============================================================

Welcome to CSS441
by Steven Gordon - Thursday, 14 January 2016, 6:30 PM

To learn about CSS441 Security and Cryptography you should read the course website, especially overview, assessment criteria and extra resources. Make sure you can find links to textbooks, the videos of lectures and other resources on each topic. Also check that you can login to Moodle (same password as last semester).

In Monday's lecture we introduced the Caesar cipher and mentioned frequency analysis attack on Caesar and a mono-alphabetic cipher. Examples of frequency analysis attacks are very time consuming to do in class. Therefore I have written up a detailed example at:

https://sandilands.info/sgordon/classical-ciphers-frequency-analysis-examples

Please read to understand how a cipher with 26! (or about 100,000,000,000,000,000,000,000,000) keys can easily be broken in a few minutes by hand.

Next Monday we will continue on classical encryption techniques.

Steve

============================================================

Quiz 2 on Block Ciphers
by Steven Gordon - Tuesday, 26 January 2016, 9:29 AM

Quiz 2 is available on Moodle, however it requires a little bit of self study before you attempt it.

Three of the questions are on the modes of operation - ECB, CBC and CTR. Since we only briefly introduced these in the lecture, I recommend you review their operation in the lecture notes and practice encrypting some plaintext with each before attempting the quiz. The quiz uses a fake 5 bit block cipher which you can view here:

http://ict.siit.tu.ac.th/~sgordon/reports/block-cipher-example-1.pdf

It is a lookup table. E.g. if you encrypt plaintext 00000 with key 101, then the ciphertext is 10011. The same lookup table is used in each question in the quiz. A good way to practice is to select 10 bits of plaintext and a key, encrypt with a mode (e.g. CBC), then take the ciphertext and decrypt (if you end up with the original plaintext you probably understand).

Finally, having a printout of the 5 bit block cipher in front of you, as well as pen and paper while attempting the quiz may help.

The quiz does not contain questions that require S-DES encryption. However you still should understand the S-DES operations, including the inverse initial permutation.

Steve

============================================================

Homework 2
by Steven Gordon - Thursday, 4 February 2016, 5:27 PM

Homework 2 is available on Moodle, and it is assessed. You have until end of next week (12 Feb) to complete it.

http://ict.siit.tu.ac.th/moodle/mod/assign/view.php?id=1152

In security we must pay careful attention to details. A small spelling mistake may sometimes result in total failure of the system security. Similar in this homework: You will need to submit two files, with a very specific file names and formats. As I will use software to mark your submissions, using the wrong file name or failure to follow the format may result in penalties.

Also, don't forget to try the practice lesson on Statistics for Security:

http://ict.siit.tu.ac.th/moodle/mod/quiz/view.php?id=1132

Steve

============================================================

Quiz 3 Results
by Steven Gordon - Thursday, 11 February 2016, 10:09 AM

You can see results and scanned copy of your quiz in the Quiz 3 feedback on Moodle. You can also compare your answers to the correct answers to see where you went wrong. Remember, the username/password for PDFs is: siit and ictcpeit

http://ict.siit.tu.ac.th/moodle/mod/assign/view.php?id=1159

A reminder to complete Homework 2 before 4pm tomorrow (Friday).

Tomorrow morning I will put the new lecture handouts, including Number Theory, in the Copy Centre.

Steve

============================================================

Quiz 4 and Quiz 5
by Steven Gordon - Wednesday, 17 February 2016, 2:11 PM

Since we don't have a lecture next week, lets have TWO quizzes instead. Quiz 4 is practice on number theory basics - I suggest you try to answer them without a calculator. Quiz 5 is two RSA calculations - you may need a calculator. Both quizzes are due 5pm Thursday 25 Feb and allow for 3 attempts. Use them as practice for the exam. I will announce some hints about the exam next week.

Steve

============================================================

Midterm Exam
by Steven Gordon - Tuesday, 23 February 2016, 6:38 PM
 
Hints for the midterm are on Moodle at:

http://ict.siit.tu.ac.th/moodle/mod/page/view.php?id=1171

Note that I will not be in my office next week. So if you have any questions about the exam, please contact me via email.

A reminder to also complete quiz 4 and 5 before 5pm this Thursday.

Steve

============================================================

Re: Midterm Exam
by Steven Gordon - Sunday, 13 March 2016, 10:44 AM
 
Midterm exam answers and scores are now available via Moodle:

http://ict.siit.tu.ac.th/moodle/mod/page/view.php?id=1171

See you at the lecture tomorrow.

