Crypto Engineering (4 ECTS) is a course suitable for final year BSc students or for students on an MSc. It covers technical and non-technical aspects of engineering cryptography as part of the wider aspect of security engineering. Crypto Engineering is a new course at the University of Klagenfurt. It expands on our existing offering and it suitable for students who have done Cryptography (or Introduction to Cybersecurity, or Systems Security). All lecture materials are available in English language (slides/notes, videos), the lecturer is Prof. Elisabeth Oswald who speaks both English and German.
Crypto Engineering first looks at the wider context: what does Crypto Engineering really mean, how does it fit in with Security Engineering more general, why is it hard — i.e. why do people make mistakes, and how can/do we check (test, validate, certify) an implementation or a system?
Next, crypto engineering takes a specific look at engineering secret key cryptographic primitives, aka block ciphers, based on the example of AES. We look at different implementation options for AES and we also look at how to produce randomness.
Last, we look at the biggest current threats to crypto implementations, which come as side channel and fault attacks. We look at the underlying principles of these attacks based on some concrete examples.
This course is run as a “KU” (i.e. it is a lab based course). Lectures and lecture notes support you in a project that runs accross the entire term. The project consists of students being an “external evaluator” or “consultet”. Each student receives a (mock up) specification of a system that is largely based on symmetric cryptography, together with a prototype implementation of the symmetric component and a leakage and fault simulation tool (GILES). The challenge for students is to find as many vulnerabilities as they can within the specification and/or prototype implementation.
The student feedback to this course included: “super interesting”, “never had this kind of examination type before”, and “I learned a huge amount”.
As a lecturer, I (Elisabeth) was incredibly proud to see what students achieved/learned. Most students did not just point out vulnerabilities, they gave cool solutions and new design ideas as alternatives.
The (public) moodle page course in its winter term 2020 edition is here (just log in as guest, all videso are public via a public YouTube playlist. The next edition will be largely hosted via GitHub and Youtube.