Foundations of Cyber-Security

I've made a webpage for the textbook: https://sites.google.com/site/amirherzberg/applied-crypto-textbook

it contains the textbook and lectures and I'll probably update there much more frequently than here.

Hi, I've uploaded an updated version. Feedback very welcome as this project is beginning to wrap up and be published (plan is next year).

Hi,

1. New version of textbook added. There are quite a lot of changes (improvements, hopefully), mainly in the PKI chapter. btw, I'll give a tutorial on PKI in the CANS conference on Dec. 14-16, 2020; the entire conference will be online and free due to COVID so pls join.

2. I've also uploaded/updated few lectures: PKI, TLS, Public key (two parts, 1st intro_+key exchange, second encryption mostly), and shared key protocols (handshake and session).

Enjoy; feedback appreciated.

main change : significant updates to chapter 5, shared key protocols.

Hi, I've uploaded new versions of the presentations (lectures) on : (1) encryption and pseudorandomness, (2) message authentication and (3) cryptographic hashing, including blockchains and Merkle-trees.

also uploaded new version of textbook itself (1st volume), but this is a relatively minor one from the previous one , as that one was very recent.

Hi, I've uploaded new version of vol. 1 (applied intro to crypto). So now chapters 1-4 are `roughly ready' . I've mainly added lots to ch. 4 (hashing), incl. Merkle-trees, PoW, ROM, digest-chains (aka hash-chains), Blockchain and Bitcoin. Some of this stuff is actually completely new content, such as the definitions of the goals/properties of schemes like Merkle trees and blockchains. As usual , feedback appreciated.

Ok, next goals would be chapters 5 (session protocols), 6 (PKC) and 7 (TLS/SSL); ch 8 (PKI) is also roughly-ready. Way to go...

Still working on the hashing chapter but much of it is done (for this revision of the textbook). I'll already post it, but I hope to complete the rest and post again Real Soon.

In current version, I've completed the Merkle digest scheme (and Merkle tree construction) - in the amount of details I believe is appropriate for this textbook. I'm still not done with the text on blockchains though. Well, soon...

I guess I should also upload new presentations, I've done quite extensive changes in encryption, auth. and now hashing too, if anybody needs/wants them let me know and I'll do it already.

Hi, I finished the revision of the PKI chapter, mainly now covering reasonably well the important Certificate Transparency (CT) extension. Now, this is quite `raw', I definitely need to review and fix it yet - and your feedback , comments and suggestions would be most welcome; but anybody who want to better understand this whole topic of PKI and in particular this recent , important development of CT, may find here useful text.

There are also some minor fixes and improvements elsewhere, esp. to ch 2 (Encryption and pseudo-randomness) due to the class I teach this term and comments from students (thanks!).

Now I'll probably return to complete the revision of the hashing chapter - already about 2/3 or so done - and then I have session, PKC, TLS/SSL - and then `just' two unwritten-yet chapters, secure usability and advanced topics/conclusions... oh well.

Hi, I've uploaded updated lecture notes (part I), mainly PKI chapter, and some updates on encryption; and new encryption lecture. I'm still not done with the revision to the PKI chapter so expect another update of it soon. The encryption and MAC chapters were recently revised and I think are in quite good shape. Still need to complete the revision to the hash chapter and to the session, PKC and TLS chapters, and definitely to add already the last missing chapters - usable security and user authentication. Ah and I also consider adding a conclusion chapter with some discussion of the many advanced topics we do not cover...

Mainly, in chapter 4 (hashing) I've added a lot on Merkle trees, so important in both practice and theory, but not seriously covered afaik.

But I think I'll move now to the PKI chapter, as (1) it really requires update and (2) we've been doing (and still do) lots of work in this area and I want to use it for some new team members :)

Feedback welcome! Amir

I'm doing significant revisions in part I , which is mostly an introduction to cryptography, with strong focus on applied aspects and introducing general cyber-security principles. I'll be teaching this course this term, and also hoping to publish it - hopefully within this academic year. So expect more updates to this part . At this time, chapter 2 (encryption and pseudorandomness) was mostly updated , and I've just begun updating some of the other chapters. Much to do !

Let me again ask for feedback; I would esp. appreciate serious reviews (of a chapter or two), contact me so I can split the chapters among reviewers effectively. Lecturers using this text are also asked to contact me , I'll like to discuss what can be improved.

