|
Date
|
Subject
|
Resources
|
|
Sept. 8-10
|
Week 1: Course intro. Security goals and principles, secret keys, brute force, bits of security
|
|
|
Sept. 15-17
|
Week 2: Thinking Securely. Classical ciphers, formal security notions, attack games
|
|
|
Sept. 22-24
|
Week 3: Encrypting data. Block ciphers, AES, cipher modes of operation, randomized encryption
|
|
|
Sept. 29-30
|
Week 4: Fingerprinting data. Random oracles, hash functions, the SHA family, birthday paradox, collisions, pre-image and second-preimage resistance
|
|
|
Oct. 6-8
|
Week 5: Authenticating data. Message authentication, message authentications codes, authenticated encryption, AES-GCM
|
|
|
Oct. 15
|
Week 6: Bootstrapping a shared secret. Public-key cryptography, public-key agreement, Diffie-Hellman, forward secrecy
|
|
|
Oct. 20-22
|
Week 7: Linking data to a public key. Digital signatures, forgeries, RSA signatures and padding
|
|
|
Oct. 27-29
|
Week 8: Linking a public key to an identity. Trust-on-first-use (SSH), Digital certificates, X.509
|
|
|
Nov 3-7
|
Fall reading week. No lectures.
|
|
|
Nov 10-12
|
Week 9: Server authentication. Public-key infrastructure, certificate authorities, revocation, pinning, trust stores
|
|
|
Nov. 17-19
|
Week 10: Securing the Transport Layer. Transport Layer Security (TLS), TLS handshake, ciphersuites, HTTP over TLS (HTTPS).
|
|
|
Nov. 24-26
|
Week 11: Client authentication. Secure password generation and storage.
|
|
|
Dec. 1-3
|
Week 12: Software security. A quick introduction to memory safety in software design through the lens of stack buffer overflows in the C programming language.
|
|
|
Dec. 8
|
Week 13: Course Review. Final lecture is Tuesday, Dec. 8th (No lecture Dec. 10th)
|
|