'''Course Introduction'''
* Course Introduction [[media:cs-465:course_introduction_fall_2017.pdf | pdf]] 

'''Applied Cryptography'''
* Termionology [[media:cs-465:Terminology.pdf| pdf]] [[media:cs-465:Terminology.pptx| pptx]]

* Cryptography Introduction [[media:cs-465:Cryptography_Introduction.pdf| pdf]] [[media:cs-465:Cryptography_Introduction.pptx| pptx]]
** https://en.wikipedia.org/wiki/History_of_cryptography
** http://en.wikipedia.org/wiki/Symmetric-key_algorithm
** [http://en.wikipedia.org/wiki/Block_cipher Block Cipher]

* AES [[media:cs-465:AES.pdf|pdf]] [[media:cs-465:AES.pptx|pptx]]
** [http://students.cs.byu.edu/~cs465ta/labs/fips-197.pdf FIPS 197]
** http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
** Watch an [http://students.cs.byu.edu/~cs465ta/lectures/rijndael_ingles2004.swf AES flash demo] in your web browser
** Stick Figure [http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html Guide] to AES [http://www.moserware.com/assets/stick-figure-guide-to-advanced/A%20Stick%20Figure%20Guide%20to%20the%20Advanced%20Encryption%20Standard%20%28AES%29.pdf pdf version] [http://www.moserware.com/assets/stick-figure-guide-to-advanced/A%20Stick%20Figure%20Guide%20to%20the%20Advanced%20Encryption%20Standard%20%28AES%29.pptx pptx version]
** AES ff_mult [http://docs.google.com/presentation/d/13vkvFGAOcujmaiWLPLdw0gdQE-5psRy2x2pbb98kXHk examples]

* Block Cipher Modes and Padding [[media:cs-465:BlockCipherModes.pdf|pdf]]  [[media:cs-465:BlockCipherModes.pptx|pptx]]
** [https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation block modes]
** [http://www.di-mgt.com.au/cryptopad.html Padding]

* Feistel Model [[Media:cs-465:FeistelModel.pdf|pdf]] [[Media:cs-465:FeistelModel.pptx|pptx]]
** [http://en.wikipedia.org/wiki/Feistel_cipher Feistel Cipher]
** Use an inductive proof to show that the model works

* Cryptographic Hash Function [[media:cs-465:Hash.pdf| pdf]] [[media:cs-465:Hash.pptx| pptx]]
** [http://en.wikipedia.org/wiki/Cryptographic_hash_function Cryptographic Hash Function]
** [http://en.wikipedia.org/wiki/Hash_function Hash Function]
** [http://en.wikipedia.org/wiki/Birthday_attack Birthday Attack]
** [http://en.wikipedia.org/wiki/NIST_hash_function_competition SHA-3]
** [http://csrc.nist.gov/groups/ST/hash/index.html NIST Hash Project]
** [https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html Chinese researchers find first SHA-1 collision 2005]
** [https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html Google announces practical collsion SHA-1, Feb 2017]

* MAC [[media:cs-465:MAC.pdf|pdf]] [[media:cs-465:MAC.pptx|pptx]]
** [http://en.wikipedia.org/wiki/HMAC HMAC]
** [http://en.wikipedia.org/wiki/Length_extension_attack Length Extension Attack]
** [https://blog.whitehatsec.com/hash-length-extension-attacks/ Hash Length Extension Attacks]
** [http://netifera.com/research/flickr_api_signature_forgery.pdf Flickr Extension Attack]

* DH [[media:cs-465:DH.pdf|pdf]] [[media:cs-465:DH.pptx|pptx]]
** [http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange Diffie-Hellman Key Exchange]
** [http://mathworld.wolfram.com/Diffie-HellmanProtocol.html Diffie-Hellman Protocol]
** How does Mallory conduct a Man-in-the-Middle attack?

* RSA [[Media:cs-465:RSA.pdf|pdf]] [[Media:cs-465:RSA.pptx|pptx]]
** [http://en.wikipedia.org/wiki/RSA_(algorithm) RSA]

* Digital Signatures  [[Media:cs-465:DigitalSignatures.pdf|pdf]] [[Media:cs-465:DigitalSignatures.pptx|pptx]]  
** [http://www.thoughtcrime.org/blog/the-cryptographic-doom-principle/ cryptographic doom] 
** [http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html sign-and-encrypt]  
** [http://crypto.stackexchange.com/questions/5458/should-we-sign-then-encrypt-or-encrypt-then-sign   order of sign versus encrypt]  
** [http://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac order of mac versus encrypt]

* Certificates  [[Media:cs-465:Certificates.pdf|pdf]] [[Media:cs-465:Certificates.pptx|pptx]]
** [http://en.wikipedia.org/wiki/Public-key_infrastructure PKI]
** [http://en.wikipedia.org/wiki/Trusted_third_party Trusted Third Party]
*** [http://en.wikipedia.org/wiki/DigiNotar DigiNotar attack]
*** [https://en.wikipedia.org/wiki/Verisign#Controversies Verisign Attack 2001]

'''Authentication'''

* Transport Layer Security (TLS) [[Media:cs-465:TLS.pdf|pdf]] [[Media:cs-465:TLS.pptx|pptx]]
** [http://en.wikipedia.org/wiki/Transport_Layer_Security TLS] (see handshake description)
** [https://docs.google.com/document/d/1C85G1FQjeE693p9ShNSFOdyW7yg1udRxkj9okmOamjc/edit?usp=sharing EXAMPLE] TLS cipher name example

* Passwords  [[Media:cs-465:Passwords.pdf|pdf]] [[Media:cs-465:Passwords.pptx|pptx]] 
** [http://bit.ly/1HAMls7 Beyond passwords - Multifactor auth, pasword vaults, single signon]
** [http://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking/ How the Bible and Youtube are Fueling the Next Frontier of Password Cracking]
** [http://www.nytimes.com/2012/11/08/technology/personaltech/how-to-devise-passwords-that-drive-hackers-away.html How to Devise Passwords that Drive Hackers Away]
** [http://en.wikipedia.org/wiki/PBKDF2 PBKDF2]

'''Software Security'''

* Buffer Overflow Attacks [[Media:cs-465:Buffer_Overflow.pdf|pdf]]  [[Media:cs-465:Buffer_Overflow.pptx|pptx]]
** [http://www.cs.wright.edu/people/faculty/tkprasad/courses/cs781/alephOne.html Smashing the Stack for Fun and Profit]
** [http://en.wikipedia.org/wiki/Buffer_overflow_protection Buffer Overflow Protection]
** [http://www.phrack.com/issues.html?issue=56&id=5 Bypassing StackGuard] - Phrack article explaining weakness that led to XOR canary
** [https://docs.google.com/presentation/d/1FnqqExqirZTQYsI3kN_74OfyiQKBoIsNShXk2ApcNrI/edit?usp=sharing Stack Frame Layout]

* Secure Email [[Media:cs-465:Secure_Email.pdf|pdf]] [[Media:cs-465:Secure_Email.pptx|pptx]]

* Social Engineering  [[Media:cs-465:Social_Engineering.pdf|pdf]] [[Media:cs-465:Social_Engineering.pptx|pptx]]
** [https://www.forbes.com/sites/laurashin/2017/01/04/be-prepared-the-top-social-engineering-scams-of-2017/#41a335ce7fec Top Social Engineering Scams of 2017]
** [https://www.forbes.com/sites/laurashin/2017/01/04/7-ways-to-make-yourself-hack-proof/#41a402552b54 Ways to Make Yourself Hack Proof]