Hi, I've uploaded new versions for both part I and part II. In part I it is mostly minor fixes/extensions; in part II, I mostly added on Denial of Service, incl. quite extensive discussion of SYN-Flood; but much of that chapter is still to-be-done.

This is a minor update, fixed few issues, and mainly added the exercises to the hashing chapter (were missing by mistake), and move that chapter to appear right after MAC where I think it is more appropriate.

Feedback appreciated.

I've updated the PKI chapter in the lecture notes (part I), and enclose the PKI presentation. More work is required on these, mainly on the notes, but I think the text may already be of some use.

Very busy this year with lots of exciting research (incl. lots of work related to PKI in fact), so progress on the notes is a bit slow... but I'll do my best.

I've begun writing some solutions, but currently I provide them only to students in my course in UConn (after they submitted their solutions), and don't yet add them to the notes. I will add them to the notes - once I'm satisfied with the total number of exercises, at that point, they can become useful examples for people to try to solve on their own and learn from the solutions later. But currently I feel there simply aren't enough exercises to do that - I want there to be enough exercises to allow giving them in homeworks, exams etc.

That said, instructors who use the notes can write to me and I can send them the solution, for their own use and for distributing to students after students submitted.

Finally, the term is almost over here; I hope during the summer to make significant progress with the Foundations, mainly, get the 2nd part to reasonable usable shape.

updated drafts for both parts - mostly, some new exercises in part II (Network Security)

Added early draft of part II of Foundations of Cybersecurity, focusing on Network Security.

You can use it to get some idea of my directions - and also to see some serious exercises (and tiny bit of contents).

I also upload some of the lectures - TCP/IP/DNS/LAN security and the `basic network security' (scanning, FW, IDS). Will add more `soon'.

I've uploaded new version of the lecture notes with few additional exercises and text, mainly in the (yet mostly not completed) PKI chapter. I'm now mostly focusing on part II, network security, so it would probably be a bit more time until I update the first part. But if you'll email me with issues or requests (for clarifications, fixes, etc.), I'll try to oblige. As always: feedback appreciated.

Preprint Foundations of Cybersecurity, volume I: An Applied Introduct...

Presentation Introduction to cybersecurity, part I - applied crypto; lect...

Presentation Lecture set 9 - Phishing and Usable Security

Uploaded new version with few corrections and few more exercises (Nov. 16)

I've uploaded the text, now will upload the lectures. As usual: comments, corrections and questions welcome! (questions to me - or questions to add...)

Next task would be PKI and then usability.... and then I'll probably move to part II - network security. Although, of course, much work remains in this part too!

I've uploaded new version of the notes. Main changes:

- Chapter 6 (crypto hash) mostly done,

- and some beginning in chapter 7 (TLS/SSL)

I hope to complete chapter 7 soon (and then move to chapter 8, PKI).

Comments appreciated!

Note: we have few available positions - from grad students to post-docs and even to associate or full professor with significant endowment (chair). Contact me for information; for the professor position, see details at: https://academicjobsonline.org/ajo/jobs/12084

hope to complete that chapter soon!

Prof. Bing Wang and myself were awarded NSF CICI project for `Robust and Secure Internet Infrastructure for Scientific Collaboration'. Project begins Sept.1st! Our main focus is Internet inter-domain routing security - mainly, deploying/improving RPKI and using it for anti-DoS mechanisms. Excellent PhD students and postdocs - please contact me. There are also opportunities in other areas of cybersecurity, mainly secure-networking, secure cyber-physical systerms (esp. power), applied crypto and secure usability. 

uploaded new version of notes (mainly completed chapter 5, PKC), and new versions of presentations (1 - encryption, 4&5 - PKC). Hope to have more updates soon... Feedback welcome.

I have added to this `lecture notes project', the lecture sets (1 to 7) for the course `introduction to cybersecurity', as power-point presentations. Feel welcome to use them in learning or teaching; please retain my credentials, and encourage students to read and provide feedback on the presentations and notes. Corrections, comments, suggestions on the lecture and on the notes would be appreciated, as well as contributions of more exercises and/or solution. Thanks!

I'm afraid not much progress recently due to personal and work pressures, I hope to have better progress over the summer :)

enclosed - questions, comments and suggestions welcome

I have been too busy recently for much progress... Uploaded version with some updates - mainly added several exercises and solutions, some text. Hope to make more progress `soon' ... comments welcome.