COURSE TITLE: ECE 510-4 Seminar - Computer Security and Information Assurance (Spring 2005)

COURSE TITLE: ECE 510-4 Seminar - Computer Security and Information Assurance (Spring 2005)

CATALOG DESCRIPTION: Introduction to cryptography and its applications; classification of attacks on application security, operating system security, network security; authentication and authorization; state of the art implementation attacks; secure systems; software protection, digital rights management; privacy/trust issues.

REQUIRED TEXT: Charles P. Pfleeger, Shari Lawrence Pfleeger, Security in Computing, Prentice Hall, 3^rd edition.

REFERENCE TEXTS:

1. M. Bishop, "Computer Security: Art and Science", Addison-Wesley, 2003.

2. C. Pfleeger and S. Pfleeger, Prentice Hall, "Security in Computing", 2003.

3. S. McClure, J. Scambray, and G. Kurtz, "Hacking Exposed: Network Security Secrets and Solutions", McGraw-Hill, 2003.

4. N. Ferguson and B. Schneier, "Practical Cryptography", Wiley Publishing, 2003.

5. Papers distributed in class.

COURSE COORDINATOR: Alok Choudhary

COURSE GOALS: To increase awareness of issues in computer security, by introducing concepts in cryptography and its applications, not only from a technological standpoint but also from a ethical/legal one. As a research-oriented course, the goal is to encourage an atmosphere of active student participation through the presentation of interesting approaches (both successes and failures) to security.

PREREQUISITES BY COURSES: None.

PREREQUISITES BY TOPICS:

1. Basic understanding of finite mathematics (Boolean algebra, probability, etc.)

2. Operating systems

DETAILED COURSE TOPICS:

1. Overview of cryptography and information security. Trust and privacy. Classification of attacks

2. Properties of cryptographic systems. Review of relevant mathematics (randomness, probability, etc.)

3. Symmetric/Secret key cryptography (DES, 3DES, AES)

4. Asymmetric/Public key cryptography (Dixie-Hellman, RSA)

5. Elliptic curve cryptography

6. Attacking a cryptographic system (brute force, timing attacks, differential power analysis, algebraic analysis)

7. User authentication (passwords, biometrics, smartcards, etc.)

8. Digital signatures, watermarking schemes

9. Trusted Computing (TCPA, Palladium, DRM)

10. Application-level security (secure coding practices, safe languages, buffer overruns)

11. Secure systems and attacks

12. Legal and ethical issues in the context of security/privacy/DRM/etc

PROJECTS: Each student will be required to perform a thorough case study on a topic relevant to the course. This will include the following tasks: finding and reading pertinent research papers and other technical information, writing a detailed analysis of the subject (10-20 pages), and presenting the topic to the class. A list of valid topics will be supplied although the students will be encouraged to select a subject matter of personal interest.

GRADES:

Class participation - 50%

Project presentation and write-up - 50%

COURSE OBJECTIVES: When a student completes this course, s/he should be able

to:

1. Understand the basics of cryptography

2. Recognize and comprehend many types of computing security vulnerabilities, with an increased level of understanding of security bulletins and published exploits.

3. Apply critical thinking towards security and privacy issues, as they appear both in technical situations and in everyday usage.