CSC 474/574 Information Systems Security

Fall 2004

(This page will be changed frequently. Check before class.)

(Updated for the final!) Instructional Objectives: Guideline for Preparing for the Final Exam

The instructor's office hour is changed to 4pm-5pm on Mondays and Wednesdays.

Sample mid-term exam (Please note that the scope of this sample mid-term exam is slightly different.)

Note: Homework assignments must be completed with a word processor (e.g., Microsoft Word, LaTeX). Hand written submissions will NOT be accepted.

Instructor:

Dr. Peng Ning

 

Office hours:

Mondays and Wednesdays , 4:00pm - 5:00pm, 250 Venture III (in Suite 243), Centennial Campus

Office phone:

(919) 513-4457

Fax:

(919)513-7447

Email address:

pning (at) ncsu.edu. 

Homepage:

http://www.csc.ncsu.edu/faculty/ning

Teaching assistant:

Mr. Srinath Anantharaju (TA's Page)

 

Office hours:

Mondays and Wednesdays, 4:00pm - 5:30pm, Venture III (in Suite 243), Centennial Campus

Email address:

sananth3 (at) ncsu.edu

Class location:

Room 150 Venture II, Centennial Campus

Day and time:

Mondays, Wednesdays, and Fridays, 10:45am -11:35am.

Course Syllabus

Students registered for CSC 574 need to complete a research project in addition to the homework assignments and exams.

Mailing list:

csc574-001@wolfware.ncsu.edu (CSC 474 & 574)

Web page:

http://courses.ncsu.edu/csc574/lec/001 

Message Board:

http://courses.ncsu.edu/csc574 

Useful Resources: Java Tutorial

Note on assignments:

You must use text editor (e.g. MS Word) to complete your homework. Handwritten submissions are not accepted. You should submit hard copies unless otherwise specified.

All work is to be performed individually unless otherwise specified. For the collaborative problems, you are encouraged to form teams of 1-3 members (of students in this class) to cooperate only on those problems. After discussing the problems, please write up your answers individually. Indicate the names of the other members in your team, if any.

You get no extra credit for working alone where collaboration is permitted.

Projects: Each student is required to complete a mid-size project, which includes proposal, implementation, and final demo or paper. Students can form project teams, each with up to three members.

Requirements for project proposal

Requirements for project final report.

Projects include but are not limited to:

  • Research Paper
    • You can work on original research problems. The outcome should be a paper with original technical contribution. Your grade on this will be judged on originality, soundness of the approach, and quality of presentation. 
    • You are encouraged to choose this if you are a PhD student or a master student that has to complete a thesis.
    • Example Topics:
      • Vulnerability Analysis
      • Wireless Security
      • Intrusion Detection 
      • Authentication
      • Access Control
      • Authorization
      • DNS Security
      • Digital Watermarking
      • New Attacks
  • Survey Paper
    • You can write a paper that surveys a particular field on information security. The outcome should be a paper that summarizes the trend in the field you have chosen. Your grade will be judged on the completeness of the survey, the quality of the trend analysis, and the quality of presentation.
    • Example topics:
      • Vulnerability Analysis
      • Wireless Security
      • Intrusion Detection 
      • Authentication
      • Access Control
      • Authorization
      • DNS Security
      • Digital Watermarking
  • Implementation
    • You can implement an existing technique, protocol, or system. The outcome should be a report the describes your implementation and a demo to the instructor and the TA. Your grade will be based on the quality of the report, the functionality and robustness of the implementation.
    • I may require you work on your own, depending on the complexity of the Implementation. 
    • Example topics:
      • Key management for sensor networks (See instructor for details. Limit to 2 groups.)
      • Broadcast authentication for sensor networks (See instructor for details. Limit to 2 groups.)
      • Cryptographic algorithms such as AES, RSA, DSA, etc. 
      • Authentication protocols such as S/Key, Challenge-Response protocol.
      • Firewalls
      • Developing/extending intrusion detection systems

Schedule of classes

Date

Topics

Reading Assignment

(Complete before class. Reading assignments are given in the order of importance for each lecture.)

Homework Assignment

Handout

08/18/04 Introduction
    pdf
08/20/04 Topic 1: Basic security concepts Chapter 1    
08/23/04 Topic 2.1: Introduction to cryptography

Chapter 2

  pdf
08/25/04

Topic 2.1 (Cont'd)

    pdf
08/27/04

Topic 2.2: Secret key cryptography 

Chapter 3    
08/30/04 Topic 2.2 (Cont'd) Chapter 4    
09/01/04

Topic 2.2 (Cont'd)

     
09/03/04

Topic 2.2 (Cont'd)

Topic 2.3: Hash function

Chapter 5   pdf
09/06/04 No class (Labor Day)  

hw1

TA's solution
(Written part is due by 9/20/04, and the programming assignment is due by 9/27/04.)

