CSC 474/574: Information Systems Security

CSC 474/574 Information Systems Security

Fall 2004

(This page will be changed frequently. Check before class.)

(Updated for the final!) Instructional Objectives: Guideline for Preparing for the Final Exam

The instructor's office hour is changed to 4pm-5pm on Mondays and Wednesdays.

Sample mid-term exam (Please note that the scope of this sample mid-term exam is slightly different.)

Note: Homework assignments must be completed with a word processor (e.g., Microsoft Word, LaTeX). Hand written submissions will NOT be accepted.

Instructor:

Dr. Peng Ning

Office hours:	Mondays and Wednesdays , 4:00pm - 5:00pm, 250 Venture III (in Suite 243), Centennial Campus
Office phone:	(919) 513-4457
Fax:	(919)513-7447
Email address:	pning (at) ncsu.edu.
Homepage:	http://www.csc.ncsu.edu/faculty/ning

Teaching assistant:

Mr. Srinath Anantharaju (TA's Page)

Office hours:	Mondays and Wednesdays, 4:00pm - 5:30pm, Venture III (in Suite 243), Centennial Campus
Email address:	sananth3 (at) ncsu.edu

Class location:

Room 150 Venture II, Centennial Campus

Day and time:

Mondays, Wednesdays, and Fridays, 10:45am -11:35am.

Course Syllabus

Students registered for CSC 574 need to complete a research project in addition to the homework assignments and exams.

Mailing list:

csc574-001@wolfware.ncsu.edu (CSC 474 & 574)

Web page:

http://courses.ncsu.edu/csc574/lec/001

Message Board:

http://courses.ncsu.edu/csc574

Useful Resources:

Java Tutorial

Note on assignments:

You must use text editor (e.g. MS Word) to complete your homework. Handwritten submissions are not accepted. You should submit hard copies unless otherwise specified.

All work is to be performed individually unless otherwise specified. For the collaborative problems, you are encouraged to form teams of 1-3 members (of students in this class) to cooperate only on those problems. After discussing the problems, please write up your answers individually. Indicate the names of the other members in your team, if any.

You get no extra credit for working alone where collaboration is permitted.

Projects:

Each student is required to complete a mid-size project, which includes proposal, implementation, and final demo or paper. Students can form project teams, each with up to three members.

Requirements for project proposal.

Requirements for project final report.

Projects include but are not limited to:

Research Paper
- You can work on original research problems. The outcome should be a paper with original technical contribution. Your grade on this will be judged on originality, soundness of the approach, and quality of presentation.
- You are encouraged to choose this if you are a PhD student or a master student that has to complete a thesis.
- Example Topics:
  - Vulnerability Analysis
  - Wireless Security
  - Intrusion Detection
  - Authentication
  - Access Control
  - Authorization
  - DNS Security
  - Digital Watermarking
  - New Attacks
Survey Paper
- You can write a paper that surveys a particular field on information security. The outcome should be a paper that summarizes the trend in the field you have chosen. Your grade will be judged on the completeness of the survey, the quality of the trend analysis, and the quality of presentation.
- Example topics:
  - Vulnerability Analysis
  - Wireless Security
  - Intrusion Detection
  - Authentication
  - Access Control
  - Authorization
  - DNS Security
  - Digital Watermarking
Implementation
- You can implement an existing technique, protocol, or system. The outcome should be a report the describes your implementation and a demo to the instructor and the TA. Your grade will be based on the quality of the report, the functionality and robustness of the implementation.
- I may require you work on your own, depending on the complexity of the Implementation.
- Example topics:
  - Key management for sensor networks (See instructor for details. Limit to 2 groups.)
  - Broadcast authentication for sensor networks (See instructor for details. Limit to 2 groups.)
  - Cryptographic algorithms such as AES, RSA, DSA, etc.
  - Authentication protocols such as S/Key, Challenge-Response protocol.
  - Firewalls
  - Developing/extending intrusion detection systems

