Course Outline

CpSc 433, Data Security and Encryption Techniques

Section 3, Tuesday and Thursday, 4:00-5:15pm

Date Day Topics Reading
February 1 Tuesday Overview Chapter 1
February 3 Thursday Introduction to Cryptography Chapter 2
February 8 Tuesday Stream and Block Ciphers Sections 3.2, 3.6-3.7
February 10 Thursday Cryptanalysis
Paper Summary 1 due
Section 3.5
February 15 Tuesday DES and 3DES Sections 3.1, 3.3-3.4, 6.1
February 17 Thursday Applied Symmetric Encryption Chapter 7
February 22 Tuesday Public-Key Cryptography Chapter 9
February 24 Thursday Key Management
Paper Summary 2 due
Sections 10.1-10.2
March 1 Tuesday Message Authentication Chapter 11
March 3 Thursday Hash Functions Sections 12.1-12.2, 12.4

Friedl, S. J., "An Illustrated Guide to Cryptographic Hashes," September 2004.

March 8 Tuesday Digital Signatures Chapter 13
March 10 Thursday Kerberos
Paper Summary 3 due
Section 14.1

Bryant, B., "Designing an Authentication System: a Dialogue in Four Scenes," February 1998. Tung, B., "The Moron's Guide to Kerberos," December 1996.

March 15 Tuesday E-mail Encryption Section 15.1
March 17 Thursday Networking and TCP/IP Kessler, G. C., "An Overview of TCP/IP Protocols and the Internet," December 2004.
March 22 Tuesday TCP/IP Weaknesses Bellovin, S.M., "A Look Back at 'Security Problems in the TCP/IP Protocol Suite,'" Invited Paper, "Classic Papers" Session, 20th Annual Computer Security Applications Conference, December 2004.
March 24 Thursday Midterm Exam,
Chapter 1, Sections 2.1-2, 3.2-7, 6.1,4, 7.2-3, Chapter 9, Sections 10.1-2, Chapter 11, Sections 12.1-2,4, 13.1-2, 14.1
March 29 Tuesday Spring Recess - No class
March 31 Thursday Cesar Chavez Day - No class
April 5 Tuesday IPSec
Paper Summary 4 due
Chapter 16
April 7 Thursday Web Security
Paper Summary 5 due
Sections 17.1-2
April 12 Tuesday SQL Injection and Cross-Site Scripting Friedl, S. J., "SQL Injection Attacks by Example," December 2004.

CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests

April 14 Thursday Intrusion Detection Chapter 18
April 19 Tuesday Viruses, Worms, and Log Analysis Chapter 19
April 21 Thursday Firewalls
Paper Summary 6 due
Section 20.1
April 26 Tuesday Perimeter Defense Synder, J., "Six Strategies for Defense-in-Depth," Aruba Wireless Networks
April 28 Thursday Hardening and the SANS Top 20 The SANS Top 20 Internet Security Vulnerabilities
May 3 Tuesday Vulnerability Assessment and Penetration Testing Dhanjani, N., "Installing and Configuring Nessus," ONLamp.com, April 2004.

Dhanjani, N., "Writing Nessus Plugins," ONLamp.com, June 2004.

McNab, C., "IP Network Scanning," Chapter 4 of Network Security Assessment, O'Reilly and Associates, March 2004.

May 5 Thursday Buffer Overflows and Shellcode
Paper Summary 7 due
Aleph One, "Smashing the Stack for Fun and Profit," Phrack, Vol. 7, No. 47, November 1996.
May 10 Tuesday Security Policies Guel, M. D., "A Short Primer for Developing Security Policies," The SANS Institute, 2001.
May 12 Thursday Threat Modeling and Risk Assessment Schneier, B., "Threat Modeling and Risk Assessment," "Security Policies and Countermeasures," and "Attack Trees," Chapters 19-21 of Secrets and Lies, John Wiley and Sons, 2000.

Meier, J., Mackman, A., et al., "Threat Modeling," Chapter 3 of Improving Web Application Security: Threats and Countermeasures, Microsoft Press, June 2003.

May 17 Tuesday Authentication, Authorization, and Accounting Section 20.2

Kormann, D. P. and Rubin, A., "Risks of the Passport Single Signon Protocol," Computer Networks, Elsevier Science Press, volume 33, pages 51-58, 2000.

Matsumoto, T., Matsumoto, H., Yamada, K., and Hoshino, S., "Impact of Artificial 'Gummy' Fingers on Fingerprint Systems," Proceedings of SPIE Vol. #4677, January 2002.

May 19 Thursday Incident Response and Forensics
Paper Summary 8 due
Baker, S., Green, T., et al., "Checking Microsoft Windows Systems for Signs of Compromise," Forum for Incident Response and Security Teams Best Practice Guide, October 2004.

Green, T., and Baker, S., "Checking UNIX/LINUX Systems for Signs of Compromise," Forum for Incident Response and Security Teams Best Practice Guide, April 2005.

May 24 Tuesday Final Exam, 5:00-6:50pm
Extra Credit Summary due