COSC 5130 Computer Security & Reliability

shoulderslyricalAI and Robotics

Nov 21, 2013 (3 years and 8 months ago)

70 views

11/21/2013


1


Webster University

Downtown Campus

Fall

2006


COSC 5130


Computer Security & Reliability


Instructor: John J. Aleshunas


Office: Sverdrup 207 F






Phone:

314.961.2660 ext. 7565






E
-
mail:

jalesh@webster
.edu






Web page: mercury.webster.edu/aleshunas



Course Description


Students in this course will study the techniques for protecting data within a computer and
protecting data as it moves through a network. Data and system security and reliability will

be considered in a distributed environment. Topics will include encryption, authentication
and digital signatures, threats to the computer system, and system reliability.



Incoming Competency


Prospective students must have successfully completed COSC 51
10 Network
Architecture.



Objectives


Students should


1.

Learn conventional encryption schemes using the DES model.

2.

Understand the design issues for the selection and use of encryption
protocols for providing confidentiality.

3.

Learn the principles for analy
zing public
-
key cryptography.

4.

Learn approaches to the use of authentication and digital signature
techniques.

5.

Learn to anticipate threats to the computer system and develop
procedures for computer recovery.

6.

Learn the principles for analyzing system reliabi
lity.

7.

Learn the techniques and methods used for cryptanalysis.



Learning Outcomes


At the completion of this course, each student will be able to:


1.

Describe conventional encryption schemes.

2.

Explain the design issues for the selection and use of encryption

protocols for
providing confidentiality.

3.

Summarize the principles for analyzing public
-
key cryptography.

4.

Illustrate approaches to the use of authentication and digital signature techniques.

11/21/2013


2


5.

Explain how to anticipate threats to the computer system and deve
lop procedures for
computer recovery.

6.

Describe the principles for analyzing system reliability.

7.

Summarize the techniques and methods used for cryptanalysis.



Schedule


Week 1

Course overview

Introduction to computer security and attacks

Conventional encry
ption


Classical techniques



Steganography



Monoalphabetic Ciphers



Polyalphabetic Ciphers



Transposition Techniques



Rotor Machines


Modern techniques



Simplified DES



Block Cipher Principles



Differential and Linear Cryptanalysis



The Data Encry
ption Standard



The Strength of DES


Text:

Ch 1
-

Overview

Ch 2

䍬慳sic慬⁅湣ry灴p潮⁔散桮i煵敳

䍨″


Bl潣k⁃ 灨敲e⁡ 搠d桥⁄慴 ⁅湣ry灴p潮⁓瑡t摡rd


䑩sc畳si潮 ⁩湤ivi摵慬⁲敳敡rc栠h慰敲e


Week 2

The Mathematics of Finite Fields

Modular and Polynomi
al Arithmetic

The Advanced Encryption Standard (AES)

Triple DES

International Data Encryption Algorithm

Example Algorithms

Characteristics of Advanced Symmetric Block Ciphers

Traffic Confidentiality

Key Distribution

Random Number Generation


Text:

Ch 4


c
i湩瑥tci敬摳

䍨‵


A摶慮c敤⁅湣ry灴p潮⁓瑡t摡rd

䍨‶


䵯r攠e渠
pymm整物c⁃ 灨敲e

䍨‷


䍯湦i摥湴n慬i瑹⁕ i湧⁓ymm整物c⁅湣ry灴p潮


Week 3







Prime and Relatively Prime Numbers

Testing for Primality

Discrete Logarithms

Principles of Pub
lic
-
Key Cryptosystems

The RSA Algorithm

Diffie
-
Hellman Key Exchange


11/21/2013


3


Week 3 (cont.)