Schedule of classes

Date	Topics	Reading Assignment (Complete before class. Reading assignments are given in the order of importance for each lecture.)	Homework Assignment	Handout
08/18/04	Introduction			pdf
08/20/04	Topic 1: Basic security concepts	Chapter 1
08/23/04	Topic 2.1: Introduction to cryptography	Chapter 2		pdf
08/25/04	Topic 2.1 (Cont'd)			pdf
08/27/04	Topic 2.2: Secret key cryptography	Chapter 3
08/30/04	Topic 2.2 (Cont'd)	Chapter 4
09/01/04	Topic 2.2 (Cont'd)
09/03/04	Topic 2.2 (Cont'd) Topic 2.3: Hash function	Chapter 5		pdf
09/06/04	No class (Labor Day)		hw1 TA's solution (Written part is due by 9/20/04, and the programming assignment is due by 9/27/04.)
09/08/04	Topic 2.3 (Cont'd)	A recent breakthrough on hash functions
09/10/04	Topic 2.4: Basic number theory	Chapter 7		pdf
09/13/04	Topic 2.4 (Cont'd)
09/15/04	Topic 2.5 Public key cryptography	Chapter 6		pdf
09/17/04	Topic 2.5 (Cont'd)
09/20/04	Topic 2.5 (Cont'd)
09/22/04	Mid-term Exam #1 (in class, open book & notes)	Scope: Topics 1 -- 2	Grade Distribution
09/24/04	Topic 3.1 Overview of Identification and authentication	Chapter 9		pdf
09/27/04	Review of mid-term exam			pdf
09/29/04	Topic 3.2 User Authentication	Chapters 10 & 12 Last day to withdraw or drop without a grade, change from credit to audit or credit only at the 400 level of below.
10/01/04	Topic 3.2 (Cont'd)
10/04/04	Topic 3.3 Security Handshake Pitfalls Topic	Chapter 11		pdf
10/06/04	Topic 3.3 (Cont'd)		hw2 TA's solution (Due by 10/22/04)
10/08/04	No Class (Fall Break)
10/11/04	Topic 3.3 (Cont'd) 4.1 Basic Concepts of Access Control			pdf
10/13/04	Topic 4.2 Lattice Based Access Control Models	Sandhu, R.S. Lattice-based access control models, IEEE Computer, 26(11): 9 –19, Nov. 1993. (Need to access from NC State Campus Network)		pdf
10/15/04	Topic 4.2 (Cont'd)
10/18/04	Topic 4.3 Covert Channel		Project proposal due (only for 574 students)	pdf
10/20/04	Topic 4.4 Role Based Access Control	Sandhu, R.S.; Coyne, E.J.; Feinstein, H.L.; Youman, C.E. Role-based access control models, IEEE Computer, 29(2): 38 –47, Feb. 1996. (Need to access from NC State Campus Network)	hw3 TA's solution (Due by 11/3/04)	pdf
10/22/04	Topic 5.1 Kerberos	Last day to withdraw or drop without a grade at the 500-900 level. Last day to change from credit to audit at the 500-900 level. Chapters 13 & 14		pdf
10/25/04	Guest lecture Watermarking Databases Dr. Ting Yu			ppt
10/27/04	Mid-term Exam #2 (in class, open book & notes)	Scope: Topics 3 & 4 in mid-term #1	Grade Distribution
10/29/04	Class cancelled
11/01/04	Topic 5.1 (Cont'd)
11/03/04	Review of Mid-term Exam #2
11/05/04	Topic 5.2 IPsec: AH and ESP	Chapter 17	hw4 (Due by 11/22/04)	pdf
11/08/04	Topic 5.3 Internet Key Management	Chapters 16 & 18		pdf
11/10/04	Topic 5.3 (Cont'd)
11/12/04	Topic 5.3 (Cont'd)	RFC 2409 IKE
11/15/04	Topic 5.3 (Cont'd) Topic 5.4 PKI (self-study)	Chapter 15
11/17/04	Topic 5.3 (Cont'd) Topic 5.6 Email security (self-study)	Chapters 20 & 22
11/19/04	Topic 5.5 SSL	Chapter 19		pdf
11/22/04	Topic 5.7 Firewalls	Chapter 23	hw5 (Due by 12/3/04)	pdf
11/24/04	No Class (Thanksgiving)
11/26/04	No Class (Thanksgiving)
11/29/04	Topic 5.7 (Cont'd) Topic 6.1 Malicious Software			pdf
12/01/04	Topic 6.3 Evaluation of Secure Information Systems			pdf
12/03/04	Topic 6.3 (Cont'd) Final Review		Project final report due (only for 574 students)
12/08/04	Final Exam (8am -- 11am)

Acknowledgement

This course includes materials provided by Dr. Sushil Jajodia (George Mason University), Dr. Wenke Lee (George Institute of Technology), Dr. Gail-Joon Ahn (University of North Carolina at Charlotte), and Dr. Peng Liu (Penn State University).

Peng Ning (ning@csc.ncsu.edu)