IT security

Objectives

Introduction to basic concepts of computer systems security, in particular symmetric and asymmetric ciphering techniques, and their application to the development of authentication protocols. Introduction and illustration of discretionary and mandatory security policies, but also to intrusion tolerance techniques.

Description

The lecture is composed of four main sections:

– Introduction to basic concepts of computer security (classification of attacks, cryptography, evaluation)

– Illustration using basic examples (DES, RSA, Diffie-Hellmann, electronic signatures)

– Authentication and zero-knowledge authentication protocols (Needham-Schroeder, Fiat-Shamir, smartcards)

– Protection in computing systems (discretionary and mandatory security policies) and examples

The lecture concludes with notions of intrusion tolerance (Shamir threshold schemes, fragmentation-scattering).

Targeted skills

Basic knowledge in cryptography

Zero-knowledge authetication protocols

Discretionary and mandatory security policies

Bibliography

ENSEEIHT lecture slides presented by M. Fabre;

« Applied Cryptography», Bruce Schneider, John Wiley Eds (1994) ;

« Practical Unix & Internet Security », Simson Garfinkel & Gene Spafford, O’reilly Associates, Inc. (1996).

Pre-requisites

Algorithmics, C / C++ programming