COM6014 Fundamental Security Properties and Mechanisms
|| This wide-ranging module covers some fundamental concepts, properties, and mechanisms in security, e.g. identity, authentication, confidentiality,
privacy, anonymity, availability and integrity. Cryptographic algorithms are explored together with major attacks (using a break-understand-and-fix
approach). High level security protocols are explored (passwords, graphical passwords, key distribution and authentication protocols) together with
some rigorous mechanisms for reasoning about their correctness (e.g. belief logics). Other mechanisms such as biometric authentication are also
- Assignment 1: Cryptographic analysis task
- Assignment 2: System cybersecurity report
- Assignment 3: Podcast
|| Professor John Clark
This unit aims to:
- A1 provide the student with an understanding of fundamental security properties that we desire to maintain and why they are important
and of the principal security mechanisms used to uphold these properties;
- A2 develop an understanding of important security strength criteria, an appreciation of the sources of confidence that are associated with
specific security mechanisms, and the ability to calculate or otherwise determine the strength of specific mechanisms in their deployed
context - We will address quantitative criteria (e.g. for cryptographic elements) and qualitative approaches (e.g. some formal methods for protocol
proofs of correctness);
- A3 develop the analysis and synthesis skills necessary to identify important threats to systems under examination, evaluate the degree to
which threats to systems are countered, and propose countermeasures or appropriate changes to countermeasures to achieve effective and
efficient risk reduction;
- A4 enhance the communication and professional skills of the student;
- A5 familiarise the student with the contextual issues relevant to the topics taught - professional, legal, ethical, political etc.
By the end of the unit, a candidate will be able to:
- LO1 [A1] explain what the major system security properties are, why they are important, and what mechanisms are available to support them;
- LO2 [A2] describe security strength criteria for specific mechanisms, explain the rationale behind them, and determine the strength of specific mechanisms;
- LO3 [A3] analyse deployed mechanisms, identify weaknesses in them, and demonstrate how they can be exploited;
- LO4 [A3] choose suitable security requirements and mechanisms in a variety of system contexts and justify those choices;
- LO5 [A4] independently research material relevant to the module and communicate findings to a non-specialist audience
- LO6 [A5] articulate the contextual issues (professional, legal, ethical, political etc) that apply
Security properties and mechanisms
- Confidentiality, Integrity, Availability, Anonymity, Non-repudiation, Privacy etc.
- Identification and Authentication:
- Password systems, graphical passwords systems, biometrics, CAPTCHAs, etc
- Social engineering attacks.
Access Control: MAC and DAC etc.
- Stream cipher basics. Divide and conquer correlation attacks.
- Block ciphers.
- Modes of encryption: Code Book, CFB, OFB, CBC.
- Attacks on cryptographic algorithms: linear cryptanalysis, differential cryptanalysis
- Public key algorithms.
- Cryptographic hash functions.
- Power, timing, attacks
- Brute force potential. The rise of compute power.
- The threat from quantum computing.
- Quantum key distribution protocols.
- What are security protocols?
- Uses in one-way and two-way authentication, key distribution, and the like.
- Proofs of claims: belief and knowledge approaches, model checking approaches,
- synthesis of provably correct protocols.
- 10 hours of online materials. These content delivery elements will cover theoretical and practical aspects but also act as an index to
referenced materials. All LOs except LO5. Detail provided by referenced materials.
- 8 hours (4 x 2 hours) practical sessions on cryptography related aspects.
- This addresses LO1, LO2, LO3 and LO4. Students have to implement attacks and analyses which exposes strengths and weakness of
- 8 hours (4 x 2 hours) practical sessions on the non-cryptographic aspects.
- This addresses LO1, LO2, LO3, LO4, LO6;
- 10 hours (5 x 2 hours) seminars/discussions
- Addresses all LOs except LO5;
- 116 hours of independent study of supporting referenced materials. Wherever possible referenced materials will be freely available on
the web. Students are expected to read around the subject. Independent study is an important component of the module.
-Addresses all LOs.
||Blackboard quiz results will be immediate. Podcast assignments marked using published criteria, submission
commented and returned by Blackboard within 3 weeks. Formative feedback will be provided by:
a) online quizzes or multiple choice quizzes;
b) surgery hours by teaching staff;
c) verbal feedback in practical sessions.
||See module web pages. Almost all supporting materials should be available from the web.