Understanding cryptography and key management

course description
this course is designed for those responsible for the security of information and its transfer. it provides an in-depth analysis of the cipher systems available and how to implement and use them. the topic is approached from a non-mathematical perspective.

target audience

• it managers
• security managers
• technical staff
• system designers & implementers

course content

introduction
- the need for security
- security services: confidentiality, data integrity, authentication (of message source and of identity) and non-repudiation


symmetric ciphers
- historical examples
- theoretical security (one-time pad)
- stream ciphers
- block ciphers (including des, aes)
- modes of operation (ecb, cbc, cfb, ofb)
- message authentication codes (macs)


asymmetric techniques
- public key encryption (including rsa)
- key-agreement (diffie-hellman) and digital signatures (including rsa, dsa). includes discussion of hash functions
- elliptic curve cryptography and a comparison between the different techniques


entity authentication techniques


the key management lifecycle

• key generation
• key storage
• key distribution: symmetric and asymmetric techniques, digital certificates (x.509), cas
• key usage: key separation, key variants, certificate extension fields
• key backup
• key update
• key destruction
• key revocation: crls, ocsp
• pki

cryptographic protocols

• ssl/tls
• s/mime
• ipsec

run in conjunction with qtandc