The goal of this course is to develop students’ skills in designing and developing secure distributed applications. The course will provide the necessary conceptual background and hands-on experience to understand common cryptographic algorithms and protocols and how to use them properly. Students will formulate threat models and corresponding security requirements, and engineer a secure distributed application considering these requirements.
We will use Top Hat for lecture participation. Please see Lectures for instructions.
Charlie Kaufman, Radia Perlman, Mike Speciner, and Ray Perlner. Network Security: Private Communication in a Public World (3rd Edition). Pearson, 2023.
Print ISBN: 0136643604 / 9780136643609
If you are sick, we appreciate you isolating to avoid spreading illness. Contact your instructor as soon as possible (and at least one hour in advance) to discuss accommodations such as remote participation. Note that this does not extend to elective travel or other personal conflicts.
If you are sick, please stay home.
The instructor will periodically post updates to the course website and Canvas page. It is each student’s responsibility to regularly monitor these updates.
The instructor and TA will periodically email enrolled students with announcements. Students must check their Pitt email at least once per day to ensure these announcements are received.
When contacting the course staff via email, messages must be addressed to (or CC) both the instructor and the TA. Email subject should be prefaced with “[1653]”.
Unless otherwise specified by your instructor, all submissions must be the sole work of each individual student. Students may not read or copy another student’s solutions or share their own solutions with other students. Students may not review solutions from students who have taken the course in previous years. Submissions that are substantively similar will be considered cheating by all students involved, and as such, students must be mindful not to post their work publicly. If an assignment explicitly permits the use of external resources, any such resources must be credited in submissions, and material may not be copied verbatim. Any use of electronics or other resources during a quiz or examination will be considered cheating.
Unless otherwise noted, external resources can be used to improve proficiency with general concepts but should not be used to search for solutions to assigned deliverables. For the purpose of this course, material created using “generative AI” or any other automation tool will be treated as an external resource, i.e., not the work of the student using the tool. As an example, students may not submit code generated by ChatGPT or Copilot for an assignment in which external code is not permitted, and these resources must be cited clearly if used for assignments in which external code is permitted.
If you have any doubts about whether a particular action may be construed as cheating, ask the instructor for clarification before taking such action. The instructor will make the final determination of what is considered cheating.
Cheating in this course will result in a report to the appropriate school and/or university authority. The instructor will impose a grade of F for the course, and additional sanctions may be imposed by school or university authorities.
Please read, understand, and abide by the Academic Integrity Policy for the School of Computing and Information.
In this course, students are encouraged to discuss attacks and to “think like attackers.” This does not constitute our advocacy of any student carrying out such attacks. Students must adhere to a high standard of professional ethics, as well as Pitt policy and all applicable laws.
This course covers topics and materials that may be viewed as politically sensitive in some contexts. Please review the material carefully. If there are particular topics or readings that concern you, please contact your instructor.
Students are expected to attend all lectures, which frequently include material that is not directly taken from the text and in-class activities that are credited as part of the “lecture participation” grade. If a student misses a lecture, they are still responsible for the material covered and are advised to acquire notes from a classmate.
This course may include open discussion or other interactions among students. To allow all participants to express their viewpoints, all discussion must remain civilized and respectful, and participants must avoid comments and behaviors that disparage others. A student who feels their viewpoints are not being respected is encouraged to contact the instructor, who will work to correct the situation without revealing the student’s specific concerns to the rest of the class. A student in this situation who does not feel comfortable contacting the instructor directly is encouraged to contact the TA, who will uphold the same degree of confidence in relaying the issue to the instructor.
The University of Pittsburgh does not tolerate any form of discrimination, harassment, or retaliation based on disability, race, color, religion, national origin, ancestry, genetic information, marital status, familial status, sex, age, sexual orientation, veteran status or gender identity or other factors as stated in the University’s Title IX policy. The University is committed to taking prompt action to end a hostile environment that interferes with the University’s mission. For more information about policies, procedures, and practices, see here.
I ask that everyone in the class strive to help ensure that their classmates can learn in a supportive and respectful environment. If you witness any instances of the aforementioned issues, please contact the Title IX Coordinator by calling 412-648-7860, emailing titleixcoordinator@pitt.edu, or filing a report online. You may also choose to report this to a faculty/staff member; they are required to communicate this to the University’s Office of Diversity and Inclusion. If you wish to maintain complete confidentiality, you may also contact the University Counseling Center at 412-648-7930.
To ensure the free and open discussion of ideas, students may not record lectures, discussion or other course activities without the advance written permission of the instructor. Any recording properly approved in advance can be used solely for the student’s own personal use.
All course material is subject to copyright, including notes, slides, assignments, exams, and solutions. Students are allowed to use the provided material only for personal use, and may not share the material with others, including posting the material on the Web or other file sharing venues.
We believe that students should be able to distinguish between helping one another understand the core concepts of the course material and cheating. We encourage students to discuss the content of the course in ways that will improve understanding without violating academic integrity, such as clarifying the objective of an assignment or discussing general solution tactics. Under no circumstances should students view one another’s partial or complete solutions nor share specific details of their solutions.
All assignments specify a precise due date and time. Late assignments will not be accepted. Students must ensure they understand each assignment’s submission procedure in advance of its deadline to ensure that submission difficulties do not cause an assignment to be rejected.
All graded materials that a student receives should be saved until after the term has ended and the student receives and accepts their final grade. In this way, any grade discrepancies can be easily resolved.
