Cryptography and Cryptography and Computer Security Computer Security for Undergraduatesfor Undergraduates

Paul De PalmaPaul De Palma Gonzaga UniversityGonzaga University

Charles FrankCharles Frank Northern Kentucky UniversityNorthern Kentucky University

Suzanne GladfelterSuzanne GladfelterPenn State YorkPenn State York

Joshua HoldenJoshua HoldenRose-Hulman Institute of TechnologyRose-Hulman Institute of Technology

InspirationInspiration

““We stand today on the brink of a revolution We stand today on the brink of a revolution in cryptography”in cryptography” Diffie & Hellman, 1976Diffie & Hellman, 1976

““If all the personal computers in the world…If all the personal computers in the world…were put to work on a single PGP-encrypted were put to work on a single PGP-encrypted message, it would still take an estimated 12 message, it would still take an estimated 12 million times the age of the universe, on million times the age of the universe, on average, to break a single message.”average, to break a single message.” William Crowell, Deputy Directory of the NSA, William Crowell, Deputy Directory of the NSA,

19971997

Then Why Are Systems Then Why Are Systems Vulnerable?Vulnerable?

Shortage of security personnelShortage of security personnel From the NSA Website: From the NSA Website:

““The National Plan for Information The National Plan for Information Systems Protection … highlights the Systems Protection … highlights the acute shortage in the subset of trained acute shortage in the subset of trained information systems security personnel.” information systems security personnel.”

Cryptographic algorithms are embedded Cryptographic algorithms are embedded in real systems of staggering complexity.in real systems of staggering complexity.

The Federal Government’s The Federal Government’s ResponseResponse

NSA has established Centers of Academic NSA has established Centers of Academic Excellence in Information Assurance Excellence in Information Assurance EducationEducation

Students in universities so designated are Students in universities so designated are eligible for scholarshipseligible for scholarships

The Cyber Security Research and The Cyber Security Research and Development Act (2002) provides $216 Development Act (2002) provides $216 million to support training in computer million to support training in computer securitysecurity

Computing Curricula 2001’s Computing Curricula 2001’s Response: Response:

The ContextThe Context

““Computing is a broad field that extends Computing is a broad field that extends well beyond the boundaries of computer well beyond the boundaries of computer science”science” CC 2001CC 2001

Chomsky once observed that the maturity Chomsky once observed that the maturity of a discipline is inversely proportional to of a discipline is inversely proportional to its size.its size.

“ “I was so much older then, I’m younger I was so much older then, I’m younger than that now.”than that now.”

NC3: Network Security NC3: Network Security (core component, Net-(core component, Net-Centric Computing)Centric Computing)

OS7: Security and protection OS7: Security and protection (elective component, (elective component, Operating Systems)Operating Systems)

AL9: Cryptographic algorithms AL9: Cryptographic algorithms (elective (elective component, Algorithms and component, Algorithms and Complexity)Complexity)

CS312: Cryptography CS312: Cryptography (an advanced course, Algorithms (an advanced course, Algorithms and Complexity)and Complexity)

Security and Cryptographic Security and Cryptographic Issues Appear Four Times Issues Appear Four Times

in CC2001in CC2001

CS312 CryptographyCS312 Cryptography

TopicsTopics Historical overview of cryptography Historical overview of cryptography Private-key cryptography and the key-Private-key cryptography and the key-

exchange problem exchange problem Public-key cryptography Public-key cryptography Digital signatures Digital signatures Security protocols Security protocols Applications (zero-knowledge proofs, Applications (zero-knowledge proofs,

authentication, and so on) authentication, and so on)

Initial ProblemsInitial Problems

CS students have not studied CS students have not studied number theorynumber theory

Mathematics students have not Mathematics students have not studied CSstudied CS

Turf battles between departments of Turf battles between departments of mathematics and computer sciencemathematics and computer science

More SignificantlyMore Significantly

Cryptography without a significant Cryptography without a significant consideration of complex systems is consideration of complex systems is misleadingmisleading

Most texts present crypto as if it were Most texts present crypto as if it were applied mathematicsapplied mathematics

Crypto has a lively social context Crypto has a lively social context Battles over exporting strong cryptoBattles over exporting strong crypto The Clipper ChipThe Clipper Chip

In SumIn Sum

Crypto is necessary for the CS Crypto is necessary for the CS curriculumcurriculum

Crypto will be hard for many CS majorsCrypto will be hard for many CS majors Crypto enters an already crowded Crypto enters an already crowded

curriculumcurriculum Crypto must be placed in a systems Crypto must be placed in a systems

contextcontext Crypto materials:Crypto materials:

www.cps.gonzaga.edu/~depalma/cryptowww.cps.gonzaga.edu/~depalma/crypto