TUCoPS :: Crypto :: crypto~1.txt

Cryptography and Data Security Tutorial - Intro

This page contains my godzilla crypto tutorial, totalling 509 slides in 8 parts, 
of which the first 7 are the tutorial itself and the 8th is extra material which 
covers crypto politics. Part 8 isn't officially part of the technical tutorial 
The tutorial is done at a reasonably high level, there are about two dozen books 
which cover things like DES encryption done at the bit-flipping level so I 
haven't bothered going down to this level. Instead I cover encryption protocols, 
weaknesses, applications, and other crypto security-related information. Since 
the slides are accompanying material for a proper tutorial, there's a lot of 
extra context which isn't available just by reading the slides. Bear in mind 
that some of the claims and comments on the slides need to be taken in the 
context of the full tutorial.
Accompanying the slides are about 150 images, unfortunately I can't make these 
available for copyright reasons.
The Tutorial
The tutorial is formatted so that two slides fit one page, which means you'll 
burn out about 260 pages of paper printing them all out (half that if you print 
double-sided). To view the tutorial you'll need a copy of the free Adobe Acrobat 
reader software. Note that most of the diagrams (and there are quite a few of 
them) will look a lot better on paper than on screen. The gv viewer (a 
replacement for ghostview) displays the slides better than the Acrobat viewer, 
especially with antialiasing enabled.
The output was generated from Powerpoint slides, unfortunately Powerpoint 
converts the text colours of embedded tables into a very hard-to-read light 
grey, ignoring the actual text colouring set for the table. There doesn't appear 
to be any way to fix this problem.
The technical material consists of 7 parts:
Part1, 66 slides: Security threats and requirements, services and mechanisms, 
historical ciphers, cipher machines, stream ciphers, RC4, block ciphers, DES, 
breaking DES, brute-force attacks, other block ciphers (triple DES, RC2, IDEA, 
Blowfish, CAST-128, Skipjack, GOST, AES), block cipher encryption modes, 
public-key encryption (RSA, DH, Elgamal, DSA), elliptic curve algorithms, hash 
and MAC algorithms (MD2, MD4, MD5, SHA-1, RIPEMD-160, the HMAC's).
Part2, 104 slides: Key management, key distribution, the certification process, 
X.500 and X.500 naming, certification heirarchies, X.500 directories and LDAP, 
the PGP web of trust, certificate revocation, X.509 certificate structure and 
extensions, certificate profiles, setting up and running a CA, CA policies, 
RA's, timestamping, PGP certificates, SPKI, digital signature legislation.
Part3, 96 slides: IPSEC, ISAKMP, Oakley, Photuris, SKIP, ISAKMP/Oakley, SSL, 
non-US strong SSL, SGC, TLS, S-HTTP, SSH, SNMP security, email security 
mechanisms, PEM, the PEM CA model, PGP, PGP keys and the PGP trust model, MOSS, 
Part4, 55 slides: User authentiction, Unix password encryption, LANMAN and NT 
domain authentication and how to break it, Netware 3.x and 4.x authentication, 
Kerberos 4 and 5, Kerberos-like systems (KryptoKnight, SESAME, DCE), 
authentication tokens, SecurID, S/Key, OPIE, PPP PAP/CHAP, PAP variants (SPAP, 
Part 5, 27 slides: Electronic payment mechanisms, Internet transactions, payment 
systems (Netcash, Cybercash, book entry systems in general), Digicash, SET, the 
SET CA model.
Part 6, 44 slides: Why security is hard to get right, buffer overflows, 
protecting data in memory, storage sanitisation, data recovery techniques, 
random number generation, TEMPEST, snake oil crypto, selling security.
Part 7, 54 slides: Smart cards, smart card file structures, card commands, 
electronic purse standards, attacks on smart cards, voice encryption, GSM 
security and how to break it, traffic analysis, anonymity, mixes, onion routing, 
mixmaster, crowds, steganography, watermarking, misc. crypto applications 
(hashcash, PGP Moose).
Here endeth the technical material. The final part goes into crypto politics.
Part 8, 63 slides: History of crypto politics, digital telephony, Clipper, 
Fortezza and Skipjack, post-Clipper crypto politics, US export controls, effects 
of export controls, legal challenges, French and Russian controls, non-US 
controls (Wassenaar), Menwith Hill, Echelon, blind signal demodulation, Echelon 
and export controls, Cloud Cover, UK DTI proposals, various GAK issues.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH