The current proliferation of electronic communication ... - CDS - EPFL

cloutedcoughNetworking and Communications

Oct 28, 2013 (3 years and 5 months ago)

72 views

-

DRAFT
-


Proposal for a Minor in Information Security


The current proliferation of electronic communication devices affects all layers of society
. For all
parties involved in all stages of the design and life cycle of data processing

tools, this brings
along huge responsibilities with respect to the protection of those data. This in turn implies that
Information Security (IS) needs to be part of the curriculum of future engineers in the relevant
subject areas.
C
urrently
this is hardly
the case
, or with a

focus on the technological aspects of IS
while paying little attention to societal aspects that
often

affect the effectiveness of
otherwise
technically sound

solution
s
. This observation is corroborated by requests from
representatives of
local companies

w
ho have expressed
a growing

need for graduates that have a proper
understanding of the full range of implications of technological measures in IS.


The
s
ection

Communication Systems
of the school of I&C

at EPFL is therefore pleased to
announce a first step

to fill this void, by proposing a Minor in Information Security.

It would
initially
be offered
to students in Electrical

& Electronics

Engineering,

Micro
-
engineering,

Physics, Mathematics, and those in the section Computer Science of the School of I&C. At

later
stages, and depending on the perceived interest in the program, it may be m
ade available on a
wider scale.


The Minor
consist
s

of 30 credits
to be taken from the following list. The offering is made of
courses from the SSC masters, plus level settin
g courses from the bachelor program. A minimum
of 17 credits must come from core security courses, the remaining credits are chosen individually
depending on the background of the student. Individual counseling will be offered by SSC to help
define the be
st selection for each student.


The courses currently offered in this specialization, however, mostly target the technical aspects
of IS
.

Moreover, some of those courses are only partially devoted to security.

Therefore w
e
envision that
over time (and star
ting as soon as possible given the available resources)
the scope
of the
Minor will be broadened considerably, to allow students to acquire
the required

broad
range of IS
-
related skills

that allows them to understand the potential, limitations, and societa
l

drivers and

impact of IS measures
. On the short term, for instance, we intend to invite external
specialists to teach courses that are currently not on offer and that would address the no less
important non
-
t
echnical aspects of the subject
.



Tentative c
alendar:




June 2008: this document

is discussed internally in

I&C
.



September 2008: the Minor is proposed to possibly interested sections.



December 2008: the Minor is included in the plan d’études of interested sections.



September 2009: the Minor in IS begi
ns its real life by hosting students of the interested
sectio
ns and participants from outside EPFL.




November 26
, 2008

Jean
-
Pierre Hubaux, Arjen Lenstra
, Serge Vaudenay





Semester

Credits







Autumn





Spring























Course

Lecture
r

c

e

p

c

e

p



Discrete Structures (Bachelor)

Lenstra Arjen




4

4


4

Computer Networks (Bachelor)

Hubaux Jean
-
Pierre

2

2





5

Algebra (Bachelor)

Bassa Alp

2

1





3

Algorithms (Bachelor)

Henzinger Monika

4

2





6

Network security (Bachelor)
*

Oechs
lin Philippe

2

1





4



















Advanced algorithms

Shokrollahi Amin







4

2

1

7

Advanced computer architecture

Ienne Paolo







2



2

4

Advanced cryptography
*

Vaudenay Serge







2

2



4

Algorithms in public
-
key cryptology
*

Lenstra Arjen

2

2









4

Biometrics
*

Drygajlo Andrzej

2

1









4

Cryptography and security
*

Vaudenay Serge

4



2







7

Media security
*

Ebrahimi Touradj







2

1



4

Mobile networks
*

Hubaux Jean
-
Pierre







2

1



4

Model checking

Henzinger Thomas

4



2







6

Student seminar : Security protocols
and applications
*

Oechslin Philippe /
Vaudenay Serge







2





3

TCP/IP networking

Le Boudec Jean
-
Yves

2

2









5

VLSI design I

Leblebici Yusuf

2











2

VLSI design II

Vachoux Alain







2





2



*)
it is

mandatory to
accumulate at least 17 credits from these

courses.


























Brief

description

of the courses




Network security

(Bachelor’s course)


Objectives

:

To understand the threats which computer networks are exposed to and to
know how to protect a network using appropriate technical and
organisational measures.



