Applied Cryptography is a subject of the Computer Engineering specialty of the Computer Engineering Degree. This course is also offered as an elective in the fourth year of the Computer Engineering Degree.

The course deepens the cryptographic concepts introduced in the second year course “Introduction to Computer Networks”. The first part goes into the details of the different primitives (symmetric and asymmetric algorithms, hash and MAC functions, digital signature...) analyzing their strengths and weaknesses. Next, the TLS protocol will be analyzed as an example of a practical combination of these primitives and possible errors that may arise when designing these protocols. Less central aspects of cryptography such as the importance of key generation and storage or the use of cryptography in systems with reduced resources will also be discussed. Finally, emerging trends in cryptography, including quantum and post-quantum cryptography, will be discussed, preparing students to face future challenges in information security.

To take the course there are no prerequisites, but it is recommended to be enrolled in the following subjects of the specialty of the 2nd semester “Detection and Exploitation of Vulnerabilities and Auditing” and “Forensic Analysis of Computer Systems” to obtain a global vision of cybersecurity.

The course is linked to the Computer Engineering specialty, whose competencies (BOE-A-2009-12977) it develops.

Once the student has passed the course, he/she will obtain the following competences and learning results:

Competences:

1. Develop skills to understand and apply fundamental cryptographic concepts and algorithms, both symmetrical and asymmetrical.

2. Ability to evaluate the security of various cryptographic systems and protocols, identifying strengths and vulnerabilities.

3. Ability to apply cryptographic algorithms and protocols in different environments and with different tools, ensuring information security.

4. Ability to keep updated and adapt to new trends and advances in cryptography.

Learning Results:

1. Students will be able to explain the fundamental concepts of cryptography, including encryption, decryption, symmetric and asymmetric cryptography, and types of attacks.

2. Students will be able to implement and use NIST and FIPS approved cryptographic algorithms, as well as hash functions and authentication algorithms.

3. Students will be able to analyze and evaluate the security of cryptographic protocols such as TLS, identifying potential vulnerabilities and proposing improvements.

4. Students will demonstrate knowledge of emerging trends in cryptography, such as quantum and post-quantum cryptography, and will be prepared to apply this knowledge in future contexts.

1. Introduction

2. Symmetric cryptography

3. Hash functions

4. Authentication and integrity

5. Asymmetric cryptography

6. Secure protocols

7. Generation and storage of keysGakoak sortzea eta gordetzea

8. Lightweight cryptography

9. Future of cryptography: quantum cryptography, post-quantum cryptography eta homomorphic cryptography

This course combines different teaching methodologies. On the one hand, the conceptual contents of the subjects will be taught in master classes, the participation of students in debates will be encouraged. The resolution of individual or group problems will be carried out in a participatory manner. On the other hand, other tasks will be carried out through laboratory practices and a final project that the students must develop autonomously and collaboratively.

In addition, practical assignments and projects will be developed individually or in groups. In them, students will have to carry out tasks taking into account the theoretical contents discussed in class and the proposed bibliography.

To facilitate and ensure student leaning, both classroom practices and computer practices will be monitored. Feedback will be provided based on previously established evaluation criteria, to ensure that students have the opportunity to become

aware of their learning.

• Continuous Assessment System
• Final Assessment System
• Tools and qualification percentages:
  • The different evaluation criteria are described at length in the following sections. (%): 100

The evaluation systems that are contemplated are the continuous assessment and the final assessment. The continuous evaluation system is the default system for the ordinary examination, as indicated in the current regulations of the UPV/EHU.

a. Continuous assessment

This the default evaluation mode.

The final grade will be calculated as follows:

- Individual written tests: 60%

- Group practical assignments: 40%

In order to obtain a passing grade, the final grade must be higher than 5 out of 10; additionally you must obtain a grade higher than 4 out of 10 in both the written tests and practical assignments.

This evaluation method requires active and continuous participation on the part of the students, with the following conditions:

- Attending classes and laboratories: no more than 5 unexcused class absences

- Handing in exercises and assignments.

- Taking all individual tests.

In case of not fulfilling these conditions, the student will lose the option of the continuous assessment evaluation. Having met the continuous assessment requirements, students who decide to opt for the global assessment must inform the teachers within the period and in the manner indicated in the notice: by email before the tenth week. Leaving before the end of the continuous evaluation or not taking the final exam will be enough to obtain a non-taken grade.

b. Final assessment

The final grade will be calculated as follows:

- Individual written tests: 60%

- Individual practical assignments: 40%

In order to obtain a passing grade, the final grade must be higher than 5 out of 10; additionally you must obtain a grade higher than 4 out of 10 in both the written tests and practical assignments.

Failure to take the final exam will be enough to obtain a non-taken grade.

The final grade will be calculated as follows:

- Individual written tests: 60 %

- individual practical assignments: 40 %

In order to obtain a passing grade, the final grade must be higher than 5 out of 10; additionally you must obtain a grade higher than 4 out of 10 in both the written tests and practical assignments.

Material in eGela: class notes, lab guides, scientific articles...

Basic bibliography

- Christof Paar and Jan Pelzl. Understanding Cryptography. A Textbook for students and practicioners. Springer, 2010.

- Al Sweigart. Hacking Secret ciphers with Python. 2013.

- Rolf Oppliger, SSL and TLS. Theory and Practice (2nd edition). Artech House, 2016.

- William Stallings. Cryptography and Network Security. Principles and practice (7th edition). Pearson, 2017.

- Jean Philippe Aumasson, Serious Cryptography: A practial Introduction to Modern Encryption. No Starch Press, 2018.

- Douglas Stinson and Maura Paterson. Cryptography. Theory and Practice (4th edition). CRC Press, 2019.

- Shannon Bray. Implementing cryptography using Python. John Wiley & Sons, 2020.