UCLA Extension

Practical Cryptography for Computer and Network Security

A massively networked world promises several revolutionary advances, including global commerce and trade (thus leading to an unprecedented economic growth), and real-time monitoring and control of multiple and simultaneous global events and actions (thus leading to unparalleled advances in national defense and health care delivery). The recent Internet-bubble burst notwithstanding, we are ever more dependent on our information and computing infrastructure for our everyday private, commercial, societal, and national defense activities; and if the recent growth and advances in various sectors are to be sustained, then this dependence is bound to grow even more rapidly.

Complete Details

This seemingly direct route to an ever-more networked world, however, has turned out to be a much more complex task and is faced with a number of challenges undermining its promise. An overwhelming concern is the vulnerability of the infrastructure and resources to deliberate attacks which, if not properly handled, could disable basic services and pose a national security threat. Equally threatening, to some, is the specter of the anonymity and security afforded by the network being exploited by potential terrorists to organize and plan attacks. Then, there is the issue of protection of “intellectual property,” as exemplified by the peer-to-peer sharing of digital movies and music. While many of these problems can be solved using hard science (e.g., cryptography), many more are caused by the co-existence of often-conflicting but equally desired services and features, thus requiring the art of engineering design and managerial decisions.

This course introduces both the science of cryptography and the various design and practical principles involved in the security of computer networks and infrastructure, wireless systems, business transactions, and protection of intellectual property.

The course features hands-on experience with encryption software built into Web browsers, and dedicated applications, such as PGP, GnuPG, and SSL, are discussed.

No specific mathematics background is required, and instruction covers the basic analytical material and principles in general terms with the help of software tools. Rigorous and up-to-date material on cryptography is available for advanced participants and can be discussed on request.

Topics

  • Secret key and public key cryptography: an introduction to secret key systems, such as DES and AES; the analytical framework for public-key schemes, such as RSA and El-Gamal; public-key encryption, digital signatures, and certificates; and cryptanalysis.
  • How to ensure security of computer and communication networks? What are some of the threats? Viruses and worms–how do they infest? How to identify and protect against denial-of-service and other attacks?
  • Protocols for e-commerce and secure transactions: protocols for authenticating content/messages, digital cash, smart cards, digital signatures, and e-voting.
  • Intellectual property protection and Digital Rights Management using cryptography: How much can be protected? Some key mistakes made in the past, e.g., the DVD encryption technology; peer-to-peer networks, how they work and how to harness them.
  • Economic costs and legal ramifications of using and breaking cryptographic schemes

Course Materials

Participants receive lecture notes on the first day of the course. These notes are for participants only and are not for sale.

Coordinator and Lecturer

Vwani P. Roychowdhury, PhD, Professor, Electrical Engineering Department, Henry Samueli School of Engineering and Applied Science, UCLA. Dr. Roychowdhury’s research interests include computational informatics, combinatorics, decision theory and optimization, and quantum information processing. Dr. Roychowdhury has co-authored several books, including Discrete Neural Computation: A Theoretical Foundation (Prentice Hall, 1995) and Theoretical Advances in Neural Computation and Learning (Kluwer, 1994). Additionally, he has published more than 100 journals and refereed conference papers as well as several book chapters.

Lecturer

P. Oscar Boykin, PhD, Research Scientist, Electrical Engineering Department, Henry Samueli School of Engineering and Applied Science, UCLA. Dr. Boykin received his PhD in Physics from UCLA, and is an expert on Internet security, e-commerce, and Digital Rights Management. His research interests include physics of computation and information, quantum cryptography and cryptanalysis, and informatics. He has published widely in leading computer science and physics journals, and provides software consulting on security of computer systems for various governmental and commercial institutions.

Daily Schedule

Day 1

Introduction and Overview

Case studies:

  • What are viruses, worms, and other attacks to computers and networks, and how do they work? Vulnerabilities and strengths.
  • How does e-commerce work?
  • What actually happens when you log into a secure Web site?

Public Key Cryptography: System and Applications

  • Different security and privacy needs for transactions over a public network, such as the Internet: digital cash, smart cards, digital signatures, authentication, secret sharing, intellectual property rights protection, digital watermarking, etc.
  • A common framework for secure networking using public key cryptography.

Day 2

Algorithms for Secure Networking

  • Basic algorithms for public key cryptography, including RSA and El-Gamal.
  • Digital Encryption Standard (DES) and Advanced Encryption Standard (AES).

Cryptanalysis

  • Cryptography through the ages: case studies of well-known encryption systems (from the Roman Empire to World War II) and what made them vulnerable.
  • Systematic tools for smart eavesdropping.
  • Identifying potential weak links in practical cryptosystems.
  • Examples of security holes in modern systems.

Day 3

How to Protect Your Computers?

  • What are some of the threats? Viruses and worms–how do they infest?
  • How to identify and protect against Denial-of-Service attacks?
  • Integration of cryptography and network architectures.
  • How to break WAP?
  • Privacy vs. security: how to protect privacy of users, while protecting the whole system from attacks.

Intellectual Property Rights Protection

  • Can cryptography provide an ultimate solution?
  • Security attempts based on both public key and secret key cryptography.
  • Digital watermarking.
  • How secure is the current DVD encryption standard?
  • A look at the Secure Digital Music Initiative (SDMI). Security vs. accessibility in e-commerce.
  • Long-term security of private records.

Day 4

Legal Issues and Economics of Security

  • Security vs. cost in e-commerce.
  • Appropriate key lengths for security today and into the future.
  • The absolute security of quantum cryptography.
  • Legal aspects of security on the Internet and protecting patents and intellectual property rights.

Case Studies and Hands-On Applications

  • Examples of encryption and signatures with PGP and GnuPG encryption software.
  • Explanation of the security features of modern browsers.
  • Examples of secure E-commerce.
  • Examples of practical security measures in the entertainment industry.

For more information contact the Short Course Program Office:
shortcourses@uclaextension.edu (310) 825-3344 | fax (310) 206-2815

image_print