Text:

Ch 8


䥮fr潤畣瑩潮⁴ ⁎畭扥r⁔桥潲o

䍨‹


m畢lic
-
h敹⁃ y灴p杲慰桹⁡ 搠剓A

䍨‱〠


h敹⁍ 湡来m敮琻⁏瑨敲⁐t扬ic
-
h敹⁃ y灴psys瑥ts


Week 4

Exam




Week 5

Authentication Requiremen
ts

Authentication Functions

Hash Functions

MD5 Message Digest Algorithm

Secure Hash Algorithm (SHA
-
1)

Digital Signatures

Authentication Protocols

Digital Signature Standard



Text:

Ch 11


䵥ss慧攠e畴u敮瑩c慴a潮⁡ 搠䡡s栠䙵湣瑩潮s

䍨‱㈠


䡡e栠
慮搠dA䌠
Al杯
ri瑨ts

䍨‱㌠


䑩杩瑡t⁓i杮慴ar敳⁡ 搠d畴u敮瑩c慴a潮⁐r潴oc潬s


Week 6

Kerberos

X.509 Authentication Service

Pretty Good Privacy

S/MIME

IP Security Architecture

Authentication Header

Combining Security Associations


Text:

Ch 14


A畴u敮瑩c慴a潮⁁灰lic慴ao



䍨‱㔠


bl散瑲潮ic⁍ il⁓散畲楴y


䍨‱㘠


䥐⁓散畲楴y


Week 7


Web Security Considerations

Secure Sockets Layer and Transport Layer Security

Secure Electronic Transactions

Intruders and Intrusion Detection

Viruses, and Related Threats

Firewall Design
Principles

Trusted Systems


Text:

Ch 17


t敢⁓散畲楴y

䍨‱㠠


䥮fr畤敲e

䍨‱㤠


䵡lici潵s⁓潦瑷慲a

䍨′〠
-

cir敷慬ls


Week 8

Presentation of individual papers


Week 9

Exam




11/21/2013


4


Text


Stallings, William,
Cryptography and Network Security: Principals and

Practice
,
Fourth

Edition, Prentice
-
Hall, Inc., Upper Saddle River, New Jersey 07458, 2002, ISBN:
0
-
13
-
187316
-
4



General


In this course, you will actively participate in the study of network and system security design
principles. Your emphasis, as gradua
te students, should be on discovery and implementation and
not on simple memorization of facts. You will be expected to read the assigned chapters and to
actively participate in the class discussions. Those discussions, as well as the individual projects,
will provide you a practical means to clearly comprehend network and system security.


The homework assignments will be worth very few grade points (this implies low risk). Their main
purpose is to help me assess your understanding of the course material a
nd the presentation
pace. They also provide you the side benefit of pointing out what the key concepts of the material
are.

We will have two exams; a mid
-
term in week 4 and a final in week 9. The mid
-
term exam will
cover all of the material from the first
three weeks. Because this course develops the subject
material from what’s presented earlier in the course, the final exam will be a comprehensive test
of all the material from weeks 1 through 7.



Individual Research Projects


The individual research proj
ect provides you the opportunity to experiment with a selected security
topic. You may select any research topic, subject to my approval. Remember, we are trying to
gain compentcy in encryption and systems security and some areas, for example, where the
pr
oblem domain is not constrained and well understood, may not be as productive as others.
Additionally, I want to expose you to a variety of security topics.


You can choose to conduct research and publish your findings in a research paper (approximately
te
n double
-
spaced pages) or develop a working experiment with a security technique or algorithm
and publish your findings in a report (approximately five double
-
spaced pages). You will conclude
your project with a presentation in week 8. Use the APA (America
n Psychological Association)
style to format your paper and its reference citations.


This is a formal paper, and it requires a formal presentation. This is an opportunity for you to
share your work with the class. Plan to take ten
-
minutes to present your
work, before questions
and comments. Don’t read your paper. Determine the most important and interesting parts of your
paper for the presentation (three items at most). It is not necessary to include everything in the
paper in your presentation, and in fac
t, there will not be time to do so. You must use PowerPoint
as a presentation aid in you presentation. If you choose to do a research project, present a
demonstration of your work.



11/21/2013


5


Grading


Your grade will be compiled from each of the class evaluation c
omponents in the following
proportions:


Mid
-
term Exam



25%

Final Exam



25%

Homework



10%

Research Project


40%

Total



100%


The course grading requirements are:


93 to 100%


A

90 to 92%


A
-

87 to 89%


B+

83 to 86%


B

80 to 82%


B
-

77 to 79%


C+

70 to
76%


C

Below 70%


F