Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2...

29
1 Universités de Grenoble, France INSTITUT NATIONAL POLYTECHNIQUE DE GRENOBLE École Nationale Supérieure d’Informatique et de Mathématiques Appliquées UNIVERSITE JOSEPH FOURIER, GRENOBLE UFR Informatique, Mathématiques Master program Security and Cryptology of Information Systems Context and objective With the increasing externalization of corporation and organization in a global multimedia and interconnected world, Security of Information Systems and integration of data protection technologies are among the most critical issues, from private life protection to company survivability and protection of their funds. Yet, Security of Information Systems is an active field of research. Especially, within the Grenoble Universities, the Grenoble techno pole gathers experts in computer science, mathematics and electronics from both INPG (Institut National Polytechnique de Grenoble) and UJF (Université Joseph Fourier). Both are leading institutions, involved together at an international level on the field of information systems and security. Based on its excellence and reputation as the first French “Grande Ecole d’Ingénieur” in computer science and applied mathematics, the ENSIMAG proposes a graduate program on the engineering of secure information systems and embedded circuit design. Within the Master “Mathématiques, Informatique”, this two year program leads to the title Master in Cryptology, Security and Coding of Information SystemsJointly delivered by the INPG and UJF institutions. The objective is to graduate 38 students, within three promotions, The first promotion (about 12 students) will attend the Master from 2007, January till graduation in 2008, September; the second one from 2008, January till graduation in 2009, September; and the last one from 2009, January till graduation in 2010. General description The Master is a two year program, including both an academic part and an individual Master thesis. The academic part, taught in Grenoble, includes both courses and projects generally performed in small teams with two to four students: o Common core courses in information systems : o Optional courses with advanced specialization in one of the following fields advanced engineering in information systems ; cryptology : advanced protocols and attacks; embedded circuit synthesis and crypto-processors. The Master thesis consists in an individual work performed in the framework of C-S Corporation, with supervision of a professor from Grenoble.

Transcript of Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2...

Page 1: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

1

Universités de Grenoble, France

INSTITUT NATIONAL POLYTECHNIQUE DE GRENOBLE École Nationale Supérieure d’Informatique

et de Mathématiques Appliquées

UNIVERSITE JOSEPH FOURIER, GRENOBLE UFR Informatique, Mathématiques

Master program

Security and Cryptology of Information Systems

Context and objective With the increasing externalization of corporation and organization in a global multimedia and interconnected world, Security of Information Systems and integration of data protection technologies are among the most critical issues, from private life protection to company survivability and protection of their funds. Yet, Security of Information Systems is an active field of research. Especially, within the Grenoble Universities, the Grenoble techno pole gathers experts in computer science, mathematics and electronics from both INPG (Institut National Polytechnique de Grenoble) and UJF (Université Joseph Fourier). Both are leading institutions, involved together at an international level on the field of information systems and security. Based on its excellence and reputation as the first French “Grande Ecole d’Ingénieur” in computer science and applied mathematics, the ENSIMAG proposes a graduate program on the engineering of secure information systems and embedded circuit design. Within the Master “Mathématiques, Informatique”, this two year program leads to the title

“Master in Cryptology, Security and Coding of Information Systems” Jointly delivered by the INPG and UJF institutions. The objective is to graduate 38 students, within three promotions, The first promotion (about 12 students) will attend the Master from 2007, January till graduation in 2008, September; the second one from 2008, January till graduation in 2009, September; and the last one from 2009, January till graduation in 2010.

General description The Master is a two year program, including both an academic part and an individual Master thesis.

• The academic part, taught in Grenoble, includes both courses and projects generally performed in small teams with two to four students:

o Common core courses in information systems : o Optional courses with advanced specialization in one of the following fields

advanced engineering in information systems ; cryptology : advanced protocols and attacks; embedded circuit synthesis and crypto-processors.

• The Master thesis consists in an individual work performed in the framework of C-S Corporation, with supervision of a professor from Grenoble.

Page 2: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

2

Selection of candidates Students are selected and admitted to the Master curriculum based on their academic records, language skills, motivation and a judgment of their ability to successfully complete the Master program. Based on the application package, the selection is carried out in two stages :

a first pre-selection based on the academic results and recommendations; a final selection based on interviews of pre-selected students.

To be admitted to the program, candidates shall have previously completed their undergraduate studies and been awarded of a Bachelor degree in either Science (BSc) or Engineering (BEng) that includes courses in computing and solid practice in programming. Applications of candidates with bachelor in Computer Science or Computer Engineering will be preferably considered. Skills in algebra are also requested for those that will take the optional courses on advanced cryptology. Admission of students is always at the discretion of the ENSIMAG which may require that the student attend additional courses in order to qualify for the Master degree.

Teaching organisation and pedagogy Teaching is organized through lectures, exercise classes, laboratory training. All the lectures, classes and materials are provided in English. Most of these are directly devoted to these students due to language and calendar constraints. As often as applicable teaching will be made in common with the regular students of this master program. Theory and concepts will be implemented practically during projects lasting several weeks and ran by student groups of 2 to 4 persons, depending on the rule of the project. Special tutoring will be provided with teaching assistants offering support for individual explanations or assistance for homework. About prerequisites The aim of the first semester is to introduce information systems and cryptography, providing to students all prerequisites for the second semester courses. This first semester includes only common core courses on the foundations of cryptography and algorithmic, systems and databases, networks and architecture. Individual training sessions will be organized when needed to ensure that most students will acquire those prerequisites. This semester is completed by an intensive project to enhance experience in programming; depending on his skills, each student may choose a project focusing on a specific point in cryptography or software engineering among a list of proposed projects.

Requirements for the Master degree Once accepted to the program, the rule to obtain the Master degree is the following:

- All modules should be validated with an ECTS grade A, B, C, D or E (corresponding generally to a mark greater than 7 for any module)

- to be admitted in the second semester, a student shall obtain a global average mark of 12 /20 after the second exam session at the end of the first semester.

- At the end of the second semester, a student shall obtain an average mark of at least 10/20. - At the end of the project a student shall obtain a mark larger than 10/20.If all these requirements are

fulfilled within two academic years, the student will be awarded a Master degree “Cryptology, Security and coding of Information”, delivered by Universités de Grenoble (INPG, UJF).

If at the end of a semester, a student does not fulfil the requirements, he may be authorized by the Master jury to repass this semester. In any cases, to obtain the Master degree, all semesters shall be validated in at most 3 years.

Page 3: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

3

MASTER-2 PROGRAM

A. Common core module (18 ECTS) • Cryptology and Security (15 ECTS)

o Security models, protocols and certification (6 ECTS) (60+30=90h) Professors: Jean Louis Roch, Pascal Lafourcade, Florent Autréau

o Symmetric and asymmetric cryptology; PKI Architectures (6ECTS) (60+30 = 90h) Professors: Jean-Guillaume Dumas, Philippe Elbaz-Vincent, Roland Gillard

o System administration and network security (3 ECTS) (30h+15h=45h) Professors: Michaël Marchand, Gérard Vinel, Frédéric Wagner

• Report on industrial talks (in English) (3 ECTS) B. Elective module (12 ECTS) Each student chooses one elective module between the two following:

• Module 1: Security of information systems and infrastructures (12ECTS, Informatics) o Advanced security of systems and networks (3 ECTS) (30+15=45h)

Professors: Yves Denneulin, Claude Castellucia o Hardware and Embedded Systems Security (3 ECTS) (30+15 = 45h)

Professors: Régis Leveugle o Distributed systems and applications; fault tolerance (3 ECTS) (30h+15h=45h)

Professors: Vivien Quéma o Project: Deployment of a secured grid infrastructure (3 ECTS) (30h)

Professors: Yves Denneulin, Frédéric Wagner • Module 2: Cryptology, coding and multimedia applications (12 ECTS, Mathematics)

o Advanced cryptology: elliptic curves, cryptanalysis (6 ECTS) (60+30=90h) Professors: Franck Leprévost, Roland Gillard, Alexei Pantchichkine

o Multimedia applications (3 ECTS) (30+15=45h) Professors : Patrick Bas, François Cayre, Touradj Ebrahimi

o Coding and fault tolerance (3 ECTS) (30h+15h=45h) Professors: Jean-Marc Brossier, Alexei Pantchichkine, Jean-Louis Roch

C. Elective unit (3 ECTS) Each student chooses one unit between the two following:

o Audit and norms in security – Smart card security (3 ECTS) (45+15=60h) Professors: Florent Autréau, Cécile Canovas, Marie-Laure Potet

o New trends in cryptology: biometry, quantum and pair wise (3ECTS) (30+15=45h) Professors: Pablo Arrighi, Philippe Elbaz-Vincent, Roland Gillard, Jean-François Mainguet

D. Information Systems Engineering (10 ECTS complement to M1 program) o Information Systems: conception, evaluation, performance

Professors: Pascal Clouaire o Distributed databases and service mediation

Professors: Christine Collet, Claudia Roncancio

E. Individual Master project, performed in a company or a research lab (27 ECTS)

Page 4: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

4

Master 2M CSCIS 2007-2008 WEEKS DAYS OBSERVATIONS

N° from to Mo Tu We Th Fr

1nd bimester 38 17-September 21-September IL + C C C C C IL - introductory lecture 39 24-September 28-September C C C C C Courses 40 01-October 05-October C C C C C 41 08-October 12-October C C C C C 42 15-October 19-October C C C C C 43 22-October 26-October C C C C C 44 29-October 02-November H H H H H Toussaint Holidays 45 05-November 09-November C C C C C 46 12-November 16-November C C C C C 47 19-November 23-November C C C C C 48 26-November 30-November C C C C C 49 03-December 07-December E E E E E Exams

2nd bimester 50 10-December 14-December C C C C C 51 17-December 21-December C C C C C 52 24-December 28-December H H H H H New Year Holidays 1 31-December 04-January H H H H H 2 07-January 11-January C C C C C 3 14-January 18-January C C C C C 4 21-January 25-January C C C C C 5 28-January 01-February C C C C C 6 04-February 08-February C C C C C 7 11-February 15-February C CU C C C CU - Catch up slot 8 18-February 22-February H H H H H Winter Holidays 9 25-February 29-February C C C C C

10 03-March 07-March C C C C C 11 10-March 14-March E E E E E Exams 12 17-March 21-March C C C C C 13 24-March 28-March H C C C C Easter 24th Holiday

TOTAL WEEKS 21 21 22 22 22

MASTER THESIS 14 31-March 04-April E MT MT MT MT Master Thesis

until : 26 - September 2008

Page 5: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

5

Academic rules - Masters programme

Approved by CEVU opinion dated 24th May 2007

These rules apply as from the start of academic year 2007/2008 These academic rules are part of the national regulatory framework set in place by the following texts: − Decree no. 2002-481 dated 8th April 2002 on academic degrees and national qualifications, − Decree no. 2002-482 dated 8th April 2002, applying the planned European Higher Education Area to the

French higher education system, − Order dated 25th April 2002 on the national Masters degree. Foreword Article 1 The "Diplôme National Master" (shortened to Masters) is the second academic level under the

"Licence, Master, Doctorat" (LMD) scheme newly implemented by French universities. The Masters programme usually runs over two academic years, hereinafter referred to as M1 and M2, and corresponds to 120 ECTS credits.

The M2 year offers two options:

− a research pathway - M2R - (formally DEA), which prepares students to continue research with a doctoral thesis,

− a professional pathway - M2P - (formally DESS), with high level scientific and technical specialisation, focusing on professional and business opportunities.

Each pathway, M2R or M2P may have a range of Masters specialities.

Article 2 The academic year consist of two semesters. The word "level" here refers to a successfully completed semester in which (approximately) 30 ECTS credits are achieved. Each level comprises a certain number of course modules.

A Masters programme hence comprises four levels: levels 1 and 2 in the first year (M1); levels 3

and 4 in the second year (M2). Article 3 The Institut National Polytechnique de Grenoble, under its four-year contract, offers M2 courses

(M2R or M2P) worth 60 ECTS credits which lead to an INP Grenoble Research or Professional Masters degree.

Article 4 Students are made aware of these framework rules and the specific Masters examination rules at

the time of enrolment and, at the latest, within the first month of teaching. Article 5 The Masters degree award refers to the student's subject area, the Masters field within said

discipline and the speciality successfully studied by the student.

Page 6: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

6

Article 6 The Collège des Masters et Études Doctorales (CMED) is responsible for educational and administrative coordination of Masters programmes at INP Grenoble.

Each Masters field is managed by a Masters course director. Within each Masters field, each

speciality is managed by a speciality course director. Admission Article 7 The director of the Collège des Masters et Études Doctorales is responsible for admissions, by

delegation from the Chairman of the INP Grenoble. An admissions board comprising teaching staff working in the speciality selects candidates on the basis of their academic achievements, the match between their previous programmes and the speciality requested and the facility’s capacity. Admission is proposed by the Masters course director and, where applicable, approved by the Commission de Validation des Acquis Académiques (CVAA).

Article 8 M2 admission requires validation of an M1 year or a Masters or engineering degree recognised

by the Commission des Titres d'Ingénieurs (CTI). Other French and foreign degrees which are at least equal to M1 level, are subject to the CVAA's opinion.

Article 9 Students from CTI-recognised Engineering schools in their last year of study may enrol in a

double-curriculum M2R course subject to the permission of their school's director and a favourable opinion a the course director in the chosen speciality.

Article 10 Students must enrol before the closing date specified each year by INP Grenoble. Academic organisation Article 11 M2 programmes are organised over one academic year. In exceptional cases, as agreed by the

director of the Collège des Masters et Études Doctorales on the basis of the college's opinion, a student may take a M2 course over two years.

M2 students with a regular professional activity are entitled to extend their course over two years upon presentation of proof from their employer.

Article 12 Courses "levels" are organised on a semester basis.

The final level (level four) includes a research (M2R) or professional (M2P) internship of at least four months.

Article 13 In agreement with the speciality course director, the course programme for a level may be adapted for a given student in accordance with prior studies and his/her professional plans.

A full level may be validated on the basis of the student's previous studies, subject to CMED agreement, on the basis of the speciality course director's proposal.

Article 14 Any student failing to validate an M2 level may apply to re-enrol. In this case, a new application

is made and examined in accordance with Article 7. Article 15 During their course, students may take leave from study in the occurrence of an unforeseen event

(in particular illness or maternity). Leave from studies is granted by the Chairman of the INP Grenoble, based on the proposal of the

speciality course director, following opinion from CMED.

Page 7: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

7

Testing Article 16 The type of testing is left to the teaching fellow's discretion, in accordance with the speciality

course director. Each course module must include at least one test. Article 17 Examination rules for each Masters field specify the test methods and the credits accruing to

each course module and speciality (mandatory modules, optional modules, bonus modules). Examination committees Article 18 A "level" committee comprises the speciality course director and members of the teaching staff

for that level. The "level" committee meets at the end of the semester to decide whether to validate the level for each student.

Article 19 Specific committees are formed for each speciality, comprising the speciality course director

and/or speciality teaching staff. This committee examines results from level three and four for each student and makes a proposal to the degree committee.

Article 20 A degree committee is formed for each Masters field, comprising the Masters course director,

speciality course director and a representative of the doctoral school associated with the Masters course.

The degree committee meets to award the Masters degree on the basis of proposals made by the speciality committee. It meets at the end of the year, once after the first exam sittings and a second time after the resits. If required, the degree committee can also meet at the end of the first semester.

Exam rules Article 21 A course module is validated if the weighted average of the grades achieved for said module is

greater than or equal to ten. Any module validated is awarded on an irrevocable basis.

A Masters "level" is awarded if all course modules are validated for that level. If not, the intra-level trading mechanism can be applied and the level is awarded if the weighted average of modules is greater than or equal to ten for that level. Trading automatically occurs only if all course module grades are greater than or equal to 7/20, otherwise the committee decides whether or not apply the trading mechanism.

Article 22 Resits are organised on an annual basis for students who fail to validate a level. The level committee will suggest to each student affected a list of resit exams.

Students may decide not to apply the intra-level trading system and ask to resit one or more of the tests. This request must be made to the speciality course director within the prescribed time period. Marks achieved in resits are taken into account in calculating the course module result, as provided for in the specific exam rules for each Masters field. No retakes are organised for the research or professional internship.

Page 8: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

8

Article 23 Levels three and four must be validated in order for the Masters degree and the 20 ECTS credits for M2 to be awarded. No trading is allowed between modules in level three and those in level four.

Article 24 All examining committees are autonomous and may decide to grant discretionary "committee

points". At the end of a course, the degree committee may, quite apart from the trading schemes described above, reconsider the student's whole academic career and grant 120 ECTS for the whole Masters course, even if all levels were not awarded.

Article 25 Following the degree committee's deliberation, the Masters is awarded with a comment,

determined the overall weighted average from the M2 year (mark out of 20): 10 ≤ average < 12 : PASSABLE (PASS) 12 ≤ average < 14 : ASSEZ BIEN (MERIT) 14 ≤ average < 16 : BIEN (COMMENDATION) 16 ≤ average : TRÈS BIEN (DISTINCTION) Degree award Article 26 Award of the Masters degree depends on ability in at least one modern foreign language. For

non French-speaking students, French is deemed a foreign language. Article 27 Students may request a mark transcript. Transcripts specify the degree field and speciality and,

for each course module, the marks achieved according to the institution's specific mark scheme, and the ECTS marks based on the student's position with respect to other students on the same course (see appendix below).

Appendix: ECTS marking scale ECTS Mark % of students Definition A 10 EXCELLENT

-Outstanding result, with very few inadequacies B 25 VERY GOOD

- Above-average result, despite some inadequacies C 30 GOOD

- Generally good work, despite some notable inadequacies D 25 SATISFACTORY

- Good effort, but with significant gaps in knowledge E 10 PASS

- The result meets minimum standards F - FAIL

- Further work required for award of a credit

Page 9: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

9

General discipline Within the institution or during internships or visits, students must behave properly towards teaching, administrative, technical or other service staff and in general, towards all other people. At the end of their course, students must not have any items outstanding with the academic libraries from which books or other works have been borrowed. The Board of Directors of the INP Grenoble has disciplinary powers over students, represented by its disciplinary hearings, according to the provisions in Decree 92-657 dated 13th July 1992 (as amended). In particular, any fraud or attempt to commit fraud during any test or exam, or failure to comply with the rules for use of the IT and computer equipment, are subject to the opinion of the Board of Directors' disciplinary hearings. Sanctions incurred may range from a simple warning to definitive exclusion from all French higher education institutions. In the event of extended unjustified absences, the academic secretariat sends a first warning to the student. If no response is received, official notice is sent with acknowledgement of receipt, specifying a reply deadline. After expiry of this deadline, the Chairman of the INP Grenoble advises its students of their automatic exclusion from the course.

Page 10: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

10

?KQNOA PA=I Security models, protocols and certification [email protected] , [email protected] [email protected] Symmetric and asymmetric cryptology ; PKI architectures [email protected], [email protected] [email protected] System administration and networks security [email protected], [email protected] [email protected] Advanced security of systems and networks [email protected], [email protected] Hardware and Embedded Systems Security [email protected] , [email protected] Distributed systems and applications; fault tolerance [email protected], [email protected] Project :Deployment of a secured grid infrastructure [email protected], [email protected] Advanced cryptology : elliptic curves, cryptanalysis [email protected] , [email protected] [email protected] Multimedia applications [email protected] , [email protected] [email protected] Coding and fault tolerance [email protected] , [email protected] [email protected] Audit and norms in security [email protected] , [email protected] [email protected] New trends in cryptology : biometrics, quantum and pair wise [email protected] , [email protected] [email protected] , [email protected] Information systems : conception, evaluation, performance [email protected] Distributed databases and service mediation [email protected] , [email protected]

TEACHING STAFF

Page 11: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

11

Page 12: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

12

ADVANCED CRYPTOLOGY [6 ECTS]

Cryptologie avancée Code ECTS : Course total volume: 60h Period : 2 bimester Professors : Rolland GILLARD, Alexei PANTCHICHKINE, Franck LEPREVOST, Philippe ELBAZ-VINCENT E-mail : [email protected] , [email protected] [email protected], [email protected] Objectives :

The student should understand the societal challenges of the security of information systems. At the same time, he should also be able to understand how RSA or ECDLP work. We complete previous courses, studying more systems using elliptic or hyperelliptic curves, going deeper in the attacks as well as using multivariable cryptology. The course also reviews the necessary mathematical notions. We eventually introduce cryptology based on hyperelliptic curves (HECC) and advanced cryptanalysis on ECC. Practical advantages and inconvenients of HECC with discussion on Software/hardware implementations. Contents Cryptanalysis (Prof. R Gillard) : Symmetric cryptology , differential analysis characteristics, programming the attacks on 3, 6, 16 rounds ; review on Matsui linear attacks; Strength criteria : boolean functions. Public key cryptology : Knapsack systems, NTRU, lattices, Hidden Fieds Equation. Linearization Attacks (XL) Groebner basis algorithms. Back to AES : is it vulnerable to multivariable analysis, multivariable attacks on stream ciphers Situation of Hash function : the state of the art for attacks ; counter-measures Groups, curves and cryptography (Prof. A Pantchichkine) : Projective spaces, algebraic varieties. Algebraic curves, singular points, examples... Divisors and differentials on curves. Genus of a curve. Vector spaces associated to divisors. Examples.. Theorem of Riemann-Roch. Examples. Curves over finite fields, examples. Computing the rational points. Zeta function of curves over finite fields. Functional equation. Examples.. The Weil bound, examples.. Algebraic groups, elliptic curves, examples. introduction to some challenges of cryptology and the security of information systems; Advanced public key methods (Prof. F Leprevost) : introduction to the basis concepts of cryptology : secret key, public key, digital signature, underlying mathematical problems; Primality tests; IF and RSA (overview), DLP over finite fields; Elliptic curves; Hyperelliptic cryptosystems (P Elbaz-Vincent) : concrete introduction to jacobian of hyperelliptic curves. representation and efficient algorithm. Encryption, signature and authentification schemes for HECC. Cryptanalysis of HECC. Advanced methods for points counting on ECC and HECC. Prerequisites : Cryptanalysis : Notions on DES , algebraic notions : finite abelian groups, polynomial rings, finite fields Groups, curves and cryptography Finite fields, linear algebra, polynomials, Euclidean algorithm, ideals, rings Advanced public key methods : good knowledge of the mathematics of finite fields, groups. Hyperelliptic cryptosystems : same as previous courses. Examination: continuous control Cryptanalysis : 2 sessions, Practical Work : 1 large project, 2 short projects Groupes, Courbes et Cryptography : 3 sessions Hyperelliptic cryptosystems : 1 Computer classroom Final Examination : 1 final session with 4 parts. Final mark session1: 20%*TP + 15%*CC + 65%*ET Final mark session2: 20%*TP + 15%*CC + 65*ET2 (if ET2 >ET1)

Page 13: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

13

DESCRIPTION IN FRENCH Objectifs :

L’étudiant doit comprendre les enjeux sociétaux de la sécurité des systèmes d’information, et en même temps être en mesure de comprendre comment fonctionnent RSA ou le problème ECDLP Compléter les cours précédents, en étudiant d'autres systèmes utilisant les courbes elliptiques et hyperelliptiques et en approfondissant les attaques, par exemple en utilisant la cryptologie multivariable. Nous introduisons finalement la cryptologie basée sur les courbes hyperelliptiques (HECC) et la cryptanalyse avancée de ECC. Avantages pratiques et inconvénients de HECC. Implémentations logiciels et matériels. Contenu : Cryptanalyse : Cryptologie à clef secrète : caractéristiques en analyse différentielle, attaque sur 6 rondes , attaque sur 16 rondes. Détail pour l'attaque linéaire de Matsui Critères de résistance : fonctions booléennes. Cryptologie à clef publique : sac à dos, NTRU, réseaux, Hidden Field Equation Attaque par linéarisation (XL). Bases de Gröbner. Retour sur l'AES : l'analyse multivariable le met-il en péril? Application aux systèmes par flux Le point sur les fonctions de hachage. : ou en sont les attaques; contre-mesures Groupes, Courbes et Cryptographie : Espaces projectifs, variétés algébriques. Courbes algébriques, points singuliers Généralités sur les diviseurs. Espaces associés aux diviseurs. Différentielles Théorème de Riemann-Roch. Exemples Courbes sur les corps finis. Fonction zêta des courbes sur les corps finis. Equation fonctionnelle. Exemples Borne de Weil, exemples. Groupes algébriques, courbes elliptiques, exemples Méthodes avancées en clef publique : introduction aux enjeux de la cryptologie et de la sécurité des systèmes d’information introduction aux concepts de base de la cryptologie : clef secrète, clef publique, signature électronique, problèmes mathématiques sous-jacents tests de primalité IF et RSA (survol), DLP sur des corps finis Courbes elliptiques ECDLP Chiffrements Hyperelliptiques : introduction pratique aux jacobiennes de courbes hyperelliptiques. Représentation des données et algorithmes efficaces. Schémas de chiffrement, signature et authentification pour HECC. Cryptanalyse de HECC. Méthodes avancées de comptages points pour ECC et HECC. Pré requis : Cryptanalyse : Notions sur le DES , notions algébriques: groupes abéliens finis, anneaux de polynômes , corps finis. Groupes, Courbes et Cryptographie : Corps finis, algèbre linéaire, polynômes, algorithme d’Euclide, idéaux, anneaux . Méthodes avancées en clef publique : Connaissances mathématiques sur la notion de corps fini, de groupe. Chiffrements Hyperelliptiques : similaires aux précédents Forme d’examen : Contrôle continu Cryptanalyse : devoirs surveillés, TP : 1 gros projet , 2 TP plus courts Groupes, Courbes et Cryptographie : 3 contrôls continus Chiffrements Hyperelliptiques : travail sur ordinateur. Epreuves terminales : 1 examen final en 4 parties. _________________________________________________________________________________________ Bibliographie / textbooks - Algebraic Aspects of the Advanced Encryption Standard (Cid,Murphy, Robshaw)ISBN-10 0-387-24363-1 - Recent proceedings of congress in cryptology (lecture Notes in Computer Science) - A course in Computational Algebraic Number Theory, Henri Cohen, Springer - Boolean Methods and Models , Cambridge University Press, Cramar Hammer Ed - Neal Koblitz, A.J. Menezes, Y.-H. Wu, R.J. Zuccherato, Algebraic Aspects of Cryptography (Algorithms and Computation in Mathematics) (Springer, 2004, 3rd Printing) - Oliver Pretzel, Codes and Algebraic Curves (Oxford Lecture Series in Mathematics and Its Applications, 8) (OxfordSciencePublication,1998) - Emmanuel Peyre , Corps finis et courbes elliptiques. M2P Cryptologie, sécurité et codage d'information, , Grenoble, 2006 - T. Ebrahimi, F. Leprévost, B. Warusfel (ed) : Cryptographie et sécurité des systèmes et réseaux. Hermes-Lavoisier (2006) ISBN 2-7462-1260-9 − T. Ebrahimi, F. Leprévost, B. Warusfel (ed) : Enjeux de la sécurité multimédia. Hermes-Lavoisier (2006) ISBN 2-7462-1207-2 − Handbook of elliptic and Hyperelliptic curve cryptography H. Cohen G. Frey, Chapman & Hall/CRC (2005)

Page 14: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

14

ADVANCED SECURITY OF SYSTEMS AND NETWORKS [3 ECTS]

Sécurité système et réseaux avancés Code ECTS Course total volume: 30h Period : 2 bimester Professors : Yves DENNEULIN, Claude CASTELLUCCIA, Frédéric WAGNER E-mail: [email protected] , [email protected] , [email protected] Objectives : Security of wireless networks.

The objectives of this class is to study the security of the following wireless systems and networks: 802.11, GSM/UMTS, RFID and Wireless Sensor Networks. Contents 1. Introduction to Wireless Systems and Security 2. Wireless LAN Security (WEP, WPA, 802.1X….) 3. Wireless LAN Security Lab: attacks and counter-measures (hand-on exercises) 4. Cellular Network Security (GSM, UMTS security, attacks on GSM networks) 5. Ubiquitous Networking Security (Wireless Sensor Network Security, RFID Security and Privacy, Bluetooth security). Prerequisites Basic knowledge in networking, security and cryptography.

Examination : 1. hand-on exercise (lab) (20%) 2. mid-term or related reports (40%) 3. final exam or related reports (40%)

DESCRIPTION IN FRENCH Objectifs de l’enseignement Sécurité de réseaux sans fil. L’objectif principal de ce cours est d’étudier la sécurité des réseaux et systèmes sans fil suivants : 802.11, GSM/UMTS, RFID et réseaux de capteurs. Contenu 1. Sécurité des réseaux sans-fil : une introduction 2. Sécurité des réseaux locaux 802.11 (WEP, WPA, 802.1X,…) 3. Sécurité des réseaux locaux 802.11 : attaques et contre-mesures. (TP) 4. Sécurité des réseaux cellulaires (GSM, UMTS) 5. Sécurité des réseaux ambiants (réseaux de capteurs, RFID, Bluetooth,…) Pré requis Connaissances de base en réseaux, sécurité et cryptographie. Forme d’examen 4. TP (20%) 5. rapports intermédiaires (40%) 6. examen et rapports finaux (40%) ___________________________________________________________________________________________________________ Bibliographie / textbooks

Page 15: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

15

AUDIT AND NORMS IN SECURITY - SMART CARD SECURITY [3 ECTS]

SECURITE DES CARTES A PUCE : Audit et normes de sécurité Code ECTS Course total volume: 30h Period : 2 bimester Professors: Cécile Canovas, Florent Autréau , Marie-Laure Potet E-mail : [email protected] , [email protected], [email protected]

Smart card security (Prof. C Canovas) Objectives

Smart cards often use cryptographic functions in a hostile environment. So a good cryptographic algorithm may become vulnerable if implemented into a smart card. The objective of the course is to present the smart card attacks and the adapted security implementations. Contents A. Smart cards: 1. Historic 2. Presentation 3. Use

B. Algorithms and Implementations : 1. DES 2. AES 3. RSA C. Attacks and Securisation

1. Observation Attacks 2. Statistical Attacks 3. Fault Attacks Prerequisites Cryptographic Algorithms DES, AES and RSA Examination

Written examination 1h Survivability and security audit (Prof. F Autreau)

After the introduction to methods and tools to assess and characterize security, availability and performance for Information System, given during the first semester, this class will give the opportunity to exercise the methodologies and tools covered during the first part of this course. The hand-on labs will be based on a 'game-like' exercise played from the perspective of a system administrator, as well as an attacker. Allowing learning techniques used to protect an IT infrastructure and to assess its security Contents Hand-on labs – 'Capture the Flag' Prerequisites System and Network Administration, Introduction to Security Audit - part1 Examination Practical works. ___________________________________________________________________________________________________________

Java card applications development (Prof. ML Potet) Objectives This lecture presents the smart card technologies and smart card applications. A large part of the lecture will be dedicated to the open standards (post issuance downloading) and particularly Java Card. Moreover you will have the opportunity to write and experiment smart card applications. Contents Java card and its security model, experiments on smart cards, development and test of an application. Prerequisites Java programming, Cryptographic foundation Evaluation The last experimentation ___________________________________________________________________________________________________________ Final mark session 1: 30%TP (SSA) + 30%TP (JCAD) + 40%ET (SCS) ___________________________________________________________________________________________________________

Page 16: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

16

DESCRIPTION IN FRENCH SECURITE DES CARTES A PUCE

Objectifs de l’enseignement La carte à puce est très souvent utilisée pour exécuter des fonctions cryptographiques dans un milieu non contrôlé et a priori hostile. Aussi un bon algorithme cryptographique peut présenter des failles une fois (mal) implémenté dans une carte à puce. L'objectif de ce cours est de présenter les attaques propres aux cartes à puce et les implémentations sécuritaires qui en découlent. Contenu A. Carte à puce : 1. Historique 2. Présentation 3. Utilisation

B. Algorithmes et implémentations : 1. DES 2. AES 3. RSA C. Attaques et sécurisation

1. Attaques par observation 2. Attaques par observation et analyse 3. Attaques par perturbation Pré requis Algorithmes cryptographiques DES, AES et RSA Forme d’examen

Examen écrit 1h AUDIT DE SECURITE

A la suite de l'introduction aux méthodes et outils utilisés pour évaluer et mesurer la sécurité, la disponibilité et les performances d'un S.I (module du premier bimestre), ce module permettra de mettre en pratique les concepts, méthodologies, outils et protections décrits lors du premier module. Les travaux pratiques seront basés sur un jeu de rôles au cours duquel les perspectives de l'administrateur du S.I., ainsi que de l'assaillant seront abordées. Permettant ainsi la mise en pratique et l'utilisation de techniques de protection et d'évaluation de la sécurité. Contenu Travaux Pratiques – Jeu de Roles Pre requis System and Network Administration, Introduction to Security Audit - part1 Evaluation Travaux Pratiques

DEVELOPPEMENT d’APPLICATIONS SECURISEES JAVA CARD Objectifs Ce cours présente les technologies utilisées dans les cartes et les applications des cartes à puce. Une partie de cours sera dédiée aux cartes ouvertes (chargement après délivrance) et principalement Java Card et à l’écriture et l’expérimentation d’applications carte à puce. Contenu La technologie des cartes à puce, Java Card, son modèle de sécurité, les API. Travaux pratiques permettant de développer une applette sécurisée. Pre requis Programmation Java Base de cryptographie Evaluation Rendu de TP

Page 17: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

17

CODING AND FAULT TOLERANCES [3 ECTS]

Codage et tolérance aux pannes : cours et atelier Code ECTS Course total volume: 30h Period : 2 bimester Professors : Jean-Marc BROSSIER (9h) Alexei PANTCHICHKINE (15h) Jean-Louis ROCH (6h) E-mail : [email protected] , [email protected] , [email protected] Objectives

The present course introduces basic tools used in order to assure the transmission of information on the supports producing errors by noise. The basic mathematical concepts are given which make it possible to construct codes with a given guaranteed speed (information rate). In particular, we treat cyclic codes and geometric Goppa codes. Effective implementation of codes and industrial applications (CIRC code for audio compact disks, turbo-codes, …) are detailed. Contents The course is divided in 2 parts: A- Foundations of error-correcting codes [5 lectures, Alexei PANTCHICHKINE]

1. Transmission of Information, coding and optimal decoding on a noisy channel. 2. Distance of Hamming, speed and information rate, relative distance. Hamming bound and codes. 3. Linear codes and cyclic codes. Generating matrix and computation of the syndrome of errors. 4. Error-locating polynomials. Application to decoding. 5. Reed-Solomon codes and BCH codes. Coding and decoding. 6. Bounds of Plotkin and of Gilbert-Varshamov. 7. Geometric Goppa codes and algebraic curves over finite fields.

B – Implementation and industrial applications of error-correcting codes Implementation and applications of Reed-Solomon Codes [2 lectures, Jean-Louis ROCH] 1. Errors and erasures. Burst errors and Interleaving. CIRC (Cross-Interleaved Reed-Solomon codes). 2. Applications: Audio CD; RAID disk systems. Satellite communications.

Implementation and applications of convolutional and turbo codes [3 lectures, Jean-Marc BROSSIER] 1. Definition of convolutional codes. Distance and decoding (Viterbi algorithm) 2. Turbo-codes. 3. Applications. Prerequisites Finite fields, linear algebra, polynomials, Euclidean algorithm, ideals and rings Practice in programming (C/C++) with I/O streams. Examination Session 1: - ETA, ETB: Final examination: 2 written exams: ETA=1h30 for part A -; ETB=1h30 for part B - TP: Practical work: 1 (part B) - CC: Continuous controls: 1 controls (1h for part I). The mark obtained to the continuous control is taken into account only if larger than the mark of the final examination. ___________________________________________________________________________________________________________ Final mark session 1: 40% *ETA + 10% * MAX(ETA,CC) + 25% * TP + 25%*ETB Session 2: (under decision of the jury) : - ETA2, ETB2: one or two final examination in session 2. ETA2 for part A and/or parts B. Oral (30’) if <= 5 students; written (1h) if >=6 students Final mark session 2: 40% *ETA2 + 10% * MAX(ETA2,CC) + 25% * TP + 25%*ETB2 ___________________________________________________________________________________________________________

Page 18: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

18

DESCRIPTION IN FRENCH Objectifs de l’enseignement

Ce cours introduit les outils utilisés pour assurer la transmission d'informations correctes sur des supports introduisant des erreurs. Dans une première partie, les fondements mathématiques permettant la construction de codes avec un rendement garanti sont présentés, en particulier les codes cycliques. Dans les applications pratiques, notamment en informatique et télécommunications, des variantes de ces codes sont utilisées. Les fondements mathématiques permettant la construction de codes avec un rendement garanti sont présentés, en particulier les codes cycliques et les codes géométriques de Goppa. L’implémentation effective des codes correcteurs dans des applications industrielles est détaillée, avec une attention particulière aux rafales d’erreurs : CIRC code pour les CDs audio, turbo-codes, systèmes RAID, … Contenu Le cours est structuré en 2 parties. A- Foudations des codes correcteurs d’erreur [5 lectures, Alexei PANTCHICHKINE]

1. Transmission d’information, codage et décodage optimal sur canal bruité. 2. Distance de Hamming, rendement et vitesse de transmission; distance relative.

Borne et code de Hamming. 3. Codes linéaires et codes cycliques. Matrice génératrice et calcul du syndrome d’erreurs. 4. Polynôme locateur d’erreurs. Application au décodage. 5. Codes de Reed-Solomon codes et codes BCH. Codage et décodage.. codes. 6. Bornes de Plotkin et Gilbert-Varshamov. 7. Codes géométriques de Goppa codes et courbes algébriques sur les corps finis.

B – Implémentation et applications industrielles des codes correcteurs d’erreur Implémentation et applications des codes Reed-Solomon [2 lectures, Jean-Louis ROCH] 1. Erreurs et effacements. Paquet d’erreurs et entrelacement. Code CIRC (Cross-Interleaved Reed-Solomon code). 2. Applications: Audio CD; système de stockage RAID; communications satellite.

Implémentation et applications des codes convolutionnels et turbo [3 lectures, Jean-Marc BROSSIER] 1. Définition d’un code convolutionnel. Distance libre et décodage (Viterbi algorithm) 2. Turbo-codes. 3. Applications. Pré requis Corps finis, algèbre linéaire, polynômes, algorithme d’Euclide, idéaux, anneaux et modules. Pratique de la programmation avec des entrées-sorties. Forme d’examen Session 1: - ETA, ETB: 2 examens terminaux écrits: ETA=1h30 pour la partie A -; ETB=1h30 pour la partie B - TP : Travail pratique: 1 (partie B) - CC : Contrôle Continu: 1 contrôle (1h for part A). La note ay contrôle continu n’est prise en compte que si elle est supérieure à la note d’examen. Final mark session 1: 40% *ETA + 10% * MAX(ETA,CC) + 25% * TP + 25%*ETB Session 2: (sur décision du jury) : - ETA2, ETB2: un ou deux examens finaux pour la session 2: ETA2 pour partie A et/ou ETB2 pour partie B. Oral (30’) if <= 5 students; written (1h) if i >=6 students Final mark session 2: 40% *ETA2 + 10% * MAX(ETA2,CC) + 25% * TP + 25%*ETB2

Bibliographie/textbooks 1) Oliver Pretzel, Codes and Algebraic Curves (Oxford Lecture Series in Mathematics and Its Applications, 8) 2) Papini, O., et Wolfman, J., Algèbre discrète et codes correcteurs, Collection Math. et Applications, Springer-Verlag, 1995 3) J.H. van Lint, Introduction to Coding Theory (Graduate Texts in Mathematics), Springer, 3rd Ed. (1999) 4) A.Pantchichkine, Mathematics of Error-Correcting Codes (Cours Mathématiques des codes correcteurs d'erreurs, Master-2 de mathématiques, "Cryptologie, Sécurité et Codage d'Information", 2007/2008) http://www-fourier.ujf-grenoble.fr/~panchish/7codes-v4.pdf 5) Jean-Guillaume Dumas, Jean-Louis Roch, Eric Tannier, Sébastien Varrette, Théorie des Codes, Dunod (2007) 6) Jean-Marc Brossier, Signal et communication numérique, Hermes (1997)

Page 19: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

19

DISTRIBUTED ALGORITHMS AND FAULTS TOLERANCE [3 ECTS]

Algorithmique distribuée, tolérances aux fautes Code ECTS Course total volume: 30h Period : 2 bimester Professors : Vivien QUEMA , Lorena ANGHEL E-mail : [email protected] , [email protected] Objectives

At the basis of reliable distributed systems are several mechanisms, such as leader election, (ordered) broadcast, consensus, etc. This course introduces the main algorithms that are used to implement these mechanisms; and yet the design techniques to limit the impact of software or hardware failures. We present several algorithms and give some example of basic correctness proofs. Moreover, we study how the different assumptions that can be made on a system (synchrony, faults, etc.) impact the design of distributed algorithms. Contents The course is structured in two parts: A- Distributed algorithms and agreement [7 lectures, Vivien Quéma] The course contains three parts: distributed algorithms and engineering distributed applications. Study of algorithms that are at the basis of reliable distributed systems. Proofs that these algorithms are correct. B - Fault-tolerance [3 lectures, Lorena Anghel] This part focuses on the main design techniques to limit the impact of software or hardware failures: faults avoidance; robustness; N version programming; recovery blocks techniques; acceptation test; retry; check points and rollback. Prerequisites Centralized operating systems; networks; elements of probability. Examination Exam + Practical activity. ___________________________________________________________________________________________________________ Final mark Session1: 30%TP + 70%ET Final mark Session2: 30%TP + 70%ET2

DESCRIPTION IN FRENCH Objectifs de l’enseignement

La conception et la réalisation des systèmes répartis tolérants aux fautes s'appuient sur un ensemble de mécanismes de base: élection, diffusion, consensus, etc. Ce cours introduit les principaux algorithmes utilisés pour construire ces mécanismes de base ; ainsi que les principales techniques utilisées pour limiter l’impact des pannes logicielles ou matérielles. Des résultats d'impossibilité, ainsi que des preuves simples d'algorithmes sont étudiés afin de sensibiliser l'étudiant à la possibilité d'implanter un algorithme pour un mécanisme donné en fonction des hypothèses faites sur le système (synchronie, occurrence de fautes, etc.). Contenu Le cours est structuré en deux parties. A- Algorithmes distribués et consensus [7 séances, Vivien Quéma] Etude des algorithmes de base pour la construction de systèmes tolérants aux fautes. Preuves sur les propriétés des algorithmes. B – Tolérance aux pannes [3 séances, Lorena Anghel] Principales techniques utilisées pour limiter l’impact des pannes logicielles ou matérielles: MTBF et évitement de fautes. ; logiciel robuste ; programmation N versions ; blocs de recouvrement ; construction du test d’acceptation ; reprise ; technique de points de contrôle et de retour à un état correct. Pré requis Aucun Forme d’examen Examen écrit et TP.

Bibliographie / textbooks 1) Siewiorek, Swarz, Reliable Computer Systems, Design and Evaluation, second edition 1992 2) D.K. Pradhan, Fault Tolerant Computing: Theory and Techniques, Prentice Hall, 1986

Page 20: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

20

HARDWARE AND EMBEDDED SYSTEMS SECURITY [3 ECTS]

Architectures matérielles sécurisées Code ECTS Course total volume: 30h Period : 2 bimester Professors : Régis LEVEUGLE, Paolo MAISTRI E-mail : [email protected] Objectives

This course aims at presenting the specific design constraints for secure integrated systems and at giving circuit level and architecture level methods for the specification, design and implementation of robust cryptographic circuits. It discusses architectural choices to be done for System on Chip (SoC) design. Contents Embedded system design and architecture – basic concepts

Hardware Architecture (integrated bus, memory architecture, advanced processors, IP) Software Architecture (RTOS, API) Integrated Circuits and SoCs

Design and implementation of secured circuits and crypto processors Secure circuits: design constraints, qualification, common criteria. Types of attacks, exploitation examples. Impact on test techniques. Implementation of protections (counter-measures) against the different types of attacks. Examples of secure architectures for symmetric and asymmetric coding algorithms.

Prerequisites Digital circuit design, computer architecture, cryptanalysis and cryptography. (M1 courses). Examination Written examination (2h) and reports on lab works at CIME laboratory. ___________________________________________________________________________________________________________ Final mark session1: 30%*TP + 20%*CC + 50%*ET Final mark session2: 30%*TP + 20%*CC + 50% ET2 (if ET2 > ET1)

DESCRIPTION IN FRENCH Objectifs de l’enseignement

Ce cours a pour but de présenter les contraintes de conception spécifiques aux systèmes intégrés sécurisés et de montrer des méthodes aux niveaux circuit et architecture pour la spécification, la conception et l'implantation de circuits de chiffrement robustes. Contenu Conception et architecture de systèmes embarqués – concepts de base

Architecture matérielle (bus, architecture mémoire, processeurs avancés, IP) Architecture logicielle (RTOS, API) Circuits intégrés et SoCs

Conception et implantation de circuits sécurisés et de processeurs de chiffrement Circuits sécurisés : contraintes de conception, qualification, critères communs. Types d'attaques, exemples d'exploitation. Impact sur les techniques de test. Implantation de protections (contre-mesures) contre les différents types d'attaques. Exemples d'architectures sécurisées pour chiffrement symétrique et asymétrique.

Pré requis Conception de circuits numériques, concepts de base en architecture d'ordinateur et en cryptographie Forme d’examen Devoir surveillé (2h) et rapports sur les manipulations

Bibliographie / textbooks

Page 21: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

21

MULTIMEDIA APPLICATIONS [3 ECTS]

Applications multimédia : cours et atelier Code ECTS Course total volume: 30h Credits ECTS : 3 Period : 2 bimester Professors : Patrick BAS, François CAYRE, Touradj EBRAHIMI E-mail : [email protected] , [email protected] , [email protected] Objectives:

To present the basics in compression and media security technologies such as watermarking, media content integrity verification, conditional access and scrambling. To establish a link between common requirements and state-of-the-art techniques. To overview media security standards. The course will be illustrated focusing on images and/or video content. Contents: - Compression: decorrelation and energy compaction, popular transforms (KL, DCT, DWT), quantization, source coding and bit allocation. Application to JPEG, JPEG2000 and MPEG2/MPEG4. - Watermarking: a communication problem, robustness and capacity issues, popular coding techniques (SS-based, QIM-based). Resynchronization issues and application to still images. Introduction to data-hiding security. - Media security tools: watermarking evaluation, multimedia content integrity verification solutions, visual password, scrambling… - Media security standards: Secure JPEG 2000, MPEG-4 Intellectual Property Management and Protection, MPEG-21, DMP, SDMI. Prerequisites: Basic knowledge in communications, statistics and signal processing if possible. C programming. Examination: − Compression: 1h exam. − Watermarking: evaluation based on a practical work. − Media security: 1h written exam. ___________________________________________________________________________________________________________ Final mark session1: 22%ET1(Compression) + 45%TP (Watermarking) + 33%ET2 (Media Security) ___________________________________________________________________________________________________________ DESCRIPTION IN FRENCH Objectifs de l’enseignement:

Présenter les bases en compression et technologies de sécurité des média telles que le tatouage, l’accès conditionnel, et le floutage des contenus multimédia. Établir un lien entre les besoins courants et les techniques modernes. Donner un survol des normes en sécurité des média. Ce cours sera illustré du point de vue des images et des vidéos. Contenu: Compression : décorrélation et compaction de l'énergie, transformées usuelles (KL, DCT, DWT), quantification, codage de

source et allocation de bits. Application à JPEG, JPEG2000 et MPEG2/MPEG4. Tatouage : formulation en tant que problème de communications numériques, problème de robustesse et de capacité, techniques

usuelles (étalement de spectre, quantification). Problème de la resynchronisation et application aux images. Introduction à la sécurité de la dissimulation de données.

Outils de sécurité des média : évaluation de tatouage numérique, des solutions de vérification de l’intégrité des contenus multimédia, mot de passe visuel, floutage

Normes de sécurité des média : JPEG 2000 sécurisé, MPEG-4 Protection et Gestion des Droits Intellectuels, MPEG-21, DMP, SDMI

Pré requis: Si possible, connaissances de base en communications numériques, statistiques et traitement du signal. Programmation en C. Forme d’examen: • Compression : Examen sur table d'une heure. • Tatouage : Le TP donnera lieu à un compte-rendu noté. • Sécurité des média : Examen écrit d’une heure

Bibliographie / textbooks Aucune / None

Page 22: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

22

NEW TRENDS IN CRYPTOLOGY :

BIOMETRICS, QUANTUM CRYPTOGRAPHY AND PAIRINGS [3 ECTS] Cryptologie : biométrie, quantique et par couplages

Code ECTS Total course volume: 30h Period : 1, 2 bimester Professors : Jean François MAINGUET, Pablo ARRIGHI, Philippe ELBAZ-VINCENT E-mail: [email protected], [email protected], [email protected] Objectives

Introduce new trends in cryptography and/or cryptanalysis which are currently hot topics. For 2008, the chosen topics are Biometrics, Quantum cryptography and Pairing-based cryptography. Biometrics (JF Mainguet) : what is biometrics, how biometrics can replace passwords and keys, integration with cryptography, testing biometrics is difficult. Quantum cryptography (P Elbaz-Vincent): About twenty years ago a number of physicists and computer scientists (Bennett & Brassard) have begun to understand the tremendous advantages which phenomena of quantum physics -- such as entanglement and wavepacket collapse -- could bring to information processing. After a brief introduction to the postulates of quantum mechanics as formulated in terms of basic Linear Algebra, we shall study the main quantum key distribution protocol actually implemented and commercialized nowadays. Pairings (P Arrighi): Since the introduction of pairings in constructive cryptographic applications, an ever increasing number of protocols have been appearing in the literature: identity-based encryption, short signature, and efficient broadcast encryption to mention but a few. An appropriate mix of theoretical foundations and practical considerations is essential to fully exploit the possibilities offered by pairings: cryptographic protocols, software and hardware implementations, new security applications, etc. Contents Biometrics : objectives, fundamentals, verification/authentication, biometric modalities (fingerprint, iris, face…), the biometric market, applications, testing biometrics, standards, security and biometrics, integration with cryptography, privacy, myths. Quantum cryptography: introduction to the postulates of quantum mechanic, quantum key distribution protocol, practical applications to commerce and industry. Pairings : mathematical foundation, cryptographic protocol, software/hardware implementations, applied security (security ubiquitous computing, security management, network security, grid computing, PKI model, internent and web security, e-business) Prerequisites Biometrics : none Quantum cryptography : basic linear algebra Pairings : SAC: PKI Examination 1 final exam in 3 parts (one part for each topic) ___________________________________________________________________________________________________________ Final mark session1 : 30%ET1 (Biometrics) + 40% ET2 (Pairings) + 30%ET3 (Quantum cryptography) ___________________________________________________________________________________________________________

Page 23: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

23

DESCRIPTION IN FRENCH Objectifs de l’enseignement

Présenter de nouvelles méthodes en cryptographie et/ou cryptanalyse qui sont particulièrement d'actualités et en plein essor. Pour 2008, les thèmes choisis sont Biométrie, Cryptographie quantique et cryptographie basée sur les couplages. Biométrie : découverte de la biométrie, dans quelle mesure elle peut remplacer les mots de passe et les clés, comment elle s’intègre avec la cryptographie, la difficulté de tester les systèmes biométriques. Cryptographie quantique : Depuis une vingtaine d'année des physiciens et des informaticiens (Bennett & Brassard 1984) découvrent les formidables atouts que peuvent représenter des phénomènes de la mécanique quantiques tels que l'intrication et la réduction du paquet d'onde pour le traitement de l'information. Après une brève introduction aux postulats de la mécanique quantique formulés en terme d'algèbre linéaire de base nous étudierons le principal protocole de distribution de clé quantique, dont les implémentations existent et sont commercialisées actuellement. Couplages : Depuis l'introduction effective des couplages en cryptographie, un nombre croissant de protocoles sont apparus dans la littérature: chiffrement basé sur l'identité, signature courte, chiffrement effectif de broadcasting. Un mélange judicieux de méthodes théoriques et de considérations pratiques est essentiel pour exploiter pleinement les possibilités offertes par les couplages: protocoles cryptographiques, implémentations matériels et logiciels, nouvelles applications de sécurité, etc. Contenu Biométrie : objectifs, principe fondamental, vérification/authentification, les diverses modalités biométriques, examen des modalités les plus usitées (empreinte digitale, reconnaissance faciale, iris) tant du coté capteur que du coté algorithme, le marché de la biométrie, les déjà nombreuses applications existantes (commerciales, gouvernementales), évaluation des performances biométriques (FAR & FRR), normalisation, le sécurité des systèmes biométriques (cryptographie / détection de vitalité), introduction à la biométrie intriquée avec la cryptographie (le Grâal de la biométrie), protection de la vie privée, mythes et réalités. Cryptographie quantique : introduction à la mécanique quantique, protocoles quantiques de distribution de clefs, applications dans le commerce et l'industrie. Couplages : fondements mathématiques, protocoles cryptographiques, implémentations, sécurité appliquée. Pré requis Biométrie : aucun. Cryptographie quantique : algèbre linéaire élémentaire. Couplages : SAC: PKI Forme d’examen 1 examen final en 3 parties (une pour chaque thème)

Bibliographie / textbooks Biometrics : Guide to Biometrics by Ruud Bolle, Jonathan Connell, Sharanthchandra Pankanti, Nalini Ratha, Andrew Senior, Springer Verlag 2003. La Biometrie de Jacky Pierson, Hermes 2007 Hand book of Fingerprint Recognition by David Maltoni, Dario Maio, Anil K. Jain, Salil Prabhakar, Springer 2005 Quantum cryptography : Quantum Computation and Quantum Information by Michael A. Nielsen, Issak L. Chuang, Cambridge University Press 2000. Pairings : Advances in Elliptic Curve Cryptography: Further Topics v. 2 (London Mathematical Society Lecture Note Series) by Ian F. Blake , Gadiel Seroussi , Nigel P. Smart , Cambride University Press, 2005.

Page 24: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

24

PROJECT : DEPLOYEMENT OF A SECURED GRID INFRASTRUCTURE [3 ECTS] Projet déploiement d’une infrastructure de grille sécurisée

Code ECTS Course total volume: 18h Period : 2 bimester Professors : Yves DENNEULIN, Frédéric WAGNER E-mail : [email protected] , [email protected] Objectives Design a secured infrastructure aimed at sharing data and computing resources on a large scale Contents

This is a project with an introduction to the problem at hand Prerequisites Examination : Written report and defence

DESCRIPTION IN FRENCH Objectifs de l’enseignement Construire une infrastructure sécurisée pour partager des données et des ressources de calcul à grande échelle Contenu Il s’agit d’un projet avec une introduction pour situer le problème. Pré requis Forme d’examen Un rapport final et une soutenance

Bibliographie / textbooks

Page 25: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

25

SECURITY MODELS PROTOCOLS AND PROOFS [ 6 ECTS] Modèles pour la sécurité : preuves, protocoles et politiques

Code ECTS Course total volume: 60h Period : 1 bimester Professors : Florent Autréau, Pascal Laforucade, Jean-Louis Roch E-mail : [email protected], [email protected], [email protected] Objectives

The course presents the theoretical and practical models and tools used to assess and to characterize the security of a cryptosystem, a protocol or an effective information system. Contents The course is divided in three parts: * Security proofs [8 lectures, Prof: Jean-Louis Roch]: foundations of provable security in relation with complexity 1. Introduction: computationally, provably, unconditionally secure; Attack models; Probabilities 2. Entropy and perfect secret/unconditional secure cryptosystem 3. Provably secure cryptosystem - One-way functions. Polynomial reductions 4. One-way hash function 5. Pseudo-random generators 6. Probabilistic algorithm - Interactive proofs 7. Zero-knowledge protocols * Models for Security [8 lectures, Prof: Pascal Lafourcade]: foundations of semantic security, 1. Indistinguishability 2. Public Encryption 3. Symmetric encryption 4. Protocol Symbolic model and computational model 5. Non-interference 6. Access control and security policies * Security politics and audit [4 lectures, Prof: Florent Autreau]: methods and tools to assess and characterize security, availability and performance for Information System. 1. Concepts 2. Threats, risks. 3. Methods and Standards 4. Tools 5. Hand-on labs Prerequisites Basic knowledge (Master-1st year level) in probabilities, algorithms and complexity, operating systems; arithmetic and basic cryptography protocols. Examination Session 1: - ET: Final examination: 1writtem exam (3h) - TP: Practical work: 1 - CC: Continuous controls: 2 written controls (30’ each). The mark obtained to the continuous control is taken into account only if larger than the mark of the final examination. ___________________________________________________________________________________________________________ Final mark session 1: 20% * TP + 65% * ET + 15% * MAX(ET,CC) Session 2: (under decision of the jury) : - ET2: one final examination in session 2.: oral (30’) if <= 5 students; written (1h) if i >=6 students Final mark session 2: 20% * TP + 65% * ET2 + 15% * MAX(ET2, CC) ___________________________________________________________________________________________________________

Page 26: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

26

DESCRIPTION IN FRENCH Objectifs de l’enseignement

Le module présente les modèles théoriques et les outils pratiques utilisés pour garantir et caractériser la sécurité d’un cryptosystème, d’un protocole cryptographique ou de système d’information donné. Contenu Le cours est structuré en trois parties. * Sécurité prouvable [8 séances, Prof: Jean-Louis Roch]: fondations de la sécurité prouvable et relation avec la complexité 1. Introduction: sécurité calculatoire, prouvable, inconditionnelle; modèles d’attaques; probabilités (rappel) 2. Entropie et secret parfait ; cryptosystème symétrique inconditionnellement sûr [Vernam] 3. Sécurité prouvable – Fonctions à sens unique et réduction polynomiale 4. Fonctions de hachage à sens unique 5. Générateurs pseudo aléatoires non prédictibles 6. Algorithme probabiliste et preuves interactives 7. Protocoles à divulgation nulle de connaissance * Modèles pour la sécurité [8 séances, Prof: Pascal Lafourcade]: fondations de la sécurité sémantique 1. Indistingabilité 2. Chiffrement public 3. Chiffrement symétrique 4. Protocoles dans les modèles symboliques et computationnels 5. Non-interférence 6. Contrôle d’accès et politiques de sécurité * Politiques de sécurité et audit [4 séances, Prof: Florent Autreau]: méthodes et outils pour analyser et caractériser la sécurité, la disponibilité et la performance d’un système d’information 1. Concepts 2. Menaces et risques 3. Méthodes et Standards 4. Outils 5. Travail pratique en laboratoire Pré requis Connaissance de base (Master-1) en probabilités, algorithmes et complexité, programmation et système d’exploitation, arithmétique et protocoles cryptographiques de base. Forme d’examen Session 1: - ET: Examen terminal : 1 examen écrit (3h) - TP : Travail pratique : 1 - CC : Contrôle continu: 2 contrôles écrits (30’ chacun). La note obtenue au contrôle continu n’est prise en compte que si elle est supérieure à la note d’examen terminal. Note finale session 1: 20% * TP + 65% * ET + 15% * MAX(ET,CC) Session 2: (sur décision du jury après la session 1) : - ET2: un examen terminal en session 2: oral (30’) if <= 5 étudiants; écrit (1h) if >=6 étudiants Note finale session 2: 20% * TP + 65% * ET2 + 15% * MAX(ET2, CC)

Bibliographie / textbooks The handbook of applied cryptography (on-line), Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Security Engineering, by Ross Anderson Applied cryptography, Bruce Schneier The Foundations of Cryptography (vol 1 and 2) , Oded Goldreich. [Online fragments] Cryptography: Theory and Practice, Douglas Stinson,

Page 27: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

27

SYMMETRIC AND ASYMMETRIC CRYPTOLOGY ; PKI ARCHITECTURES [6 ECTS]

Cryptologie symétrique et asymétrique, Architectures PKI Code ECTS Course total volume: 60h Period : 1 semester Professors : Roland GILLARD, Philippe ELBAZ-VINCENT, Jean-Guillaume DUMAS E-mail : [email protected], [email protected], [email protected] Objectives : Introduction to symmetric and asymmetric encryption and their use in public key architecture Stream and block ciphers (Prof. R Gillard): review of the main systems; give some notions In analysis. Public key methods (Prof. P Elbaz-Vincent): presentation of modern public key cryptography. The course will describe in details (including state of the art on their cryptanalysis) RSA, ECC.(and more generally DLP based cryptosystems) and NTRU and theirs associated protocols. Public Key Infrastructure (Prof. JG Dumas): A Public Key Infrastructure is a set of infrastructures making it possible to carry out secure exchanges. Indeed, in a public key setting, the first practical problem is how to attach a public key to its owner? The idea of the PKI is initially not to distribute keys but rather numerical certificates containing these keys as well as identity data (status, mail, e-mail, domain name or IP addresses IP for a server...). The objectives of this course are to master the precise structures and tools ensuring in particular creation and management of these certificates. Several applications in secure Internet or protected electronic mail as well as the concepts of safety policy allowing a sensible management of these certificates are approached. Contents Stream and block ciphers : Introduction-Basic Facts, Data Encryption Standard, System Description ,Programing Attacks, Cryptanalysis ; Other Systems I (Variants : Lucifer, Gost, XDES, 3-DES). Idea, Blowfish. Advanced Encryption Standard, Other Systems II (Other AES candidates: Mars, 2fish,RC6,Serpent,CS, Misty/Kasumi, Camélia, SHACAL). Streamciphers : LFSR Massey-Berlekamp Algorithm Main systems Geffe,RC4,A5,PKZIP,Bluetooth Attacks. Comments. Public key methods : An overview on cryptology2. Fundamental concepts, basic and advanced cryptanalysis, "real life" protocols (including semantic security) for the following public key cryptosystems: RSA, Diffie/Hellman and ElGamal (including ECC), NTRU.3. Overview on others public key cryptosystems PKI: Introduction (Needs; What is public key infrastructure? Security Policy ? Context and theoretical background.. Infrastructures Principle , PKI Elements (PKI functions ; PKI entities) Certificates (emission ; PGP; X.509 ; Applications ) Hierarchical PKI (PKIX Model ; Administration ; Authentification ; Migration ) Non hierarchical PKI (PGP confidence, Spooky/Sudsy, ...) Drawbacks of PKI. Web Security, electronic mail and PKI. IPSEC ; SSL, TLS ; S/MIME ; DNSsec ; LDAP ; SET ; IKE. Security Policy and Infrastructures Security procedures ; Certification Policy ; Threat Modelling Prerequisites : Stream and block ciphers : Basic Algebra Public key methods : knowledge of arithmetic over the intergers and modular arithmetics. Knowledge on finite fuelds. Undergraduate linear algebraand commutative algebra. Basic knowledge on probability and statistics. Basic knowledge on complexity theory and programming languageSome familiarity with at least one computational algebra system. PKI : Secret key Cryptography, Public Key Cryptography, e-Signature, Hash functions Continuous Examination : Stream and block ciphers 2 practical works Public key methods : 1 computer classroom evaluation and 1 classroom evaluation PKI 1 assignment and 1 practical exam 1 final exam in 3 parts Final mark session1: 20%*TP + 15%*CC + 65%*ET Final mark session2: 20%*TP + 15%*CC + 65*ET2 (if ET2 >ET1)

Page 28: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

28

DESCRIPTION IN FRENCH Objectifs de l’enseignement : Cryptographie symétrique : Présentation des systèmes principaux avec quelques notions d’analyse Méthodes de cryptologie à clef publique : Le cours décrira en détails (y inclus un état de l'art sur leurs cryptanalyses) RSA, ECC (et plus généralement les méthodes basées sur le DLP) et NTRU, ainsi que les protocoles associes PKI : Une architecture PKI (pour Public Key Infrastructure) est un ensemble d'infrastructures permettant de réaliser effectivement des échanges sécurisés. En effet, une fois définis des algorithmes complexes utilisant par exemple des clefs publiques, le premier problème pratique qui se pose est comment rattacher une clef publique à son propriétaire? L'idée des PKI est d'abord de ne pas distribuer des clefs mais plutôt des certificats numériques contenant ces clefs ainsi que des données d'identité (état civil, adresse, adresse mail pour une personne, nom de domaine ou adresse IP pour un serveur...). L'objectif de ce cours est de maitriser les structures précises et les outils assurant en particulier la création et la gestion de ces certificats au sein par exemple d'une entreprise. De nombreuses applications en sécurité internet, messagerie électronique sécurisée ainsi que des notions de politique de sécurité permettant la gestion raisonnée de ces certificats sont abordées Contenu : Cryptographie symétrique : Introduction-Généralités, Data Encryption Standard, Description du systèmeProgrammation, Attaques, Cryptanalyse Autres Systèmes I (Variantes : Lucifer, Gost, XDES, 3-DESIdea, Blowfish). Advanced Encryption Standard , Autres Systèmes II (Autres candidats AES : Mars, 2fish,RC6,Serpent , CS, Misty/Kasumi, Camélia, SHACAL). Systèmes par flot (LFSR , combinaison, flitrage , Algorithme de Massey-Berlekamp).Principaux systèmes : Geffe,RC4,A5,PKZIP,Bluetooth. Attaques Discussion et Remarques finales Blocs et flots, Blocs et fonctions de hachage Presentation des methodes modernes de cryptogrphie a clefs publiques. Méthodes de cryptologie à clef publique :. Un panorama de la cryptologie.. Concepts fondamentaux, cryptanalyses elementaires et avances, protocoles (y inclut preuve de securite semantique) pour les cryptosystemes a clefs publiques suivants ; RSA, Diffie/Hellman et ElGamal (y inclut ECC), NTRU.. Presentation d'autres cryptosystemes a clefs publiques PKI : Introduction et contexte (Qu'est-ce que la PKI ? ; Signatures électroniques).. Éléments d'une infrastructure PKI (Fonctions et acteurs d'une PKI : CA, RA, Dépôt, etc.) * Les certificats (Émission et vérification d'un certificat, PGP, un premier exemple de certificat, Certificats X.509, exemples dans Mozilla, Windows XP, etc.)P KI hiérarchiques (PKIX, Les fonctions d'administration, Authentification, Migration). Architectures non hiérarchiques (Modèle de confiance PGP, Spooky/Sudsy, ...) Défauts des PKI. OpenSSL : mise en place d'une PKI d'entreprise Protocoles de Sécurité Web et courrier électronique. Couche réseau : IPSEC ; Couche transport : OpenSSL, TLS ; Couche applicative (S/MIME, DNSsec, LDAP, PGP et GnuPG, SET, e-carte bleue). Politiques et Architectures de Sécurité. Mesures de sécurité ; Politique de certification ; Modélisation de la menace ; Aspects légaux Pré requis : Cryptographie symétrique : algèbre de base Méthodes de cryptologie à clef publique : .Connaissance de l'arithmétique des entiers et de l'arithmétique modulaire. Manipulations des corps finis. Algèbre et algèbre linéaire de Licence. Rudiments de théorie des probabilités et de statistiques. Connaissance de base en théorie de la complexité et en langages de programmation. Connaissance d'au moins un logiciel de calcul formel. PKI : Cryptographie à clef secrète, Cryptographie à Clef publique, Signature Electronique, Fonctions de Hachage Contrôle continu : Cryptographie symétrique : 2 TP, un examen terminal Méthodes de cryptologie à clef publique : 1 travaux pratiques noté ,1 contrôle continu en classe1 examen final PKI Contrôle continu, 1 TP Contrôle final : en 3 parties Bibliographies / textbooks - Bruce Schneier : Applied Cryptography - A.J. Menezes, P.C. van Oorshot, S.A. Vanstone : Handbook of Applied cryptography, CRC Press 1997 - D. Stinson : Cryptography, theory et pratique, .Int. Thomson Pub France 1996. et 2nd éd 2003. - S. Vaudenay A classical Introduction to Cryptography , Applications for COmmunications Security, Springer 2006 - Mao, W; Modern Cryptography: Theory and Practice, 2003 - Hankerson, D; Menezes, A; Vanstone, S; Guide to Elliptic Curve Cryptography 2004 - Koblitz, N; Algebraic Aspects of Cryptography 2004 - Yan, S; Primality Testing and Integer Factorization in Public-Key Cryptography, 2003 - Yan, S; Cryptanalytic Attacks on RSA , 2007 - Carlisle Adams and Steve Lloyd. Understanding PKI: Concepts, Standards, and Deployment Considerations. Addison-Wesley Professional; 2nd edition 2002. - C. Cachat et D. Carella. PKI Open source : déploiement et administration. O'Reilly 2003. - Cryptographie et sécurité des systèmes et réseaux, T. Ebrahimi, F. Leprevost, and B. Warusfeld, éditeurs, Hermès 2006. - J-G. Dumas, J-L. Roch, É. Tannier et S. Varrette. Théorie des codes : compression, cryptage, correction. Dunod 2007. - B. Schneier. Secrets et Mensonges : sécurité numérique en réseau. Vuibert Informatique 2001.

Page 29: Universités de Grenoble, France INSTITUT …moais.imag.fr/.../BROCHURE-Master-2-CSCIS_v5.pdf2 Selection of candidates Students are selected and admitted to the Master curriculum based

29

SYSTEM ADMINISTRATION AND NETWORK SECURITY [3 ECTS] Administration système et sécurité réseaux : TP / Ateliers

Code ECTS Course total volume: 30h Period : 1 bimester Professors : Yves DENNEULIN, Frédéric WAGNER E-mail : [email protected] , [email protected] Objectives Basics of unix systems administration, basics of network security Contents Linux installation/administration, introduction to networks, network security: firewall configuration (iptables), security tools (nessus, ...) Prerequisites Basic computer science knowledge Examination 1 final exam 1 evaluation in machine room _________________________________________________________________________________________ Final mark session1: 35%TP + 65%ET Final mark session2 : 35%TP + 65%ET2 ___________________________________________________________________________________________________________ DESCRIPTION IN FRENCH Objectifs de l’enseignement Bases de l'administration des systèmes unix, bases de la sécurité réseau Contenu Installation et administration linux, introduction aux réseaux, sécurité réseau : Configuration de pare-feu (iptables), outils de sécurité (nessus, ...) Pré requis Connaissances de base en informatique Forme d’examen 1 examen terminal 1 évaluation en salle machine ___________________________________________________________________________________________________________ Bibliographie / textbooks Practical unix and internet security (Simson Garfinkel, Gene Spafford, Alan Schwartz) Internet site security (Erik Schetina, Ken Green, Jacob Carlson)