Credit Level: Graduate. Credit Hrs: 3.00.
Prerequisites - any one of the following is sufficient:
||Data Structures and Discrete Math plus proficiency in object oriented
||an undergraduate degree in computer science, computer engineering,
or electrical engineering;
||permission of the instructor.
This course treats current concerns, trends, and techniques to insure
security and safety of data on computers and over networks. Tools and
systems to ensure confidentiality, authentication, and message integrity are
of primary interest. There are three parts to this course:
- Basic tools and how to put them together. Basic tools include Secret
Key and Public Key block ciphers such as DES, 3DES, AES, RSA, Diffie-Hellman
Key Exchange, zero-knowledge authentication, and Elliptic Curve
Cryptography; hash algorithms such as SHA variants; stream ciphers such as
RC4 variants; message integrity and authentication algorithms such as HMAC.
Output Feedback Mode, One-time Pads, Cipher Block Chaining are discussed as
the means to put many of these algorithms to practical use.
- Well-known systems that use these tools. This includes Kerberos
(authentication), IPSec (VPN), Internet Key Exchange, SSL, PGP, Email
Security, among others. Certification authorities, certificates, and key
distribution centers to support these systems are discussed. Vulnerabilites
in protocols specified for these systems and ways they can be fixed are
- Well known attacks and how to prevent them. This includes denial of
service, side-channel, attacks that exploit existing network IP and TCP
protocols, offline and online password attacks, stateless cookies.
Students will form teams of three to produce systems written in Java that
will compete in a contest spanning four days just before finals week (this
quarter long project will replace a final exam). The contest will be
supervised and judged by software called a monitor. The monitor will
periodically distribute "wealth" to student systems that connect to them.
Even more "wealth" may be obtained through trades. Student systems must be
able to collect wealth and protect it from theft. This entails the
employment of encryption algorithms to hide sensitive account information,
and authentication algorithms and certificates to verify the monitor and
trading partners. Thus, all major aspects of the course will be part of the
Confidentiality, Message Integrity, Authentication, Public Key Encryption,
Secret Key Encrption, Block Cipher, Stream Cipher, Signature Algorithms,
Zero Knowledge Authentication, Message Digest, Hash Algorithms,
Diffie-Hellman Key Exchange, RSA, DSS, Elliptic Curve Cryptography,
Karn Symmetric Key Encryption, One-time Pad, CBC, Password Authentication,
Lamport's Algorithm, DES, 3DES, IDEA, AES, Key Distribution Center,
Certification Authority, Kerberos, Mathematics of Security, IPSec,
HMAC, IKE, SSL, Email Security, Side-Channel Attacks.
There are numerous sources of material on which the lectures will be
based. Most of those are posted on the course website. The
texts referred to here also contain much
information. It is not required that any of these texts be purchased
but it is highly recommended. There are many other great sources of
information in this area and the student is encouraged to seek out
such material independently.