CSCI 451 Computer Security
by Hui Chen, Ph.D.
Overview
This course focuses on communication security in computer systems and networks. It is intended to provide students with a comprehensive introduction to the field of network security. The course covers critical network security services such as authentication and access control, integrity, and confidentiality of data, routing, firewalls, virtual private networks, and web security. Where appropriate, we examine threats and vulnerabilities to specific architecture and protocols.
Prerequisites:CSCI 358 Introduction to Information Assurance or approval of the instructor
Syllabus
You may download the CSCI 451 Syllabus in a PDF file.
Textbook
You may access VSU's Safari's Book-Online subscription from using VSU library's off-campus access service.
- Matt Bishop, Introduction to Computer Security, Addison-Wesley Professional, October, 2004, ISBN-13: 978-0-321-24774-5.
Reference Books
- Matt Bishop, Computer Security: Art and Science, Addison-Wesley Professional, October, 2004, ISBN-13:978-0-321-24744-5. This book is a version of the book with more formal and mathematical treatment of the subject than the textbook. If you wish more formal and mathematical treatment, read this book intead.
- Dorothy Elizabeth Robling Denning. 1982. Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA.
- Bruce Schneier. 1996. Applied Cryptography. John Wiley & Sons.
- Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno. 2010. Cryptography Engineering. John Wiley & Sons.
Class Schedule and Material
-
08/15 - 08/17 Course Overview and Introduction to Computer Security
Topic: Overview of basic computer security concepts
Reading:
Reading and Oral Presentation:
Assignment:
-
08/19 - 08/26 Basic Cryptography I
Topic: Transposition Ciphers; Substitution Ciphers; Vigenere Cipher; Simple Cryptanalysis;
Note: Slides on transposition ciphers are not to be discussed in lectures. However, you are required to study them and the content may also appear in exams.
Reading:
Program:
- Making Vigenere Tableau in: C++; C; Java; and Matlab/Octave
- Attacking Caesar Cipher: attackcaesar.m
- Attacking Vigenere Cipher: In repository vigenere at Github.
Reading and Oral Presentation:
Assignment:
Exercise L2-1, L2-2, L2-3, L2-4, and L2-5. See lecture notes for the exercises.
Due dates: L2-1, L2-2, and L2-3: 08/22; L2-4 and L2-5: 08/29 in Blackboard(Homework L2-1) question 8 in exercise 8.7 in the textbook (page 120) (Due 08/31 in Blackboard)Student Presentation
Student Group Presentation (08/24) -
08/29 - 08/31 Basic Cryptography II
Topic: DES; AES
Reading:
Assignment:
- Exercises L3-1 and L3-2 (Due 09/05/2016 in Blackboard)
-
09/02 - 09/12 Basic Cryptography III
Topic: Public key cryptography; RSA; cryptographic checksums (study cryptographic checksums on your own; may appear it in exams)
Reading:
Resource:
I happened to use Microsoft Excel to do a demo. Some of you want to know how I did it. Here are two relevant help pages from Microsoft.
Move or copy cells and cell contents
Move or copy a formulaReading and Oral Presentation:
Assignment:
- Exercises L4-1 (Due 09/09), L4-2 (Due 09/12), and L4-3 (Due 09/12)
-
09/14 Basic Cryptography: Labs
Labs:
-
Groups:
Group 1: D. Johnson, G. McGee, A. Mitchell, C. Parham
Group 2: K. Baity, P. Jordan, M. Lewis, D. Mack;
Group 3: F. Callender, N. Chavez, K. McKellery, T. Taylor
Group 4: J. Boyd, J. Daniels, C. Sublett, S. Gross
Group 5: A. Agyemang, B. Lancaster, J. Perry, B. Cuffee -
Lab 3: Seed Lab - Secret-Key Encryption
Group Assignment. Tasks 3.1 - 3.4 are required. Task 3.5 is optional with extra credits. Lab report due 09/16 in Blackboard. -
Lab 4: Crypto Lab - One-way Hash Function
Group Assignment. Tasks 3.1 - 3.3 are required. Task 3.4 is optional with extra credits. Lab report due 09/21 in Blackboard.
