Every security professional knows the basics of encryption, but does everyone really understand what a block cipher for example is supposed to achieve? The fact is that we often look at cryptographic primitives as mystical black boxes. This is sometimes advantageous but can also lead to misunderstandings and mistakes. For example, a deep understanding of how block ciphers work and how sophisticated attacks (like differential and linear cryptanalysis) work makes it clear why it is so important to only use standardized ciphers like 3DES and AES and why modes of encryption are so essential. Similarly, how many of us know what key lengths must be used for public-key encryption and why. To properly understand this, we need to know what the best algorithms are for factoring RSA moduli and for solving the discrete log problem, and what the difference is when Elliptic curve cryptography is used. Furthermore, we need to look at the history and development of these attacks in order to make safe predictions for the coming decade.
In this course, participants will gain an in-depth understanding of how cryptographic primitives are constructed and broken. This course is comprised of two distinct and independent 2-day units. In 2009, the first unit will be given in DC in February, and the second unit will be given in Las Vegas in July. The units are as follows:
Unit 1: Asymmetric Primitives In this unit, we will study asymmetric primitives, and in particular cryptosystems based on RSA and the discrete-log problem. In addition to understanding the schemes themselves and the main algorithmic issues that arise, we present some important attacks on RSA and study algorithms for factoring and discrete log. We conclude with an intensive session on how key lengths should be set, based on the material learned in the unit.
Unit 2: Symmetric Primitives In this unit, we will learn how block ciphers and cryptographic hash functions are constructed and broken. In particular, we will study the main construction paradigms as well as basic cryptanalytic attacks on these primitives. The course also covers important advanced cryptanalytic attacks like differential and linear cryptanalysis, with a focus on how to apply them. Finally, we will study popular constructions like the DES and AES ciphers, and the SHA family of hash functions.
In addition to frontal lectures, this course includes multiple interactive and exercise sessions where participants will be challenged to apply the material learned to new problems.
This course is essential to developers who need to understand cryptographic primitives in depth in order to properly use them and also to security professionals who need to make decisions about what products to use and why.
Prerequisites: This course will assume mathematical maturity, but no specific mathematical knowledge. For example, it is not assumed that the students know modular arithmetic and number theory, but it is assumed that if explained, they will catch on fairly quickly (this is mainly needed for the unit covering asymmetric primitives). In addition, participants should be familiar and comfortable with very basic probability, with the notions of algorithms and with basic notions of computer science. Some basic programming knowledge is helpful, but not necessary.
Andrew Lindell is the Chief Cryptographer at Aladdin Knowledge Systems and an Assistant Professor at Bar-Ilan University in Israel. Andrew attained a Ph.D. at the Weizmann Institute of Science in 2002 and spent two years at the IBM T.J. Watson research lab as a Postdoctoral fellow in the cryptography research group. Andrew has carried out extensive research in cryptography, and has published more than 50 conference and journal publications, as well as an undergraduate textbook on cryptography and a book detailing secure protocols. Andrew has presented at numerous international conferences, workshops and university seminars, and has served on program committees for top international conferences in cryptography. In addition to Andrew's notable academic experience, he joined Aladdin Knowledge Systems in 2004. In his position as Chief Cryptographer, he has worked on the cryptographic and security issues that arise in the design and construction of authentication schemes, smartcard applications, software protection schemes and more. Offering a unique combination of academic and industry experience, Andrew brings a fresh and insightful perspective on many of the crucial security issues that arise today.
Early:
Ends Jan 1 |
Regular: |
Late: |
Onsite: |
$1900 |
$2100 |
$2300 |
$2600 |
Black Hat USA 2009
July 25-30
Caesars Palace
Las Vegas, NV
Training July 25-28
Briefings July 29-30
Black Hat USA Briefings Main page is online now.
Find out about our 2009 venue, Caesars Palace.
Black Hat Webcasts
On the third Thursday of every month, Black Hat does a free infosec webcast. Meet security thought leaders and get your questions answered.
Can't make it to our live webcast events? Subscribe to the Black Hat Webcast RSS feed and take the webcasts with you in podcast form.
Upcoming Topics
Black Hat Social
LinkedIn
LinkedIn members can join our Black Hat Group and post news articles of interest to the community, make connections and discuss security topics.
Facebook
We have a Facebook fan page now. Please check us out there - share your ideas, your photos, and your videos with us.
Flickr
Check out our Black Hat photostream. Comment. Contribute. Got great pix? Share with the community.
Twitter
Find out what's going on with Black Hat in real time by following us on Twitter. Meet other Black Hat speakers and attendees, share what matters to you.
Delicious
When something in the news catches our eye at Black Hat HQ, we post the link on Delicious.