CSCI 454/554: Computer and Network Security (Spring 2016)

Course Description

This is an upper-level undergraduate, first-year graduate course on computer and network security. This course introduces the principles and practices of cryptography, network security, and secure software. It will cover security policies, models, and mechanisms for secrecy, integrity, and availability; basic cryptography and its applications; secret key cryptography; hash functions; basic number theory and public key cryptography; trusted intermediaries, and network security (firewalls, IDS, IPsec, and SSL) etc.

Course Information

Class Time: TR 11:00am - 12:20pm
Class Location: Washington Hall 301

Instructor: Dr. Kun Sun
Email: ksun@wm.edu
Office Hours: TR 1:30pm - 3:30pm, M-S Hall, #105

TA: Shengye Wan
Email: swan@email.wm.edu
Office Hours: by appointment, M-S Hall, #107A

Grading Policy

CSCI 454
- 25% Homework assignments (Note: you must use text editor (e.g. MS Word, latex) to complete your homework. Handwritten submissions are not accepted.)
- 30% Midterm exam
- 10% Term project
- 35% Final exam
CSCI 554
- 20% Homework assignments (Note: you must use text editor (e.g. MS Word, latex) to complete your homework. Handwritten submissions are not accepted.)
- 20% Midterm exam
- 30% Term project
- 30% Final exam

Term project	Each student is required to complete a mid-size project, which includes proposal, implementation, and final demo or paper. Each student must finish the project by himself/herself. Requirements for project proposal. Requirements for project final report. Projects include but are not limited to: Research Paper You can work on original research problems. The outcome should be a paper with original technical contribution. Your grade on this will be judged on originality, soundness of the approach, and quality of presentation. Example Topics: Vulnerability Analysis Wireless Security Intrusion Detection Authentication Access Control Authorization DNS Security Trusted Execution Environment New Attacks etc. Survey Paper You can write a paper that surveys a particular field on information security. The outcome should be a paper that summarizes the trend in the field you have chosen. Your grade will be judged on the completeness of the survey, the quality of the trend analysis, and the quality of presentation. Example topics: Vulnerability Analysis Wireless Security Intrusion Detection Authentication Access Control Authorization DNS Security Trusted Execution Environment Cloud Security etc.

Term project

Each student is required to complete a mid-size project, which includes proposal, implementation, and final demo or paper. Each student must finish the project by himself/herself.

Requirements for project proposal.
Requirements for project final report.

Projects include but are not limited to:

Research Paper
- You can work on original research problems. The outcome should be a paper with original technical contribution. Your grade on this will be judged on originality, soundness of the approach, and quality of presentation.
- Example Topics:
  - Vulnerability Analysis
  - Wireless Security
  - Intrusion Detection
  - Authentication
  - Access Control
  - Authorization
  - DNS Security
  - Trusted Execution Environment
  - New Attacks
  - etc.
Survey Paper
- You can write a paper that surveys a particular field on information security. The outcome should be a paper that summarizes the trend in the field you have chosen. Your grade will be judged on the completeness of the survey, the quality of the trend analysis, and the quality of presentation.
- Example topics:
  - Vulnerability Analysis
  - Wireless Security
  - Intrusion Detection
  - Authentication
  - Access Control
  - Authorization
  - DNS Security
  - Trusted Execution Environment
  - Cloud Security
  - etc.

Textbook

Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World (2nd Edition),
Prentice Hall, ISBN-13: 007-6092018469, ISBN-10: 0130460192

Class Schedule (tentative)

Note: the schedule will change as the course progresses. Please check frequently.

Date	Topic	Reading Assignment	Homework Assignment	Handouts
01/21/2016	Topic 1. Introduction and Basic Security Concepts	Chapter 1		1spp, 3spp, 6spp
01/26/2016	Topic 2. Basic Cryptography	Chapter 2		1 spp, 3spp, 6spp
01/28/2016	Topic 3.1 Secret Key Cryptography -- Algorithms	Chapter 3.1 - 3.3, 3.5		1spp, 3spp, 6spp
02/02/2016	Topic 3.1 (Cont'd) Topic 3.2 Secret Key Cryptography -- Modes of Operations	Chapter 4.1 - 4.2		1spp, 3spp, 6spp
02/04/2016	Topic 3.3-4 Secret Key Cryptography -- Triple DES, MAC	Chapter 4.3- 4.4	HW1 (due by 2/25/2016) (HW1 Solution)
02/09/2016	Topic 4. Message Digest	Chapter 5.1 - 5.2, 5.5		1spp, 3spp, 6spp
02/11/2016	Topic 4 (Cont'd)	Chapter 5.6 - 5.7
02/16/2016	Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography	Chapter 6.1 - 6.2, 7.1 - 7.4	HW2 (due by 03/03/2016) (HW2 Solution)	1spp, 3spp, 6spp
02/18/2016	Topic 5.1 (Cont'd)	Chapter 7.6 - 7.8
02/23/2016	Topic 5.2 Public Key Cryptography	Chapter 6.3 - 6.4		1spp, 3spp, 6spp
02/25/2016	Topic 5.2 (Cont'd) Topic 6.1 User Authentication	Chapter 6.5 - 6.6 Chapters 9, 10 & 12	HW3 (due by 03/15/2016)	1spp, 3spp, 6spp
03/01/2016	Topic 6.1 (Cont'd) Topic 6.2 Design and Analysis of Authentication Protocols	Chapter 11.1-11.3		1spp, 3spp, 6spp
03/03/2016	Topic 6.2 (Cont'd) Mid-term Preview	Chapters 11.4-11.8		slides
03/08/2016	No Class (Spring Break)
03/10/2016	No Class (Spring Break)
03/15/2016	Mid-term Exam			Midterm Grade Distribution
03/17/2016	Topic 6.2 (Cont'd) Topic 7.1 Kerberos	Chapters13 & 14		1 spp, 3 spp, 6 spp
03/22/2016	No Class. (Instructor is out of town.)
03/24/2016	No Class. (Instructor is out of town.)		Project proposal due
03/29/2016	Mid-term Review
03/31/2016	Topic 7.2 PKI	Chapter 15	HW4 (due by 04/14/2016)	1 spp, 3 spp, 6 spp
04/05/2016	Topic 8.1 IPsec: AH and ESP	Chapters 16 and 17		1 spp, 3 spp, 6 spp
04/07/2016	Topic 8.2 IPsec: IKE	Chapter 18		1 spp, 3 spp, 6 spp
04/12/2016	Topic 8.2 (Cont'd)
04/14/2016	No Class. (Instructor is out of town.)		HW5 (due by 04/28/2016)
04/19/2016	Topic 8.3 SSL/TLS	Chapter 19		1 spp, 3 spp, 6 spp
04/21/2016	Topic 8.4 Firewalls and IDS	Chapter 23		1 spp, 3 spp, 6 spp
04/26/2016	Topic 8.5 Malicious Software			1 spp, 3 spp, 6 spp
04/28/2016	Final Preview		Project final report due 05/10/2016	slides
05/11/2016	Final Exam (2:00pm - 5:00pm), Wednesday

Honor Code

Students are required to follow William and Mary's Honor System, as described in the student handbook.

Students with Disabilities

Any student with a disability needing academic adjustments or accommodations should contact the instructor immediately.

Acknowledgement

This course includes materials provided by Dr. Peng Ning (North Carolina State University) and Dr. Haining Wang (University of Delaware).