CSCI 451 Computer Security
by Hui Chen, Ph.D.
Overview
This course focuses on communication security in computer systems and networks. It is intended to provide students with a comprehensive introduction to the field of network security. The course covers critical network security services such as authentication and access control, integrity, and confidentiality of data, routing, firewalls, virtual private networks, and web security. Where appropriate, we examine threats and vulnerabilities to specific architecture and protocols.
Prerequisites:CSCI 358 Introduction to Information Assurance or approval of the instructor
Syllabus
You may download the CSCI 451 Syllabus in a PDF file.
Textbook
You may access VSU's Safari's BookOnline subscription from using VSU library's offcampus access service.
 Matt Bishop, Introduction to Computer Security, AddisonWesley Professional, October, 2004, ISBN13: 9780321247745.
Reference Books
 Matt Bishop, Computer Security: Art and Science, AddisonWesley Professional, October, 2004, ISBN13:9780321247445. This book is a version of the book with more formal and mathematical treatment of the subject than the textbook. If you wish more formal and mathematical treatment, read this book intead.
 Dorothy Elizabeth Robling Denning. 1982. Cryptography and Data Security. AddisonWesley Longman Publishing Co., Inc., Boston, MA, USA.
 Bruce Schneier. 1996. Applied Cryptography. John Wiley & Sons.
 Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno. 2010. Cryptography Engineering. John Wiley & Sons.
Class Schedule and Material

08/15  08/17 Course Overview and Introduction to Computer Security
Topic: Overview of basic computer security concepts
Reading:
Reading and Oral Presentation:
Assignment:

08/19  08/26 Basic Cryptography I
Topic: Transposition Ciphers; Substitution Ciphers; Vigenere Cipher; Simple Cryptanalysis;
Note: Slides on transposition ciphers are not to be discussed in lectures. However, you are required to study them and the content may also appear in exams.
Reading:
Program:
 Making Vigenere Tableau in: C++; C; Java; and Matlab/Octave
 Attacking Caesar Cipher: attackcaesar.m
 Attacking Vigenere Cipher: In repository vigenere at Github.
Reading and Oral Presentation:
Assignment:
Exercise L21, L22, L23, L24, and L25. See lecture notes for the exercises.
Due dates: L21, L22, and L23: 08/22; L24 and L25: 08/29 in Blackboard(Homework L21) question 8 in exercise 8.7 in the textbook (page 120) (Due 08/31 in Blackboard)Student Presentation
Student Group Presentation (08/24) 
08/29  08/31 Basic Cryptography II
Topic: DES; AES
Reading:
Assignment:
 Exercises L31 and L32 (Due 09/05/2016 in Blackboard)

09/02  09/12 Basic Cryptography III
Topic: Public key cryptography; RSA; cryptographic checksums (study cryptographic checksums on your own; may appear it in exams)
Reading:
Resource:
I happened to use Microsoft Excel to do a demo. Some of you want to know how I did it. Here are two relevant help pages from Microsoft.
Move or copy cells and cell contents
Move or copy a formulaReading and Oral Presentation:
Assignment:
 Exercises L41 (Due 09/09), L42 (Due 09/12), and L43 (Due 09/12)

09/14 Basic Cryptography: Labs
Labs:

Groups:
Group 1: D. Johnson, G. McGee, A. Mitchell, C. Parham
Group 2: K. Baity, P. Jordan, M. Lewis, D. Mack;
Group 3: F. Callender, N. Chavez, K. McKellery, T. Taylor
Group 4: J. Boyd, J. Daniels, C. Sublett, S. Gross
Group 5: A. Agyemang, B. Lancaster, J. Perry, B. Cuffee 
Lab 3: Seed Lab  SecretKey Encryption
Group Assignment. Tasks 3.1  3.4 are required. Task 3.5 is optional with extra credits. Lab report due 09/16 in Blackboard. 
Lab 4: Crypto Lab  Oneway Hash Function
Group Assignment. Tasks 3.1  3.3 are required. Task 3.4 is optional with extra credits. Lab report due 09/21 in Blackboard.
Student Presentation
Student Group Presentation (09/14) 
Groups:

09/14  09/19 Key Distributions
Topic: session vs. interchange keys; design and analysis of classical cryptographic key exchange; design and analysis of public cryptographic key exchange; roles of nonces, time stamp; key freshness; key authentication; forward search attack; replay attack; maninthemiddle attack
Reading:
Assignment:
Exericses L51 (question 1 in page 142 of the textbook) and L52 (question 5 in pages 142143 of the textbook) 
09/21 Additional Time for Lab 3 and Lab 4
Note: This class is allocated as additional time for you to complete Lab 3 and Lab 4. You will be on your own. The instructor will answer your questions via email or in person

