Information Security, Fall 2009

The goal of this course is to acquaint the students with security issues in multi-user information systems and computer networks and to provide them with training in the fundamental techniques, particularly cryptography, for security and their applications in practical areas such as electronic commerce, network intrusion protection, and security management.

• Feb. 01: Grade Report available.
• Dec. 21: for the field trip to the Acer eDC on 12/29, the buses depart at 12:30PM from the front of the Second Students' Activities Center.
• Dec. 03: description of Term Project Option #1 available.
• Dec. 01: Guidlines for Term Project available.
• Nov. 05: slides for Public-Key Encryption and ECC available.
• Oct. 06: HW#1B due on Oct. 13.
• Oct. 06: slides for Confidentiality Using Symmetric Encryption available.
• Sep. 29: HW#1A due on Oct. 6.
• Sep. 29: slides for AES and More Symmetric Ciphers available.
• Sep. 22: slides for Block Ciphers and DES and for Finite Fields available.
• Sep. 15: PDF version of this page; slides for Course Overview, Introduction, and Classic Encryption Techniques available for download.

Yeali S. Sun (孫雅麗), Room 909, Management II, 3366-1195, Xsunny@im.ntu.edu.twX (between the enclosing pair of X's);
Anthony J.T. Lee (李瑞庭), Room 705, Management II, 3366-1188, Xjtlee@im.ntu.edu.twX (between the enclosing pair of X's);
Yeong-Sung Lin (林永松), Room 808, Management II, 3366-1191, Xyslin@im.ntu.edu.twX (between the enclosing pair of X's);
Yih-Kuen Tsay (蔡益坤), Room 1108, Management II, 3366-1189, Xtsay@im.ntu.edu.twX (between the enclosing pair of X's).

Tuesday 2:20~5:20PM, Conference Room 2, College of Management, Building I (level 4)

To be announced by the instructors

Operating Systems and Computer Networks

• Cryptography and Network Security: Principles and Practices, 4th Edition, W. Stallings, Prentice Hall, 2006. (Note: be sure to check out the errata list on the Web site of the book!)

• Supplementary readings.

We will study the design and underlying principles of automated tools for protecting information, including software and data, stored on computers or communicated over networks. The main focus will be on the fundamentals and applications of cryptographic technology. We will follow mainly the textbook of W. Stallings and enhance the contents with class notes and supplementary readings.

• Introduction: basic concepts, architecture, model, etc. (.5 week: 09/15a) [slides: Course Overview; Introduction]
• Symmetric Cryptography: classical techniques, block ciphers, DES, finite fields, AES, stream ciphers, applications, etc. (3.5 weeks: 09/15b, 09/22, 09/29, 10/06) [slides: Classical Techniques, Block Ciphers and DES, Finite Fields, AES, More Symmetric Ciphers, Confidentiality Using Symmetric Encryption]
• Public-Key (Asymmetric) Cryptography: number theory, RSA, key management, ECC, etc. (4 weeks: 10/13, 10/20, 10/27, 11/03) [slides: Public-Key Encryption, ECC]
• Midterm (2009/11/10)
• Authentication, Hash Algorithms, and Digital Signatures (3 weeks: 11/17, 11/24, 12/01)
• Network Security: IPsec, virtual private networks (VPNs), IP traceback, firewalls, denial of service, etc. (3 weeks: 12/08, 12/15, 12/22)
• Field Trip to the Acer eDC (12/29) [schedule]
• Wrap-Up and Guest Lecture (Information Security That Fits, Jason Yueh, Trend Micro) (01/05)
• Final (2010/01/12)

http://www.im.ntu.edu.tw/~tsay/courses/is/ or ftp://140.112.106.6/ (up to 106.10; must have an account at im.ntu.edu.tw for FTP; guest account available)

Midterm 35%, Final 35%, Homework 10%, Term Project 20%.

1. Cryptography and Network Security: Principles and Practices, 4th Edition, W. Stallings, Prentice Hall, 2006. (Note: textbook of this course.)
2. Introduction to Cryptography, 2nd Edition, J.A. Buchmann, Springer, 2004. (Note: an introductory book self-contained with a succinct coverage of mathematical foundations.)
3. Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, B. Schneier, John Wiley & Sons, 1996. (Note: a very comprehensive book on cryptography and its applications.)
4. Security in Computing, 4th Edition, C.P. Pfleeger and S.L. Pfleeger, Prentice Hall PTR, 2006. (Note: similar to [1] in scope and in technical depth. It covers fewer encryption algorithms, but is more comprehensive in system/program security. It also has chapters on data base security, security management, and legal and ethical issues.)
5. Firewalls and Intranet Security: Repelling the Wily Hacker, 2nd Edition, W.R. Cheswick, S.M. Bellovin, and A.D. Rubin, Addison-Wesley, 2003.
6. Building and Managing Virtual Private Networks, D. Kosiur, John Wiley & Sons, 1998.
7. Building SET Application for Secure Transactions, M.S. Merkow, J. Breithaupt, and K. Wheeler, John Wiley & Sons, 1998.
8. Practical UNIX and Internet Security, 3rd Edition, S. Garnkel, G. Spaord, and A. Schwartz, O'Reilly & Associates, 2003.
9. Secure Programming with Static Analysis, B. Chess and J. West, Addison-Wesley, 2007.
10. The OWASP Website, http://www.owasp.org/. (Note: a website dedicated to Web application security.)
11. Operating System Concepts, 8th Edition (Chapters 14 and 15), A. Silberschatz, P.B. Galvin, and G. Gagne, Wiley, 2008.
12. Computer Networks, 4th Edition (Chapter 8), A.S. Tanenbaum, Prentice Hall, 2002.
13. Distributed Systems: Concepts and Design, 4th Edition (Chapter 7), G. Coulouris, J. Dollimore, and T. Kindberg, Addison-Wesley, 2005.