• Assignment 1: Cryptographic analysis task
• Assignment 2: System cybersecurity report
• Assignment 3: Podcast

• Blackboard
• Unconfirmed practical marks when available

This unit aims to:

• A1 provide the student with an understanding of fundamental security properties that we desire to maintain and why they are important and of the principal security mechanisms used to uphold these properties;
• A2 develop an understanding of important security strength criteria, an appreciation of the sources of confidence that are associated with specific security mechanisms, and the ability to calculate or otherwise determine the strength of specific mechanisms in their deployed context - We will address quantitative criteria (e.g. for cryptographic elements) and qualitative approaches (e.g. some formal methods for protocol proofs of correctness);
• A3 develop the analysis and synthesis skills necessary to identify important threats to systems under examination, evaluate the degree to which threats to systems are countered, and propose countermeasures or appropriate changes to countermeasures to achieve effective and efficient risk reduction;
• A4 enhance the communication and professional skills of the student;
• A5 familiarise the student with the contextual issues relevant to the topics taught - professional, legal, ethical, political etc.

By the end of the unit, a candidate will be able to:

• LO1 explain what the major system security properties are, why they are important, and what mechanisms are available to support them;
• LO2 describe security strength criteria for specific mechanisms, explain the rationale behind them, and determine the strength of specific mechanisms;
• LO3 analyse deployed mechanisms, identify weaknesses in them, and demonstrate how they can be exploited;
• LO4 choose suitable security requirements and mechanisms in a variety of system contexts and justify those choices;
• LO5 independently research material relevant to the module and communicate findings to a non-specialist audience
• LO6 articulate the contextual issues (professional, legal, ethical, political etc) that apply

Security properties and mechanisms

• Confidentiality, Integrity, Availability, Anonymity, Non-repudiation, Privacy etc.
• Identification and Authentication:
• Password systems, graphical passwords systems, biometrics, CAPTCHAs, etc
• Social engineering attacks.

Access Control: MAC and DAC etc.

Modern cryptography:

• Stream cipher basics. Divide and conquer correlation attacks.
• Block ciphers.
• Modes of encryption: Code Book, CFB, OFB, CBC.
• Attacks on cryptographic algorithms: linear cryptanalysis, differential cryptanalysis
• Public key algorithms.
• Cryptographic hash functions.
• Power, timing, attacks
• Brute force potential. The rise of compute power.
• The threat from quantum computing.
• Quantum key distribution protocols.

Security Protocols:

• What are security protocols?
• Uses in one-way and two-way authentication, key distribution, and the like.
• Proofs of claims: belief and knowledge approaches, model checking approaches,
• synthesis of provably correct protocols.

An ability to program in a commonly used language, e.g. Java or Python. 

Some very basic familiarity with probability. 

Optional modules within the school have limited capacity. We will always try to accommodate all students but cannot guarantee a place. 

• 10 hours of online materials. These content delivery elements will cover theoretical and practical aspects but also act as an index to referenced materials. All LOs except LO5. Detail provided by referenced materials.
• 8 hours (4 x 2 hours) practical sessions on cryptography related aspects. - This addresses LO1, LO2, LO3 and LO4. Students have to implement attacks and analyses which exposes strengths and weakness of mechanisms;
• 8 hours (4 x 2 hours) practical sessions on the non-cryptographic aspects. - This addresses LO1, LO2, LO3, LO4, LO6;
• 10 hours (5 x 2 hours) seminars/discussions - Addresses all LOs except LO5;
• 116 hours of independent study of supporting referenced materials. Wherever possible referenced materials will be freely available on the web. Students are expected to read around the subject. Independent study is an important component of the module. -Addresses all LOs.