CSC 474/574 Information Systems Security

Fall 2004

(This page will be changed frequently. Check before class.)

(Updated for the final!) Instructional Objectives: Guideline for Preparing for the Final Exam

The instructor's office hour is changed to 4pm-5pm on Mondays and Wednesdays.

Sample mid-term exam (Please note that the scope of this sample mid-term exam is slightly different.)

Note: Homework assignments must be completed with a word processor (e.g., Microsoft Word, LaTeX). Hand written submissions will NOT be accepted.


Dr. Peng Ning


Office hours:

Mondays and Wednesdays , 4:00pm - 5:00pm, 250 Venture III (in Suite 243), Centennial Campus

Office phone:

(919) 513-4457



Email address:

pning (at) 


Teaching assistant:

Mr. Srinath Anantharaju (TA's Page)


Office hours:

Mondays and Wednesdays, 4:00pm - 5:30pm, Venture III (in Suite 243), Centennial Campus

Email address:

sananth3 (at)

Class location:

Room 150 Venture II, Centennial Campus

Day and time:

Mondays, Wednesdays, and Fridays, 10:45am -11:35am.

Course Syllabus

Students registered for CSC 574 need to complete a research project in addition to the homework assignments and exams.

Mailing list: (CSC 474 & 574)

Web page: 

Message Board: 

Useful Resources: Java Tutorial

Note on assignments:

You must use text editor (e.g. MS Word) to complete your homework. Handwritten submissions are not accepted. You should submit hard copies unless otherwise specified.

All work is to be performed individually unless otherwise specified. For the collaborative problems, you are encouraged to form teams of 1-3 members (of students in this class) to cooperate only on those problems. After discussing the problems, please write up your answers individually. Indicate the names of the other members in your team, if any.

You get no extra credit for working alone where collaboration is permitted.

Projects: Each student is required to complete a mid-size project, which includes proposal, implementation, and final demo or paper. Students can form project teams, each with up to three members.

Requirements for project proposal

Requirements for project final report.

Projects include but are not limited to:

  • Research Paper
    • You can work on original research problems. The outcome should be a paper with original technical contribution. Your grade on this will be judged on originality, soundness of the approach, and quality of presentation. 
    • You are encouraged to choose this if you are a PhD student or a master student that has to complete a thesis.
    • Example Topics:
      • Vulnerability Analysis
      • Wireless Security
      • Intrusion Detection 
      • Authentication
      • Access Control
      • Authorization
      • DNS Security
      • Digital Watermarking
      • New Attacks
  • Survey Paper
    • You can write a paper that surveys a particular field on information security. The outcome should be a paper that summarizes the trend in the field you have chosen. Your grade will be judged on the completeness of the survey, the quality of the trend analysis, and the quality of presentation.
    • Example topics:
      • Vulnerability Analysis
      • Wireless Security
      • Intrusion Detection 
      • Authentication
      • Access Control
      • Authorization
      • DNS Security
      • Digital Watermarking
  • Implementation
    • You can implement an existing technique, protocol, or system. The outcome should be a report the describes your implementation and a demo to the instructor and the TA. Your grade will be based on the quality of the report, the functionality and robustness of the implementation.
    • I may require you work on your own, depending on the complexity of the Implementation. 
    • Example topics:
      • Key management for sensor networks (See instructor for details. Limit to 2 groups.)
      • Broadcast authentication for sensor networks (See instructor for details. Limit to 2 groups.)
      • Cryptographic algorithms such as AES, RSA, DSA, etc. 
      • Authentication protocols such as S/Key, Challenge-Response protocol.
      • Firewalls
      • Developing/extending intrusion detection systems

Schedule of classes



Reading Assignment

(Complete before class. Reading assignments are given in the order of importance for each lecture.)

Homework Assignment


08/18/04 Introduction
08/20/04 Topic 1: Basic security concepts Chapter 1    
08/23/04 Topic 2.1: Introduction to cryptography

Chapter 2


Topic 2.1 (Cont'd)


Topic 2.2: Secret key cryptography 

Chapter 3    
08/30/04 Topic 2.2 (Cont'd) Chapter 4    

Topic 2.2 (Cont'd)


Topic 2.2 (Cont'd)

Topic 2.3: Hash function

Chapter 5   pdf
09/06/04 No class (Labor Day)  


TA's solution
(Written part is due by 9/20/04, and the programming assignment is due by 9/27/04.)


