin Lowe. (1995), An attack on the needham-schroeder public-key authentication protocol, Information processing letters, 56(3).
Supplementary Article/Paper Resources
Nadia Heninger, Zakir Durumeric, Eric Wustrow and J. Alex Halderman. (2012), Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices, USENIX Security Symposium, https://www.usenix.org/system/files/conf erence/usenixsecurity12/sec12-final228.p df NIST. (2017), SP 800-63 Digital Identity Guidelines, https://pages.nist.gov/800-63-3/
Other Resources
Website, Naked security. Serious Security: What 2000 years of cryptography can teach us, https://nakedsecurity.sophos.com/2019/01 /20/serious-security-what-2000-years-of- cryptography-can-teach-us/ Website, Have I Been Pwned, https://haveibeenpwned.com/Passwords Website, Schneier on Security, https://www.schneier.com/

Programme Code	Programme	Semester	Delivery
Module Delivered in
CR_KSSAR_9	Certificate in Secure Systems Architecture	1	Mandatory