Content :


Threats:


-

spam, phishing, virus, Trojans, denial of service, exploitation of vulnerabilities

Protection

:


-

firewalls, proxys, virus protection, intrusi
on detection

Protocols and applications

:


-

Secure e
-
mail (PGP, S/MIME)


-

PPTP, L2TP, IPSec, HTTPS, SSL/TLS, SSH


Organizational aspects

:


-

Risk analysis and security policies




-

Norms and standards

Regulatory aspects

:

-

Laws governing information
systems


Required prior knowledge

:

-








Advanced algorithms


Objectives :

To gain basic familiarity with various aspects of advanced algorithms.


Content :

Aspects of the Theory of Computations


-

Turing machines, NP
-
completeness


Approximation Algori
thms


-

Approximation Algorithms for NP
-
hard problems


Online Algorithms


-

Competitive Analysis


-

Randomized Algorithms


-

Expected Time Analysis


Data Structures


-

Heaps, Skip Lists


Other Computational Models


-

Models of parallel computation, extern
al memory algorithms, data streams



Required prior knowledge :

Algorithmique







Advanced computer architecture


Objectives :

The course extends and completes the topics of the courses « Computer
Architecture I and II ». The most innovative techniques
to exploit Instruction
-
Level
Parallelism are surveyed and the relation with the critical phases of compilation
discussed. Emerging classes of processors for complex single
-
chip systems are also
analysed by reviewing both recent commercial devices and resea
rch directions.


Content :

-

Pushing processor performance to its limits

:



Principles of Instruction Level Parallelism (ILP)



Register renaming techniques



Prediction and speculation



Compiler techniques for ILP



Simultaneous multithreading



Dynamic binary tran
slation



Case studies


-

VLSI embedded processors

:



Specificities over stand
-
alone processors



Overview of DSPs and micro controllers for Systems
-
on
-
Chip



Configurable and customisable processors



VLSI design challenges


Required prior knowledge :

Architecture

des ordinateurs I et II







Advanced cryptography


Objectives

:

To become familiar with advanced topics of cryptography, to have critical sense of
cryptographic tools.


Content :

Cryptography and information theory :


perfect secrecy, Vernam cipher, Weg
man
-
Carter message authentification code


Conventional cryptography :


design of block ciphers, dedicated attacks, differential and linear cryptanalysis,
pseudorandomness


Algorithmic number theory :


primatlity testing, factorization, discrete logarithm


Cryptography and complexity :


public key cryptography, NP
-
completeness, knapsacks


Cryptography validation :


security of ElGamal digital signatures


Cryptographic protocols :


interactive proofs, zero
-
knowledge, secret sharing


Required prior knowledge :

Cryptography and security
-

Algebra for digital communications







Algorithms in public
-
key cryptology


Objectives :

This course consists of a detailed presentation of the most important computational

methods that are used in public key cryptography and

cryptanalysis
.


Content :

An incomplete

list of subjects that may be discussed: modular (and Montgomery)
arithmetic, finite

field representations, elliptic curves, smoothness, polynomial and
integer factorization

methods, discrete logarithm methods, prim
ality testing, lattice
basis reduction.


Required prior knowledge :

very basic algebra



Biometrics


Objectives :

Introduction to analysis and interpretation of biometric data for biometric
authentication, forensic biometrics and behavioral biometrics in m
an
-
machine
communication.To give students an advanced understanding of and competence
with, the theories, concepts, technologies and techniques for the design,
development and effective use of biometric systems.


Content :

Fundamentals of Biometrics


Ident
ity and Biometrics, Individuality of Biometric Data, Recognition, Verification,
Identification and Authentication


Analysis, Modeling and Interpretation of Biometric Data


Mathematical Tools, Sensing and Storage, Representation and Feature Extraction,
Enro
llment and Template Creation, Biometric System Errors, Evaluation of
Biometric Systems


Leading Biometric Technology


Physiological Characteristics (fingerprints, face (2D and 3D), hand geometry,
palmprint, iris, retina), Behavioral Characteristics (dynami
c signature, voice, gait,
keystroke dynamics), Biological Traces (DNA, odour), Technologies under
development, Synthetic Biometric Data Generation


Multimodal Biometrics


Biometric Standards


Small, Medium and Large Scale Biometric SystemsIntegration of bi
ometrics with
other existing technologies (identity documents, smart cards, databases, e
-
technologies, transmission of biometric data)


Behavioral Biometrics in Human
-
Machine Communication


Securing Biometric Data and Systems


Biometric Encryption


Biomet
ric Applications


Security (Physical and Logical Access), Law Enforcement and Forensic
Applications, Government and Military Sector, Financial Sector, Healthcare,
Travel and Immigration


Privacy and Legal Issues


Required prior knowledge :

Signal processin
g for communications

Cryptography and security


Objectives :

Introduce basic cryptography:



identify security issues



identify cryptographic primitives



understand how to use them



understand how they can be implemented assimilate necessary notions to
understa
nd how they operate


Content :

1.

