Course: 2020/2021

Techniques of information hiding

(16348)

Students are expected to have completed

Mathematics, Statistics and Computer Science from Module I (basic training), and Statistics from Module III (foundations of engineering).

ObjectivesFurther information on this link

The skills that the student is expected to acquire are as follows:
- Identify the security objectives and the vulnerabilities, threats and risks of a given information system in a defined operational environment. Analyze the possible security measures to be used in it.
- Evaluate the security services to be implemented in a given system and design and apply the consequent mechanisms and protocols.
- Evaluate for a given system the existing encryption and steganographic tools to protect it.
- Use the signature and certification systems in a given environment. Evaluate and apply the relevant authentication mechanisms to access a specific system.
- Designing a security plan, developing the different parts of it, evaluating its compliance over time and correcting deviations. Analyze and manage the risks of a given installation.
- Prepare a comprehensive recovery plan for a real installation. Performing a compliance audit of files and systems containing personal data.
- Use the instruments that allow the control of the operating systems, mainly Windows and Linux.
- Manage the main techniques of collection, identification and analysis of events, ensuring the assurance of evidence and preserving the chain of custody of them. Evaluate and manage secure deletion and data recovery systems.
- Implement databases on a management system. Evaluate and use the different techniques that integrate data mining: analysis techniques and model extraction.
It is necessary to achieve the learning results summarized below:
OBJECTIVES
The student must recognize the current importance of information concealment techniques, in particular cryptography and steganography, as well as the technologies that allow their treatment, their weaknesses and the threats they face. In order to achieve these objectives, the student must acquire a range of knowledge, skills and attitudes as detailed below.
KNOWLEDGE
At the end of the course, the student should be able to:
- Know the classic cryptographic and steganographic systems and the reasons for their insecurity.
- Know the mathematical foundations of modern cryptography and steganography, as well as the techniques to analyze their security: cryptanalysis and steganography, respectively.
- Master the main cryptosystems and the current encryption algorithms.
- Know the signature and verification systems based on public key
- Know the problems associated with password management and its various solutions.
CAPACITIES
As regards capacities, they can be broken down into specific and generic (skills).
Concerning specific skills, the learner will be able to
- Solve problems of number theory in its application to cryptography. (P.O.: a)
- Recognize the advantages, disadvantages and uses of secret and public-key systems. (P.O.: a, c)
- Sign and verify in different environments, detecting possible attacks (P.O.: a, c)
- Identify methods for hiding information in different media (P.O.: a, c)
As for the general capacities or skills, during the course they will be worked on:
- The ability to find and select relevant information to solve a specific problem. (P.O.: a, b)
- The ability to apply multidisciplinary knowledge to the resolution of a given problem. (P.O.: a, c, e, g)
- The ability to investigate a particular cryptosystem or steganosystem in a given environment and find its vulnerabilities and threats. (P.O.: a, b)
As far as attitudes are concerned, the student after taking the course should have
- A critical attitude towards the security offered by particular encryption or information concealment system, in a given environment and given risks. (P.O.: i)
- A suspicious attitude towards the security supposed by the information hiding systems implemented in the systems. (P.O.: i)

Description of contents: programme

1. Information Security Concepts
1.1. Information Security Goals
1.2. Vulnerabilities, Risks, and Attacks
1.3. Security Measures and Mechanisms
1.4. Cryptologia
1.5. Secure Channels
2. Mathematical and Information Theoretic Foundations
2.1. Number Systems
2.2. Logic Operations with Binary Variables
2.3. Information Theory
2.4. Modular Arithmetic
3. Classic Ciphers
3.1. Monoalphabetic Ciphers
3.2. Polyalphabetic Ciphers
3.3. Polygraphic Ciphers
3.4. Transposition Ciphers
3.5. Rotor Machines
4. Symmetric Ciphers: Stream Ciphers
4.1. Perfect Secrecy: The Vernam Cipher (OTP)
4.2. Pseudorandom Sequence Generators
4.3. Linear Generators: LFSRs
4.4. The A5/1 Cipher
4.5. The RC4 Cipher
5. Symmetric Ciphers: Block Ciphers
5.1. Feistel Networks
5.2. Sustitution-Permutation Networks
5.3. The AES Cipher
5.4. Operation Modes
6. Hash Functions and MAC
6.1. Cryptographic Hash Functions
6.2. The Merkle-Daamgard Construction
6.3. Block Cipher-based Constructions
6.4. The SHA Family
6.5. Message Authentication Codes (MAC)
7. Asymmetric Ciphers
7.1. Diffie-Hellman Key Exchange Protocol
7.2. Assymetric Encryption and Signing Algorithms
7.3. RSA
7.4. Other Public-key Cryptosystems
8. Steganography
8.1. Classic Steganography
8.2. Modern Steganography
8.3. Steganography in Images
8.4. Steganography in Other Media
8.5. Steganalysis

Learning activities and methodology

Teaching methodology includes:
(1) Lectures (2,5 ECTS). The lecturer will present a summary of the concepts that students must acquire. The student is expected to actively participate during lectures. To facilitate learning, students will receive learning materials (slides, references, basic text, and complementary material) through the web system. Students will read and study this material (student work). (P.O.: a, c, g, i)
(2) Problems (2,5 ECTS). The student, guided by the lecturer during problem-solving lectures, will solve exercises that serve to apply acquired concepts. Students will solve additional problems during their study time (student work). (P.O.: a, c, g, i)
(3) Laboratories (1,0 ECTS). They will take place in a computer room. The student will learn the use of cryptographic and steganographic tools. Instructions on how to solve the lab questions will be published. There will be sessions in which a lecturer will give support to students to complete the lab sessions. Students are expected to complete all required tasks in their study time (student work). (P.O.: a, b, c, e, g, i)
Due to the uncertainty about the teaching format to which the health circumstances will lead us during the next course, it is expected to start in the semi-attendance mode and may lead to training 100% classroom or 100% online depending on the evolution of the spread or control of the pandemic and the health and hygiene standards dictated by the authorities of the sector.

Assessment System

- % end-of-term-examination 55
- % of continuous assessment (assigments, laboratory, practicals...) 45

Basic Bibliography

- Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press. 1996
- Juan Tapiador, Pedro Peris López. Criptografía y Ocultación de la Información. Centro Universitario de la Guardia Civil. 2015

- Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone · Handbook of Applied Cryptography : http://cacr.uwaterloo.ca/hac/

(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN