The security of cryptographic protocols remains as relevant as ever, with systems such as TLS and Signal being responsible for much of the Web's security guarantees. In recent years, understanding how to reason about, work with and even implement cryptographic protocols has become an important aspect of security engineering.

In this training, you will learn about threat modeling and security goals for modern cryptographic protocols. We will discuss how contemporary protocols such as TLS 1.3 achieve advances in security, resistance to attack and improvements over previous versions. We will look at security notions to take into account while implementing protocols. The fundamental design principles for cryptographic systems will be covered, and you will also be introduced to the state of the art for modeling and verifying real-world cryptographic systems.

This training will be held at Symbolic Software's office in central Paris, across the street from the Notre Dame Cathedral.

Training Schedule

1. Introduction to Cryptography Engineering

....A. Security Goals, Threat Modeling

....B. Real-World Systems and their Goals

....C. Recent Advances in Protocol Design

2. Foundations of Cryptography

....A. Primitives and Cryptographic Security Notions

....B. Public Key Cryptography

....C. Current Questions in Cryptography

3. Cryptographic Protocols

....A. Protocol Design Principles: Theory versus Practice

....B. TLS 1.2 versus TLS 1.3: Evolving the World's Protocols

....C. State of Secure Messaging: Signal, MLS and More

....D. New Protocols: WireGuard, Noise Protocol Framework

4. Implementing Cryptographic Protocols

....A. How to Implement Protocols Safely (Best Practices)

....B. How to Implement Protocols Dangerously (Mistakes and Risks)

....C. Managing Trust, Secrets and Public Key Infrastructure

5. The Future of Cryptographic Protocols

....A. Formal Verification: An Introduction

....B. Modeling Protocols for Beginners: Verifpal

....C. A Brief Look at the Technology of the Future: F*

6. Q&A

Who is this training for?

Security engineers, information security professionals and managers all stand to learn from a modern and comprehensive training on cryptographic systems. If you're in a position where you're deploying, using or managing systems that safeguard user communications, such a training may very well be indispensable.

What will I learn at this training?

• Understand the thinking behind the designs of modern protocols ranging from TLS to WireGuard.
• Learn how to choose the right cryptography for the right scenario, minimizing risk, cost and performance impacts.
• Learn how to analyze the security of complex cryptographic systems, and best practices for implementing them, as well as pitfalls and common mistakes that are best avoided.
• Understand the hows and whys of protocol design.
• Be informed with the latest technologies and methods for cryptography engineering.
• Top tips and know-how from experts.

Trainer

Nadim Kobeissi (@kaepora) is director at Symbolic Software, a researcher in applied cryptography and professor at New York University's Paris campus. His research work focuses on protocol analysis and formal verification. Dr. Kobeissi received his Ph.D. after doing research at the Institut National de Recherche en Informatique et Automatique (INRIA) in Paris (accredited by École Normale Superieure) and has published peer-reviewed research focusing on applied cryptography and automated protocol verification.