Understanding and Securing TLS

Background Preparation

· by David Evans

Here are some suggestions for getting the necessary background for the seminar.

Cryptography

If you have already taken a cryptography course, you should have enough cryptography background already. If not, here are some suggested ways to get enough crypo background over winter break to be ready for the seminar. I believe that for most students, the best way to get the expected background for this course is to take my Applied Cryptography course (more info below), but there are many options, and lots of great resources that go into much more depth than my course if you have more time.

On-Line Courses

Udacity cs387: Applied Cryptography - this is an open on-line course that you can take anytime taught by myself (so I am somewhat partial to it!). There are some additional materials for the course available, including extensive course notes (PDF) created by Daniel Winter. This is a very short and informal introduction to cryptography, which would be enough background to be prepared for the seminar. (I can’t give an unbiased assessment of the course, but according to Information Week, it is a recommended course to “Pump Up IT Careers”, and Prospect Magazine claimed the instructor has a “Monty Python humor” and “cult following”, although you shouldn’t believe everything you read in British magazines.)

Dan Boneh’s Cryptography Course (offered through Coursera). The materials from previous courses are not available (although you may be able to find them if you are resourceful), so you have to take the course when it is offered by Coursera. There is a session starting December 26. This is an excellent course that is a bit longer and goes into more depth on many topics than my course. You can read Bryan Pendleton’s more objective comparison.

Christoff Parr and Jan Pelzl’s Understanding Cryptography textbook includes Parr’s excellent video lectures (chalkboard style without editing, so takes some patience to watch).

Textbooks

Crypto 101 - a very easy to read and practically-focused introduction to cryptography (available as a free, creative-commons licensed PDF).

Introduction to Modern Cryptography, Jonathan Katz and Yehuda Lindell. This provides a lot more depth that is required for joining the seminar, but is an excellent book for ambitious students with more time.

Computing Systems

Students in the class will benefit from understanding computing systems and having experience with systems-level programming at least at the level of a typical introductory operating systems course. Students without this experience will either need to put a lot of effort into learning it, or select projects and presentation topics that focus on other aspects.

Some resources for learning about computing systems are below.

“Hack the Kernel” - Operating Systems class developed by Geoffrey Challen. Provides programming assignments you can try on your own, as well as video lectures and lots of on-line materials.

cs4414: Operating Systems - Operating systems course I taught in Fall 2013 and Spring 2014. Includes videos of lectures, and programming assignments in Rust (some of which will need some updating to work in the latest version of Rust).

CMU’s Computing Systems course and textbook by Randal Bryant and David O’Hallaron provides an excellent introduction to systems programming, as well as a series of fun self-study labs.

Rust Programming

I’m hoping several of the projects will involve contribution to open source projects using Rust to provide secure, efficient, and iter-operable implementations of TLS and other cryptographic functionalities. It is not a requirement that you use Rust in this class, but everyone will be encouraged to get some experience with it.

Rust Programming Language Book (this is the “official” Rust book, which includes a tutorial to get started)

Rust Tutorial (this was developed for my cs4414 class by Alex Lamana, Rob Michaels, and Wil Thomason. (Some parts may need updating to latest version of Rust, so if you go through this, please submit updates as pull requests!)

Rust by Example