CIS 428 Introduction to Cryptography

Barbara Nostrand, Ph.D.

Electrical Engineering and Computer Science


Format and Possible Topics

The projects are expected to be 10 to 20 pages long but may take other forms depending on their content (e.g., a website). They can either consist of a research paper that summarizes what you were able to find out about a particular topic or a programming experiment along with a writeup of what you discovered. The idea of the project (and presentation) is to allow you to explore in depth some topic related to cryptography (even remotely) that is of interest to you. I'm open to anything but if you are looking for ideas here is a short list of possibilities.

Research Paper Topics

Security: Investigate different solutions to security issues in networks and operating systems. For example, compare and contrast how security is implemented in operating systems such as, Unix, Windows NT and Linux. Examine a variety of commercially available firewall systems and/or virus scanners. Look into latest attempts at intrusion detection.

Privacy: There are hundreds of databases around the country that contain information on almost all of us. Who has access to this information is generally not under our control. The long term implications of this are still not understood. Recent examples of identity theft are just one of the problems this raises. Do you want to live in a world where all of your movements are recorded somewhere and analyzed for possible economic advantage?

The Internet: Is it safe to send your credit card to Amazon and if so why? What if anything can be done about large scale viruses that bring down millions of machines at a time? What about the denial of service attacks on websites like ebay and yahoo? Can they be stopped? Why do people do these things? What, if anything, can be done about email spam?

National Security: Security in the age of terrorism involves tradeoffs as witnessed by the passing of laws such as the Patriot Act soon after 9/11. Are the resulting restrictions to our rights worth the added safety? A related issue concerns the use of cryptography by terrorists. A number of newspaper reports indicate that Al Queda has used encoded email as well as encoded pictures on websites in order to send messages. What evidence is there for this?

Electronic Voting: A number of states have elected to use electronic voting machines in order to avoid problems like the ones that surfaced during the 2000 presidential election in the state of Florida. Critics contend that these machines can be easily compromised and present too tempting a target to hackers. Are these machines safe? What vulnerabilities do they possess?

Biometrics: The traditional methods of identifying or authenticating an individual have been biometrically based, e.g. fingerprints or signatures. This is likely to be true in the future. Advances in face and voice recognition systems have been amazing. Many researchers have proposed using the pattern of blood vessels in your face or in your eye to identify people as these are much more difficult to fake then signatures or fingerprints. The ultimate of course is the use of DNA for identification. This brings up privacy issues such as who should have access to your DNA.

Mathematics of Cryptography: There are many topics that I will not have time to cover in the course that fall into this category. Examples include: the use of elliptic curves in cryptosystems; finding prime numbers for making codes and factoring numbers into primes for breaking codes; so-called zero-knowledge proofs that allow one to prove one know's something without giving away any details.

Government: Governments (mainly through the military) have always been the biggest generators and consumers of cryptographic material. Current government policy (US as well as other countries) is in a confused state due to the rise of commercial applications of cryptography and the effect this may have "national security." (The main problem is it makes it more difficult for the government to read your mail.) A number of laws, government agency programs, and standards initiatives designed to mitigate the effect of widely available cryptography have developed of late. Examples include NSA's Echelon and Carnivore programs, the NIST Advanced Encryption Standard, and the Patriot Act.

History: The book of Kahn mentions many historical incidents that where cryptography apparently paid a crucial role. Choose one of them and investigate it further, e.g., the Zimmermann telegram incident and World War I, the Japanese Purple code and Midway Island, etc. The histories I know of are very Eurocentric. It might be interesting to look into the development of cryptography in other cultures.

Unbroken Ciphers: Simon Singh discusses the Beale Cipher that is as yet unbroken. This is just one of many examples of unbroken ciphers or codes some of which have remained a mystery for centuries. You might investigate the history of one of these ciphers or make an attempt to break it yourself. A list of such ciphers can be found at http://www.elonka.com/UnsolvedCodes.html.

Literature and the Arts: There are a number of examples of alleged and true ciphers in works of art. Some examples: some believe that Shakespeare's works were actually written by someone else (Francis Bacon is a common suspect) and the true author left ciphers in the plays to show the way to his identity; composers have been known to develop themes based on coded references to friends - Elgar's Enigma variations being one of the most famous examples; Dutch still lifes of the sixteenth and seventeenth centuries are known to have coded different sentiments that the intelligent viewer was to discern. Other examples include the Bible, Emily Dickinson's poetry, and James Joyce's Finnegan's Wake.

Programming Projects

Code Testing: Implement in software a variety of symmetric key ciphers (e.g., DES, IDEA, AES, etc.) or public key ciphers (e.g., RSA, El-Gamal, Elliptic Curve, etc.) Compare them with respect to how easy they are to program, how fast they are, how much storage space they require, what size keys are required for reasonable security, etc.

Hacking: Investigate the tools used by hackers to gain unauthorized entry into computer systems. Use what you find to test the vulnerability of your own computer, computers of friends and Wesleyan's computers. Report on what you find both good and bad. Note that if you do find holes in the security of any computers for which there are known patches you should inform the owner of the computer asap. If you find holes in your own security fix them. Please try not to get me into trouble!

Code-breaking: Write your own program for breaking one of the codes discussed in class or any other code. This could range from a simple substitution cipher to RSA. If considering breaking RSA by factoring, you should estimate the size of the largest number you can factor in a reasonable amount of time with the resources you have available. Other possibilities include implementing differential attacks against short round DES, known attacks against knapsack public key systems, or recently reported weaknesses in AES.

Firewall: Design and implement a firewall. Examine the functionality of existing firewalls and possibly improve upon them in some way. It may be interesting to do this as a team effort where one person builds the firewall and the other attempts to defeat it.

Secure Telephone: Design and implement a secure telephone by integrating freely available software for voice communication and encryption. Discuss possible attacks on your system and what you have done to protect against them.

Educational Applet: Design and implement an applet that illustrates one or more of the concepts that are discussed in class. Examples of one's we have seen include the Caesar shift decoder and the simple substitution decoder. Most of the one's I have seen are fairly inflexible and improvements are definitely possible.


Last modified: 2008 FEB 28
bnostran@syr.edu