Student Presentation
Student Group Presentation (09/14) -
Groups:
-
09/14 - 09/19 Key Distributions
Topic: session vs. interchange keys; design and analysis of classical cryptographic key exchange; design and analysis of public cryptographic key exchange; roles of nonces, time stamp; key freshness; key authentication; forward search attack; replay attack; man-in-the-middle attack
Reading:
Assignment:
Exericses L5-1 (question 1 in page 142 of the textbook) and L5-2 (question 5 in pages 142-143 of the textbook) -
09/21 Additional Time for Lab 3 and Lab 4
Note: This class is allocated as additional time for you to complete Lab 3 and Lab 4. You will be on your own. The instructor will answer your questions via email or in person
-
09/23 Key Distributions (Continued)
Topic: session vs. interchange keys; design and analysis of classical cryptographic key exchange; design and analysis of public cryptographic key exchange; roles of nonces, time stamp; key freshness; key authentication; forward search attack; replay attack; man-in-the-middle attack
Reading:
Reading and Oral Presentation:
Assignment:
Exericses L5-1 (question 1 in page 142 of the textbook) and L5-2 (question 5 in pages 142-143 of the textbook) -
09/26 - 09/28 Public Key Infrastructure
Topic: PKI; Certificate; certificate signing; certificate validation; X.509; PGP
Reading:
Assignment:
(Homework L6-1) question 3 in exercise 9.8 in the textbook (page 142) (Due 09/23 in Blackboard)Student Presentation
Student Group Presentation (09/23) -
09/30 Midterm Exam
Review notes:
- Midterm exam covers Chapter 1, Chapter 8, Chapter 9, and Chapter 11 as well as contents in the papers that students presented in the class.
-
10/03 - 10/04 Fall Break
Note:
- Fall break. No class.
-
10/05 Public Key Cryptography and Public Key Infrastructure: Labs
Note:
- Finish PKI lecture; recap on Midterm; start the lab.
Labs:
-
Groups:
Group 1: A. Agyemang, K. Baity, P. Jordan, and T. Taylor
Group 2: N. Chavez, A. Mitchell, J. Perry, and C. Sublett
Group 3: F. Callender, D. Johnson, K. McKellery, and C. Parham
Group 4: J. Boyd, B. Cuffee, B. Lancaster, and D. Mack
Group 5: J. Daniels, S. Gross, M. Lewis, and G. McGee
Lab 5: Crypto Lab - Public-Key Cryptography and PKI This is a group assignment. All tasks are required. Lab report due 10/14 in Blackboard. Groups are required to make a short oral presentation on the work.
-
10/07-10/14 Authentication
Reading:
Principal and Identity Objects in .Net FrameworkAssignment:
Exercise L7-1, L7-2, L7-3, and L7-4 (in lecture slides; Exercises L7-3 and L7-4 are extra-points exercises)Lab:
Lab 6: Virtual Machine Lab (Due 10/17/2016)Reading and Oral Presentation:
-
10/17 Cipher Techniques: Common Problems and Stream and Block Ciphers
Reading:
Assignment:
(Homework L9-1) Review Lab 3 and Lab 4, show at least one example of stream ciphers and at least one example of block ciphers using openssl. This is not a group assignment. Answer the question independently. -
10/19 Cipher Techniques: Networks, Cryptography, and Example Protocols
-
10/21 Cipher Techniques: Lab
Labs:
-
Groups:
Group 1: A. Agyemang, K. Baity, P. Jordan, and T. Taylor
Group 2: N. Chavez, A. Mitchell, J. Perry, and C. Sublett
Group 3: F. Callender, D. Johnson, K. McKellery, and C. Parham
Group 4: J. Boyd, B. Cuffee, B. Lancaster, and D. Mack
Group 5: J. Daniels, S. Gross, M. Lewis, and G. McGee
Lab 7: Heartbleed Attack Lab
This is a group assignment. All tasks are required. Lab report due 11/14 in Blackboard.
-
Groups:
-
10/24 - 10/28 Design Principles
-
10/31 - 11/02 Representing Identity
Reading:
-
11/04 - 11/09 Identify and Anonymity on the Web
Reading:
Resources
Chrome: Clear, enable, and manage cookies Chrome: where does Chrome store cookies? Firefox: Cookies - Information that websites store on your computer Firefox: where does Firefox store cookies? Safari: Safari for Mac: Manage cookies and website data using Safari Internet Explorer: Delete and manage cookies Internet Explorer:: where are cookies stored? Document.cookie Web API Cookie ExampleReading and Oral Presentation:
- Leading Johnny to Water: Designing for Usability and Trust (2-student [B. Lancaster and C. Parham]) presentation in class on 11/09
Assignment:
(Homework L13-1) Answer questions 1 in Chapter 13 of the textook (page 234). Note: to answer this question, you may want to consult references on web cookies, e.g., Document.cookie Web API , and IETF RFC 6265 . -
11/11 Cipher Techniques: Lab
Labs:
- This class is allocated as the time for you to work on Lab 7 as well as other exercises and homeworks. You will be on your own. The instructor will answer your questions via email or in person
-
11/14 - 11/18 Controlling Access to Files
-
11/21 Access Control: Labs
-
11/23 - 11/27 Thanksgiving Holiday. University Closed. No Class.
-
11/28 Review for Final Exam (Last Day of Class)
-
11/29 Reading Day (Instructor holding office hours)
-
12/01 Final Exam
CSCI451 Final Exam:
- 10:30 - 12:30PM, Thursday, December 1, 2016
Final Examination Week (11/30 - 12/05):
-
12/03 Final Grade
Note:
- Final grade to be posted by midnight, December 3, 2016 on Blackboard and in Banner. Any grievance must be received by the instructor by midnight, December 4, 2016.