Steve

============================================================

Homework 3
by Steven Gordon - Tuesday, 15 March 2016, 6:06 PM
 
The next homework allows you to gain experience in using software (OpenSSL) to generate and use RSA and Diffie-Hellman public key crypto. You also will learn about a performance optimization for RSA.

The homework involves you performing some operations, mainly using OpenSSL, and exchanging a secret with me. To automate the secret exchange, you must upload/download files from the IT server. Note the IT server is not the same as the ICT server - its address is it.siit.tu.ac.th

Most of you have accounts on the IT server (you may have used them in the past with Dr Cholwich). Your username is "u" followed by your ID (same as Moodle) and your password is probably the same as for Moodle (unless you changed it recently). For a few students that didn't have accounts, in the last 30 minutes I sent you an email with your username and password.

To use OpenSSL I suggest you use Linux (or OSX). One (maybe the easiest) option is to login to the IT server and run OpenSSL there. Another option is to use a computer in the Network Lab or Mac Lab. Or install Ubuntu Linux in a virtual machine on your own computer.

Read the instructions carefully and get started as early as possible:

http://ict.siit.tu.ac.th/moodle/mod/assign/view.php?id=1174

Steve

============================================================

Re: Homework 3
by Steven Gordon - Friday, 18 March 2016, 6:46 PM

Question from student:

I am Confusing about Diffie Hellman private and public key generation. With this command in terminal

openssl genpkey -paramfile dhp.pem -out dhkey1.pem

Do we create both private/public key(dhkey1.pem) ? But the question in homework ask us to generate only private key. So does the key above consider private ?

Answer from Steve:

In practice, with public key cryptography when a user generates their public/private key pair, it is often saved in a single file and referred to as the "private key" file. That is because a user should always store both their private key and their public key, and it is convenient to store them both in a single file (as opposed to a separate file for each). Therefore the above "genpkey" command creates dhkey1.pem, a file containing both a private and public key. That file is what i meant in the assignment instructions of your private key. So yes, the file dhkey1.pem is considered your private key.

Of course in public key crypto you also need to share your public key only with others (never given someone your private key!). So we use another command to extract the public key from your private key file dhkey1.pem and save it in a new file, e.g. dhpub1.pem. The command to extract the public key is in the instructions for Diffie-Hellman.

Note that is similar for RSA. We generate a file that contains both private and public key (often call you private key file), and then extract your public key from that file and save it in a new file.

General comments on homework:

Several students have already exchanged keys with me, so it seems as though the IT server is working ok for the key exchange. Some students couldn't log in, so I sent them a new password. If you have any problems with the IT server, please contact me.

Steve

============================================================

Re: Homework 3
by Steven Gordon - Sunday, 27 March 2016, 9:35 AM
 
Homework 3 scores are available on Moodle in your Grades. You will see some brief comments in the Feedback column:

http://ict.siit.tu.ac.th/moodle/grade/report/user/index.php?id=31

If you had the private key values correct (manual-private) you received 4 marks, the decrypted values (manual-decrypt) 4 marks, and submitted a correct RSA public key then 2 marks. Total of 10.

If you didn't receive the full 10 marks, then you will see a brief explanation in the Feedback column. If your private or decrypt values were wrong then you can see the difference between your submitted values and my expected values in the corresponding "comments" file at:

http://ict.siit.tu.ac.th/~sgordon/css441y15s2/hw3/

Don't forget to keep your RSA private key secure.

See you at the lecture tomorrow morning.

Steve

============================================================

Quiz 7
by Steven Gordon - Tuesday, 19 April 2016, 5:42 PM
 
Try quiz 7 on key management before the next lecture:

http://ict.siit.tu.ac.th/moodle/mod/quiz/view.php?id=1196

Steve

============================================================

Quiz 8
by Steven Gordon - Thursday, 28 April 2016, 2:36 PM
 
The final assessment item before the exam is Quiz 8, due by 5pm Wednesday next week.

http://ict.siit.tu.ac.th/moodle/mod/quiz/view.php?id=1202

It is a normal lecture on Monday morning - we will cover one last example of Internet security: SSH.

Steve

============================================================

Final Exam Hints
by Steven Gordon - Sunday, 8 May 2016, 11:35 AM
 
Hints for Security and Crypto final exam are now available on Moodle.

Good luck!

Steve

============================================================

Re: Final Exam Hints
by Steven Gordon - Friday, 20 May 2016, 9:09 PM
 
Final exam scores (as well as answers) are now available on Moodle. Please check your exam score, and also your total scores (quizzes, homework, midterm, final). If there are any problems with your score calculation let me know asap. If you want to see your exam, come to see me on Monday 23 May. I haven't calculated grades yet, so don't ask about them.

Steve