 
09/08/04

Topic 2.3 (Cont'd)  

A recent breakthrough on hash functions    
09/10/04 Topic 2.4: Basic number theory Chapter 7   pdf
09/13/04

Topic 2.4 (Cont'd)

     
09/15/04

Topic 2.5 Public key cryptography

Chapter 6   pdf
09/17/04

Topic 2.5 (Cont'd)

     
09/20/04

Topic 2.5 (Cont'd)

     
09/22/04 Mid-term Exam #1
(in class, open book & notes)
Scope: Topics 1 -- 2

Grade Distribution

 
09/24/04

Topic 3.1 Overview of Identification and authentication

Chapter 9   pdf
09/27/04

Review of mid-term exam

 

    pdf
09/29/04 Topic 3.2 User Authentication

Chapters 10 & 12

Last day to withdraw or drop without a grade, change from credit to audit or credit only at the 400 level of below.

   
10/01/04 Topic 3.2 (Cont'd)

 

   
10/04/04 Topic 3.3 Security Handshake Pitfalls Topic Chapter 11   pdf
10/06/04 Topic 3.3 (Cont'd)

 

  hw2
TA's solution
(Due by 10/22/04)
 
10/08/04 No Class (Fall Break)      
10/11/04

Topic 3.3 (Cont'd)

4.1 Basic Concepts of Access Control

    pdf
10/13/04

Topic 4.2 Lattice Based Access Control Models

Sandhu, R.S. Lattice-based access control models, IEEE Computer, 26(11): 9 –19, Nov. 1993.
(Need to access from NC State Campus Network)
  pdf
10/15/04

Topic 4.2 (Cont'd)

     
10/18/04 Topic 4.3 Covert Channel  

Project proposal due (only for 574 students)

pdf
10/20/04 Topic 4.4 Role Based Access Control Sandhu, R.S.; Coyne, E.J.; Feinstein, H.L.; Youman, C.E. Role-based access control models, IEEE Computer, 29(2): 38 –47, Feb. 1996.
(Need to access from NC State Campus Network)

hw3
TA's solution
(Due by 11/3/04)

pdf
10/22/04 Topic 5.1 Kerberos

Last day to withdraw or drop without a grade at the 500-900 level. Last day to change from credit to audit at the 500-900 level.

Chapters 13 & 14

  pdf
10/25/04

Guest lecture Watermarking Databases

Dr. Ting Yu

    ppt
10/27/04 Mid-term Exam #2
(in class, open book & notes)
Scope: Topics 3 & 4
in mid-term #1
Grade Distribution  
10/29/04 Class cancelled
     
11/01/04 Topic 5.1 (Cont'd)
     
11/03/04 Review of Mid-term Exam #2      
11/05/04 Topic 5.2 IPsec: AH and ESP
Chapter 17
hw4
(Due by 11/22/04)
pdf
11/08/04 Topic 5.3 Internet Key Management Chapters 16 & 18
pdf
11/10/04 Topic 5.3 (Cont'd)      
11/12/04 Topic 5.3 (Cont'd) RFC 2409 IKE    
11/15/04 Topic 5.3 (Cont'd)
Topic 5.4 PKI (self-study)
Chapter 15    
11/17/04

Topic 5.3 (Cont'd)
Topic 5.6 Email security (self-study)

Chapters 20 & 22
 
11/19/04

Topic 5.5 SSL

Chapter 19   pdf
11/22/04 Topic 5.7 Firewalls Chapter 23 hw5
(Due by 12/3/04)
pdf
11/24/04 No Class (Thanksgiving)      
11/26/04

No Class (Thanksgiving)

     
11/29/04 Topic 5.7 (Cont'd)
Topic 6.1 Malicious Software
    pdf
12/01/04 Topic 6.3 Evaluation of Secure Information Systems     pdf
12/03/04

Topic 6.3 (Cont'd)

Final Review

  Project final report due (only for 574 students)  
12/08/04

Final Exam
(8am -- 11am)

     

Acknowledgement

This course includes materials provided by Dr. Sushil Jajodia (George Mason University), Dr. Wenke Lee (George Institute of Technology), Dr. Gail-Joon Ahn (University of North Carolina at Charlotte), and Dr. Peng Liu (Penn State University).


Peng Ning (ning@csc.ncsu.edu)