Topic 2.3 (Cont'd)  

A recent breakthrough on hash functions    
09/10/04 Topic 2.4: Basic number theory Chapter 7   pdf

Topic 2.4 (Cont'd)


Topic 2.5 Public key cryptography

Chapter 6   pdf

Topic 2.5 (Cont'd)


Topic 2.5 (Cont'd)

09/22/04 Mid-term Exam #1
(in class, open book & notes)
Scope: Topics 1 -- 2

Grade Distribution


Topic 3.1 Overview of Identification and authentication

Chapter 9   pdf

Review of mid-term exam


09/29/04 Topic 3.2 User Authentication

Chapters 10 & 12

Last day to withdraw or drop without a grade, change from credit to audit or credit only at the 400 level of below.

10/01/04 Topic 3.2 (Cont'd)


10/04/04 Topic 3.3 Security Handshake Pitfalls Topic Chapter 11   pdf
10/06/04 Topic 3.3 (Cont'd)


TA's solution
(Due by 10/22/04)
10/08/04 No Class (Fall Break)      

Topic 3.3 (Cont'd)

4.1 Basic Concepts of Access Control


Topic 4.2 Lattice Based Access Control Models

Sandhu, R.S. Lattice-based access control models, IEEE Computer, 26(11): 9 –19, Nov. 1993.
(Need to access from NC State Campus Network)

Topic 4.2 (Cont'd)

10/18/04 Topic 4.3 Covert Channel  

Project proposal due (only for 574 students)

10/20/04 Topic 4.4 Role Based Access Control Sandhu, R.S.; Coyne, E.J.; Feinstein, H.L.; Youman, C.E. Role-based access control models, IEEE Computer, 29(2): 38 –47, Feb. 1996.
(Need to access from NC State Campus Network)

TA's solution
(Due by 11/3/04)

10/22/04 Topic 5.1 Kerberos

Last day to withdraw or drop without a grade at the 500-900 level. Last day to change from credit to audit at the 500-900 level.

Chapters 13 & 14


Guest lecture Watermarking Databases

Dr. Ting Yu

10/27/04 Mid-term Exam #2
(in class, open book & notes)
Scope: Topics 3 & 4
in mid-term #1
Grade Distribution  
10/29/04 Class cancelled
11/01/04 Topic 5.1 (Cont'd)
11/03/04 Review of Mid-term Exam #2      
11/05/04 Topic 5.2 IPsec: AH and ESP
Chapter 17
(Due by 11/22/04)
11/08/04 Topic 5.3 Internet Key Management Chapters 16 & 18
11/10/04 Topic 5.3 (Cont'd)      
11/12/04 Topic 5.3 (Cont'd) RFC 2409 IKE    
11/15/04 Topic 5.3 (Cont'd)
Topic 5.4 PKI (self-study)
Chapter 15    

Topic 5.3 (Cont'd)
Topic 5.6 Email security (self-study)

Chapters 20 & 22

Topic 5.5 SSL

Chapter 19   pdf
11/22/04 Topic 5.7 Firewalls Chapter 23 hw5
(Due by 12/3/04)
11/24/04 No Class (Thanksgiving)      

No Class (Thanksgiving)

11/29/04 Topic 5.7 (Cont'd)
Topic 6.1 Malicious Software
12/01/04 Topic 6.3 Evaluation of Secure Information Systems     pdf

Topic 6.3 (Cont'd)

Final Review

  Project final report due (only for 574 students)  

Final Exam
(8am -- 11am)



This course includes materials provided by Dr. Sushil Jajodia (George Mason University), Dr. Wenke Lee (George Institute of Technology), Dr. Gail-Joon Ahn (University of North Carolina at Charlotte), and Dr. Peng Liu (Penn State University).

Peng Ning (