An evaluation grade can be appealed up to two weeks after it has been returned. After this point, no appeals will be considered. The goal of a grade appeal is to ensure a fair and consistent score. Thus, a score will not be adjusted on an issue of partial credit if the awarded points are consistent with the grading policy adopted for the class as a whole.
When appealing a grade, first contact the grader. For grades returned on electronic platforms that have a “regrade request” feature, follow its instructions; otherwise, contact the grader directly using email (CC’ing the instructor) or office hours. If the grader does not find any mistakes made in the assigned grade, and is unable to clarify adequately the reasons for any assessed penalties, directly contact the instructor describing why you feel the assignment was graded unfairly. The entire assignment may be re-graded by the instructor, so the score may increase, remain the same, or even decrease.
Students must be present for all exams and quizzes. Make-up exams will be given only in the event of a documented medical or family emergency, in which case the instructor must be informed of the emergency in advance of the missed exam. Missing an exam or quiz under any other circumstances will result in a score of 0.
If you have a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and Disability Resources and Services, 140 William Pitt Union, 412-648-7890, drsrecep@pitt.edu, as early as possible in the term. Disability Resources and Services will verify your disability and recommend reasonable accommodations for this course.
In order to accommodate the observance of religious holidays, students should inform the instructor (by email, within the first two weeks of the term) of any such days which conflict with scheduled class activities.
Top Hat is our primary platform for in-class participation questions. It can be accessed via Canvas or via the Top Hat mobile app. Students will be added to the Top Hat section automatically.
In-class activities in lecture will also be part of the “lecture participation” grade.
If you are sick, we appreciate you isolating to avoid spreading illness. Contact your instructor as soon as possible (and at least one hour in advance) to discuss accommodations such as remote participation. Note that this does not extend to elective travel or other personal conflicts.
If you are sick, please stay home.
students are responsible for reading assigned materials prior to the lecture in which they will be discussed. Unless otherwise specified, readings are from Kaufman, Perlman, Speciner, & Perlner. Additional readings are provided below.
This schedule is subject to change.
| Lec. | Date | Topics | Readings |
|---|---|---|---|
| 1 | 1/13 | Course introduction |
Slides Ch. 1 |
| 2 | 1/15 | Design principles |
Slides [S12] |
| 3 | 1/20 | Cryptography basics and classical cryptography |
Slides Ch. 2 |
| 4 | 1/22 | Symmetric key cryptography: Overview, DES |
Slides Ch. 3.1–3.6 |
| 5 | 1/27 | Symmetric key cryptography: Blowfish, AES, stream ciphers |
Slides Ch. 3.7–3.8 [M09] |
| 6 | 1/29 | Block modes and MACs |
Slides Ch. 4 |
| 7 | 2/03 | Hash functions and applications |
Slides Ch. 5.1–5.4 |
| 8 | 2/05 | Hash function construction: MD4 through SHA3 |
Ch. 5.5–5.9 |
| 9 | 2/10 | Public key cryptography and Diffie–Hellman |
Ch. 6.1–6.2, 6.4 |
| 10 | 2/12 | RSA and DSA |
Ch. 6.3, 6.5–6.6 |
| 11 | 2/17 | Authentication |
Ch. 9.1–9.11 |
| 12 | 2/19 | Strong password protocols |
Ch. 9.12–9.18 [L81] |
| 13 | 2/24 | Trusted intermediaries and Kerberos |
Ch. 10.1–10.3 |
| 14 | 2/26 | Midterm exam review | |
| 15 | 3/03 | Midterm examination | |
| 16 | 3/05 | PKI |
Ch. 10.4–10.11 |
| 3/10 | No class: Spring break | ||
| 3/12 | No class: Spring break | ||
| 3/16 | Final exam conflict deadline | ||
| 17 | 3/17 | Handshakes and session establishment |
Ch. 11 |
| 18 | 3/19 | Designing handshakes |
Ch. 17 |
| 3/20 | Monitored withdrawal deadline | ||
| 19 | 3/24 | Transport layer security (TLS) |
Ch. 13 |
| 20 | 3/26 | Elliptic-curve cryptography |
Ch. 6.7 |
| 21 | 3/31 | Quantum computing |
Ch. 7 |
| 22 | 4/02 | Post-quantum cryptography |
Ch. 8 |
| 23 | 4/07 | Secret sharing and zero-knowledge proofs |
Ch. 16 [S79] |
| 24 | 4/09 | Case study: Breaking MD5 | [SSA+08] |
| 25 | 4/14 | Subverting cryptography | |
| 26 | 4/16 | TBD | |
| 27 | 4/21 | TBD | |
| 28 | 4/23 | Final exam review | |
| 4/27 | Final examination (12:00 pm) |
[L81] Leslie Lamport, Password Authentication with Insecure Communication, Communications of the ACM, Nov 1981.
[M09] Jeff Moser, A Stick Figure Guide to the Advanced Encryption Standard (AES), Moserware, Sep 2009.
[S12] Richard E. Smith, A Contemporary Look at Saltzer and Schroeder’s 1975 Design Principles, IEEE Security & Privacy, Nov 2012.
[S79] Adi Shamir, How to Share a Secret, Communications of the ACM, Nov 1979.
[SSA+08] Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger, MD5 Considered Harmful Today, 25th Annual Chaos Communication Congress, Dec 2008.
Homework assignments are self-contained hands-on exercises. Discussing strategies is encouraged, but submissions should be completed individually.
Full details will be released on Canvas.
This semester, we will apply the concepts learned in class through a semester-long project that will be carried out in a group. The project will be split into multiple phases that refine and build upon one another.
Full details will be released on Canvas.