09/23 Key Distributions (Continued)
Topic: session vs. interchange keys; design and analysis of classical cryptographic key exchange; design and analysis of public cryptographic key exchange; roles of nonces, time stamp; key freshness; key authentication; forward search attack; replay attack; maninthemiddle attack
Reading:
Reading and Oral Presentation:
Assignment:
Exericses L51 (question 1 in page 142 of the textbook) and L52 (question 5 in pages 142143 of the textbook) 
09/26  09/28 Public Key Infrastructure
Topic: PKI; Certificate; certificate signing; certificate validation; X.509; PGP
Reading:
Assignment:
(Homework L61) question 3 in exercise 9.8 in the textbook (page 142) (Due 09/23 in Blackboard)Student Presentation
Student Group Presentation (09/23) 
09/30 Midterm Exam
Review notes:
 Midterm exam covers Chapter 1, Chapter 8, Chapter 9, and Chapter 11 as well as contents in the papers that students presented in the class.

10/03  10/04 Fall Break
Note:
 Fall break. No class.

10/05 Public Key Cryptography and Public Key Infrastructure: Labs
Note:
 Finish PKI lecture; recap on Midterm; start the lab.
Labs:

Groups:
Group 1: A. Agyemang, K. Baity, P. Jordan, and T. Taylor
Group 2: N. Chavez, A. Mitchell, J. Perry, and C. Sublett
Group 3: F. Callender, D. Johnson, K. McKellery, and C. Parham
Group 4: J. Boyd, B. Cuffee, B. Lancaster, and D. Mack
Group 5: J. Daniels, S. Gross, M. Lewis, and G. McGee
Lab 5: Crypto Lab  PublicKey Cryptography and PKI This is a group assignment. All tasks are required. Lab report due 10/14 in Blackboard. Groups are required to make a short oral presentation on the work.

10/0710/14 Authentication
Reading:
Principal and Identity Objects in .Net FrameworkAssignment:
Exercise L71, L72, L73, and L74 (in lecture slides; Exercises L73 and L74 are extrapoints exercises)Lab:
Lab 6: Virtual Machine Lab (Due 10/17/2016)Reading and Oral Presentation:

10/17 Cipher Techniques: Common Problems and Stream and Block Ciphers
Reading:
Assignment:
(Homework L91) Review Lab 3 and Lab 4, show at least one example of stream ciphers and at least one example of block ciphers using openssl. This is not a group assignment. Answer the question independently. 
10/19 Cipher Techniques: Networks, Cryptography, and Example Protocols

10/21 Cipher Techniques: Lab
Labs:

Groups:
Group 1: A. Agyemang, K. Baity, P. Jordan, and T. Taylor
Group 2: N. Chavez, A. Mitchell, J. Perry, and C. Sublett
Group 3: F. Callender, D. Johnson, K. McKellery, and C. Parham
Group 4: J. Boyd, B. Cuffee, B. Lancaster, and D. Mack
Group 5: J. Daniels, S. Gross, M. Lewis, and G. McGee
Lab 7: Heartbleed Attack Lab
This is a group assignment. All tasks are required. Lab report due 11/14 in Blackboard.

Groups:

10/24  10/28 Design Principles

10/31  11/02 Representing Identity
Reading:

11/04  11/09 Identify and Anonymity on the Web
Reading:
Resources
Chrome: Clear, enable, and manage cookies Chrome: where does Chrome store cookies? Firefox: Cookies  Information that websites store on your computer Firefox: where does Firefox store cookies? Safari: Safari for Mac: Manage cookies and website data using Safari Internet Explorer: Delete and manage cookies Internet Explorer:: where are cookies stored? Document.cookie Web API Cookie ExampleReading and Oral Presentation:
 Leading Johnny to Water: Designing for Usability and Trust (2student [B. Lancaster and C. Parham]) presentation in class on 11/09
Assignment:
(Homework L131) Answer questions 1 in Chapter 13 of the textook (page 234). Note: to answer this question, you may want to consult references on web cookies, e.g., Document.cookie Web API , and IETF RFC 6265 . 
11/11 Cipher Techniques: Lab
Labs:
 This class is allocated as the time for you to work on Lab 7 as well as other exercises and homeworks. You will be on your own. The instructor will answer your questions via email or in person

11/14  11/18 Controlling Access to Files

11/21 Access Control: Labs

11/23  11/27 Thanksgiving Holiday. University Closed. No Class.

11/28 Review for Final Exam (Last Day of Class)

11/29 Reading Day (Instructor holding office hours)

12/01 Final Exam
CSCI451 Final Exam:
 10:30  12:30PM, Thursday, December 1, 2016
Final Examination Week (11/30  12/05):

12/03 Final Grade
Note:
 Final grade to be posted by midnight, December 3, 2016 on Blackboard and in Banner. Any grievance must be received by the instructor by midnight, December 4, 2016.