Upload
marcus-carr
View
213
Download
0
Embed Size (px)
Citation preview
Cryptography and Cryptography and Computer Security Computer Security for Undergraduatesfor Undergraduates
Paul De PalmaPaul De Palma Gonzaga UniversityGonzaga University
Charles FrankCharles Frank Northern Kentucky UniversityNorthern Kentucky University
Suzanne GladfelterSuzanne GladfelterPenn State YorkPenn State York
Joshua HoldenJoshua HoldenRose-Hulman Institute of TechnologyRose-Hulman Institute of Technology
InspirationInspiration
““We stand today on the brink of a revolution We stand today on the brink of a revolution in cryptography”in cryptography” Diffie & Hellman, 1976Diffie & Hellman, 1976
““If all the personal computers in the world…If all the personal computers in the world…were put to work on a single PGP-encrypted were put to work on a single PGP-encrypted message, it would still take an estimated 12 message, it would still take an estimated 12 million times the age of the universe, on million times the age of the universe, on average, to break a single message.”average, to break a single message.” William Crowell, Deputy Directory of the NSA, William Crowell, Deputy Directory of the NSA,
19971997
Then Why Are Systems Then Why Are Systems Vulnerable?Vulnerable?
Shortage of security personnelShortage of security personnel From the NSA Website: From the NSA Website:
““The National Plan for Information The National Plan for Information Systems Protection … highlights the Systems Protection … highlights the acute shortage in the subset of trained acute shortage in the subset of trained information systems security personnel.” information systems security personnel.”
Cryptographic algorithms are embedded Cryptographic algorithms are embedded in real systems of staggering complexity.in real systems of staggering complexity.
The Federal Government’s The Federal Government’s ResponseResponse
NSA has established Centers of Academic NSA has established Centers of Academic Excellence in Information Assurance Excellence in Information Assurance EducationEducation
Students in universities so designated are Students in universities so designated are eligible for scholarshipseligible for scholarships
The Cyber Security Research and The Cyber Security Research and Development Act (2002) provides $216 Development Act (2002) provides $216 million to support training in computer million to support training in computer securitysecurity
Computing Curricula 2001’s Computing Curricula 2001’s Response: Response:
The ContextThe Context
““Computing is a broad field that extends Computing is a broad field that extends well beyond the boundaries of computer well beyond the boundaries of computer science”science” CC 2001CC 2001
Chomsky once observed that the maturity Chomsky once observed that the maturity of a discipline is inversely proportional to of a discipline is inversely proportional to its size.its size.
“ “I was so much older then, I’m younger I was so much older then, I’m younger than that now.”than that now.”
NC3: Network Security NC3: Network Security (core component, Net-(core component, Net-Centric Computing)Centric Computing)
OS7: Security and protection OS7: Security and protection (elective component, (elective component, Operating Systems)Operating Systems)
AL9: Cryptographic algorithms AL9: Cryptographic algorithms (elective (elective component, Algorithms and component, Algorithms and Complexity)Complexity)
CS312: Cryptography CS312: Cryptography (an advanced course, Algorithms (an advanced course, Algorithms and Complexity)and Complexity)
Security and Cryptographic Security and Cryptographic Issues Appear Four Times Issues Appear Four Times
in CC2001in CC2001
CS312 CryptographyCS312 Cryptography
TopicsTopics Historical overview of cryptography Historical overview of cryptography Private-key cryptography and the key-Private-key cryptography and the key-
exchange problem exchange problem Public-key cryptography Public-key cryptography Digital signatures Digital signatures Security protocols Security protocols Applications (zero-knowledge proofs, Applications (zero-knowledge proofs,
authentication, and so on) authentication, and so on)
Initial ProblemsInitial Problems
CS students have not studied CS students have not studied number theorynumber theory
Mathematics students have not Mathematics students have not studied CSstudied CS
Turf battles between departments of Turf battles between departments of mathematics and computer sciencemathematics and computer science
More SignificantlyMore Significantly
Cryptography without a significant Cryptography without a significant consideration of complex systems is consideration of complex systems is misleadingmisleading
Most texts present crypto as if it were Most texts present crypto as if it were applied mathematicsapplied mathematics
Crypto has a lively social context Crypto has a lively social context Battles over exporting strong cryptoBattles over exporting strong crypto The Clipper ChipThe Clipper Chip
In SumIn Sum
Crypto is necessary for the CS Crypto is necessary for the CS curriculumcurriculum
Crypto will be hard for many CS majorsCrypto will be hard for many CS majors Crypto enters an already crowded Crypto enters an already crowded
curriculumcurriculum Crypto must be placed in a systems Crypto must be placed in a systems
contextcontext Crypto materials:Crypto materials:
www.cps.gonzaga.edu/~depalma/cryptowww.cps.gonzaga.edu/~depalma/crypto