Overview

This page contains my godzilla crypto tutorial, totalling 973 slides in 12 parts, of which the first 10 (+ part 0) are the tutorial itself and the 12th is extra material which covers crypto politics. Part 12 isn't officially part of the technical tutorial itself, and much of it is now also rather dated (the material is extensively covered elsewhere so I haven't spent much time updating it).

The tutorial is done at a reasonably high level, there are about two dozen books which cover things like DES encryption done at the bit-flipping level so I haven't bothered going down to this level. Instead I cover encryption protocols, weaknesses, applications, and other crypto security-related information. Since the slides are accompanying material for a proper tutorial, there's a lot of extra context which isn't available just by reading the slides. Bear in mind that some of the claims and comments on the slides need to be taken in the context of the full tutorial.

The Tutorial

The tutorial is formatted so that two slides fit one page, which means that you'll burn out over 480 pages of paper printing them all out (half that if you print double-sided). To view the tutorial you'll need a copy of the free Adobe Acrobat reader software. Note that most of the diagrams (and there are quite a few of them) will look a lot better on paper than on screen. The gv viewer (a replacement for ghostview) may display the slides better than the Acrobat viewer, especially with antialiasing enabled.

The technical material consists of 11 parts:

Part 0, Introduction, 23 slides: Security threats and requirements, services and mechanisms, and security data format templates.

Part 1, Algorithms and Mechanisms, 61 slides: Historical ciphers, cipher machines, stream ciphers, RC4, block ciphers, DES, breaking DES, brute-force attacks, other block ciphers (AES, Blowfish, CAST-128, GOST, IDEA, RC2, Skipjack, triple DES), block cipher encryption modes (ECB, CBC, CFB, encrypt+MAC modes, LRW), public-key encryption (RSA, DH, Elgamal, DSA), using PKCs, Public-Key Cryptography Standards (PKCS), elliptic curve algorithms, hash and MAC algorithms (MD2, MD4, MD5, SHA-1, SHA-2, RIPEMD-160, the HMAC's), pseudorandom functions.

Part 2, Key Management and Certificates, 154 slides: Key management, key lifetimes, key distribution, key use controls, key backup/archival, key continuity, certificates and CAs, certificate history, X.500 and X.500 naming, X.500 directories and LDAP, HKP, problems with X.500 and naming, non-X.500 approaches, qualified certificates, PGP certificates, SPKI, CAs, RAs, certificate chains, cross-certification, bridge CAs, PGP web-of-trust, certificate checking, offline revocation checking, CRL problems, online revocation checking, OCSP, other revocation protocols, bypassing PKI, running a CA, timestamping, PKI design guidelines.

Part 2a, X.509 Certificates, 94 slides: Certificate structure, extensions, usage extensions, constraint extensions, certificate profiles, CA policies, problems with X.509.

Part 2b, Digital Signature Legislation, 104 slides: Why do we need digital signature legislation, what is a signature, real-world vs.electronic signatures, non-repudiation, trust, and liability, existing approaches, examples of legislation of various types including advantages and drawbacks, the Digital Signature Law litmus test.

Part 3, Authentication, 86 slides: User authentication, Unix password encryption, Hellman's time/memory tradeoff, Rainbow tables, generalising Rainbow tables, LANMAN and NT domain authentication and how to break it, GSM security, S/Key, OPIE, TANs, PPP PAP/CHAP, PAP variants (SPAP, ARAP, MSCHAP), RADIUS, DIAMETER, TACACS/XTACACS/TACACS+, EAP and variants (EAP-TTLS, EAP-TLS, LEAP, PEAP) Kerberos 4 and 5, Kerberos-like systems (KryptoKnight, SESAME, DCE), authentication tokens, SecurID, X9.26, FIPS 196, Netware 3.x and 4.x authentication, biometrics, PAM.

Part 4, Sessions, 116 slides: session security overview, SSL, TLS, TLS-PSK, SGC, SSH, TLS vs.SSH, IPsec, IETF politics, AH, ESP, IPsec key management (Photuris, SKIP, ISAKMP, Oakley, SKEME), IKE, IPsec problems, OpenVPN, WEP, WEP problems, WPA, TKIP, AES-CCM, DNSSEC, DNSSEC problems, S-HTTP, SNMP.

Part 5, Email, 60 slides: Email security mechanisms, PEM, the PEM CA model, PGP, PGP keys and the PGP trust model, MOSS, PGP/MIME, S/MIME and CMS, MSP, opportunistic email encryption (STARTTLS/STLS/AUTH TLS).

Part 6, Electronic commerce, 62 slides: Electronic payment mechanisms, Internet transactions, payment systems, Netcash, First Virtual, Cybercash, book entry systems, Paypal, Digicash, e-cheques, SET, the SET CA model, SET problems, 3D-Secure, prEN 1546, TeleQuick, Geldkarte, EMV, micropayments.

Part 7, Smart cards and crypto devices, 80 slides: Smart cards, smart card file structures, card commands, PKCS #11, PC/SC, JavaCard/OCF, multiapplication cards, TCPA/TCG, TPMs, iButtons, contactless cards, vicinity cards, attacks on smart cards.

Part 8, Miscellaneous, 62 slides: Traffic analysis, anonymity, mixes, onion routing, mixmaster, crowds, LPWA, Tor, steganography, watermarking, misc. crypto applications (hashcash, PGP Moose), TEMPEST, snake oil crypto, selling security. TCSEC/Orange Book.

Here endeth the technical material. The final part goes into crypto politics.

Part 9, 71 slides: History of crypto politics, digital telephony, Clipper, Fortezza and Skipjack, post-Clipper crypto politics, US export controls, effects of export controls, legal challenges, French and Russian controls, non-US controls (Wassenaar), Menwith Hill, Echelon, blind signal demodulation, undersea cable tapping, European parliament reports on Echelon, Echelon and export controls, Cloud Cover, UK DTI proposals, various GAK issues.

Miscellaneous Questions

Various people have asked about doing things with the tutorial which go beyond just reading it. The following answers should cover the most common requests:

Using portions of the material in your own work: This is fine provided you attribute it and stay within reasonable limits - the usual copyright "fair use" rules apply.

Using the original slides: I'm rather reluctant to provide access to these because it was an awful lot of work preparing them and I'd rather not have everyone give the tutorial I've prepared. In general if you want to use them within your organisation that's OK, but I'd rather not hand them out for general use.

Mirroring: If you want to mirror things or provide a copy via your own site, please leave the actual PDFs as links to the originals rather than copying the files across. I update the slides from time to time as standards and technology change, and have had problems in the past with incredibly ancient copies of files stored on overseas mirrors. If you provide a link to the PDFs rather than copying them across it'll ensure people always get the latest copies.