Cryptography prehistory. Shannon secrecy.


2.

Applied number theory.

3.

Cryptozoology: symmetric encryption, hashing, message authentication,

public
-
key cryptography, signature, key agreement.

4.

Elements of cryptanalysis:

exhaustive search, birthday paradox, algorithmic
complexity.


5.

Communication security.

6.

Trust establishment. Public
-
key infrastructure, identity
-
based cryptography.

7.

Privacy. RFID technology.

8.

Case studies: wireless ommunication (telephony, WiFi,
Bluetooth, W
-
USB),
biometric passport, secure transactions over the Internet (SSL, SSH, PGP).


Required prior knowledge :

-



Media security


Objectives :

Media security, while being a subset of data security, is of special interest for two
main reasons. F
irst, security applications involving media content are particularly
rich in their technical challenges and business opportunities. Second, media
content, as opposed to generic data, is intended for human consumption and
therefore bears a perceptual dimens
ion. Specifically, it is mostly the content, and
not the data, that needs to be authenticated and/or protected. This brings additional
degrees of freedom, as well as constraints on how such type of data can be secured.


Content :

This course provides atten
dees with theoretical and practical issues in media
security. The following topics will be covered, with emphasis on image, video,
and audio applications.


Media security problems :

rights protection, content integrity verification, confidentionality, steg
anography
and data hiding.


Media access problems :


access control, conditional access, access over time, copyright.


Media security tools and solutions :

robust watermarking, fragile watermarking, selective encryption, monitoring,
robust hashing, content

identification


Media security standards :

secured JPEG 2000 (JPSEC), security tools in the MPEG family of standards
from MPEG
-
1 to MPEG
-
21


Applications :


secure transcoding, surveillance with privacy, media databases, etc.


Required prior knowledge :

C
ryptography and security


Mobile networks


Objectives :

A first objective of this course is to provide a deep understanding of the techniques
used to support mobility in wireless networks (above the physical layer): multiple
access, mobility management, ha
nd
-
over, roaming, security, and network planning
(including capacity estimation). A second objective is to illustrate these techniques
by showing their usage in the most relevant mobile networks, namely cellular
networks and wireless Local Area Networks. A

third objective is to provide an
introduction to sensor networks.


Content :

-

Introduction: wireless and mobility

-

Multiple access techniques over a radio channel

-

Reminders on security

-

Operating principles of wireless LANs; a prominent example: IEEE

802.11

-

Hands
-
on exercises on IEEE 802.11; illustration of vulnerabilities and counter
-
measures

-

Wi
-
Fi hotspots: technical challenges and possible solutions

-

Mobility in IP networks; Mobile IPv4 and v6

-

Cellular networks: capacity; mobility management
; hand
-
over; roaming; security;
billing

-

Examples of cellular networks: GSM, GPRS and UMTS

-

Introduction to sensor networks


Required prior knowledge :

Introduction aux réseaux de communications ou équivalent






Model checking

:


Objectives

:

The parti
cipants will become familiar with both the theory and practice of formal
software and hardware verification, in particular with the technique called model
checking.


Content

:

Model checking concerns the use of algorithms for the safety and performance
ass
urance of software and hardware systems. As our daily lives depend
increasingly on digital systems, the reliability of these systems becomes a concern
of overwhelming

importance, and as the complexity of the systems grows, their
reliability can no longer b
e sufficiently controlled by the traditional approaches of
testing and simulation.



The course will cover the following topics.



1.

System modeling: concurrency, real time, safety vs. liveness.


2.

Verification algorithms: temporal logic, automata, games
.


3.

Scalability issues: symbolic methods, modularity, abstraction.


4.

Advanced topics: hybrid systems, stochastic systems.


