Uses and Misuses of Cryptography (Part 1): How to Use Crypto Properly and Attack Those That Don't
Overview
Most security professionals and software engineers working in security are familiar with the basic concepts of cryptography. However, many do not really understand what security guarantees are provided by different cryptographic primitives, which constructions are recommended and which should not be used (and why), and how easy it is to misuse cryptography to the point that it is trivially broken. In this course, we will take a deep look at cryptographic concepts, constructions and implementation dangers and issues. The focus of this course (which is part 1), will be on symmetric cryptography and hash functions. For just a few examples: we will understand the fundamental differences between stream and block and ciphers and how to use them in encryption, message authentication and protocols, we will study the security of cryptographic hash functions, and learn advanced attacks like low-memory birthday attacks and rainbow tables. The aim of the course is to understand the security guarantees provided by a variety of cryptographic primitives, obtain an idea as to how they are constructed and how they work, learn how they can be properly and improperly used, and be familiar with the main attacks against them and their ramifications. The course will be filled with real-world examples of crypto misuses and we will demonstrate how difficult it is to do crypto properly and how devastating the results are when it is misused. After taking this course, among other things, you will have a deep understanding of the major known attacks on SSL/TLS (like BEAST, CRIME, Lucky13 and POODLE), and will be able to understand new attacks as they are released, and therefore evaluate their danger to your business.
In addition to frontal lectures (which will themselves be highly interactive), participants will solve theoretical and applied exercises in dedicated exercise sessions in order to help them understand and internalize the material.
Who Should Take this Course
This course is of importance to anyone who uses cryptography in any way in their products, to developers who either use existing cryptographic libraries or implement their own, and to any security professional who needs to evaluate the ramifications of new attacks that are discovered.
What Students Should Bring
Students should bring paper, pens and laptops.
What Students Will Be Provided With
Students will receive a reference booklet containing everything needed to further their understanding of the material. In addition, students will receive a CD with all of the slides, and code examples.
Trainers
Yehuda (Andrew) Lindell is the Chief Scientist at Dyadic Security and a professor at Bar-Ilan University in Israel. Andrew attained his Ph.D. at the Weizmann Institute of Science in 2002 and spent two years at the IBM T.J. Watson research lab as a Postdoctoral fellow in the cryptography research group. Andrew has carried out extensive research in cryptography, and has published more than 60 conference and journal publications, as well as an undergraduate textbook on cryptography and a book detailing secure protocols. Andrew has presented at numerous international conferences, workshops and university seminars, and has served on program committees for top international conferences in cryptography. In addition to Andrew's notable academic work, he has significant industry experience in the design and deployment of cryptography in a wide variety of scenarios. Currently, he is the co-founder and Chief Scientist at Dyadic Security, a startup that provides a unique solution for key and credential protection even in the event of a network breach.
Video Preview (Training Description Above - Top of Page)