Required prior knowledge :

Familiarity with propositional logic, finite automata, basic
computational complexity classes, and bas
ic graph algorithms is
assumed.




Student seminar : Security protocols and applications


Objectives :

This seminar introduces the participants to the current trends, problems, and
methods in the area of communication security.


Content :

We will look at t
oday's most popular security protocols and new kinds of protocols,
techniques, and problems that will play an emerging role in the future. Also, the
seminar will cover methods to model and analyze such security protocols.


This course will be held as a sem
inar, in which the students actively participate.
The talks will be assigned in the first meeting to teams of students, and each team
will have to give a 45 minutes talk, react to other students' questions, and write a 3
-
4 pages summary of their talk.


Req
uired prior knowledge :

Cryptography and Security





TCP/IP networking


Objectives :

In this lecture you will learn and practice what is behind “surfing the net”.


In the lectures you will learn and understand the main ideas that underlie the
Internet, th
e way it is built and run. In the labs you will test and clarify your
understanding of the networking concepts by: connecting computers to form a
LAN, a bridged area, few networks interconnected by routers and few
interconnected autonomous routing domains;

developing and implementing a
variant of TCP that boosts the performance of your TCP connections.


Content :

Lectures

1.

The TCP/IP architecture

2.

Layer 2 networking; Bridging; the Spanning Tree Protocol and Fast
Spanning Tree protocol.
Bellman Ford in diffe
rent a
l
gebras.

3.

The Internet protocol. IPv6. Distance vector, link state and other forms of
routing for best effort. Interior routing: RIP, OSPF, IGRP. Optimality of
rou
t
ing.

4.

Interdomain routing, the self
-
organized Internet. BGP. Autonomous
routing domains.

5.

Congestion control principles. Application to the Internet. The fairness of
TCP

6.

Quality of service. Differentiated services. Integrated services.

7.

Hybrid constructions. MPLS. Transition to IPv6. VPNs. Wireless LANs.

8.

Selected advanced topic.

Lab Sessions (
Internet engineering workshop)

1.

Bridging

2.

Static routing

3.

Interior routing

4.

Interdomain routing

5.

Congestion control

Homeworks and guided self
-
study


Selected topic


Required prior knowledge :

One programming language




VLSI design I


Objectives :

The course

objective is to introduce the fundamental principles of VLSI circuit
design, to examine the basic building blocks of large
-
scale digital integrated
circuits, and to provide hands
-
on design experience with professional design
(EDA) platforms.


Content :

1.

Introduction to basic concepts: VLSI design styles

2.

Main steps of VLSI design flow
-

hierarchical design

3.

CMOS fabrication technology, limitations, origins of design rules, very
deep sub
-
micron (VDSM) issues

4.

Full
-
custom layout design examples

5.

RC

interconnect parasitics, their influence on performance

6.

High
-
performance CMOS design techniques


Multi
-
input gates and complex gates


Optimization of logic depth


Optimization of power dissipation

7.

Sub
-
system design and arithmetic architectures


Ripp
le
-
carry adders


Carry
-
lookahead adders (CLAs)


Carry
-
select adders (CSAs)


Serial
-
parallel multiplier


Parallel array multipliers


Shift registers

8.

ASIC design guidelines


Synchronous circuit design


Clock buffering techniques


Pipelining techniques


Lo
w
-
power VLSI design


Generation and distribution of clock signals


Required prior knowledge :

-



VLSI design II


Objectives :

This course aims to familiarize the students with the design of very large
-
scale
integrated (VLSI) circuits, using dedicated elec
tronic design automation tools.
Several functional blocks will be designed in practical exercises, and examples of
system level integration will be shown.


Content :

1. Introduction to VLSI CAD


Overview of CAD systems. Concept of automated design flow. To
p
-
down and
bottom
-
up design approaches. Practical aspects of using CAD systems in design.



2. Physical Design Automation

System
-
level partitioning and floor
-
planning. Logic partitioning. Module
placement algorithms. Global and detailed routing algorithms.

Design compaction
methodologies. Performance
-
driven physical layout design.



3. Design Projects

The students will participate in a series of collaborative design exercises where
each project group is assigned a task, to be completed in 3
-
4 weeks. The
com
plexity of the design assignments will increase progressively, leading up to
system
-
on
-
chip (SoC) realization by the end of the semester.


Required prior knowledge :

Conception VLSI
-

I, Hardware systems modeling I