Security Systems - CSCI 530, Spring 2004

Time	:	MW 11:00pm - 12:20pm
Location	:	OHE 100C
Instructor	:	Bill Cheng, Office Hours: MW 12:45pm - 1:45pm in SAL 342, E-mail: <bill.cheng@usc.edu> or <william@bourbon.usc.edu>   (Please do not send HTML e-mails. They will not be read.)
TA	:	Ho Chung, E-mail: <hochung@usc.edu>, Office Hours: Thu 9am - 11am in SAL 339
Grader	:	Sumeet Savla, E-mail: <savla@usc.edu>,    (The grader will hold office hours the week after the announcement of each homework's grades.)
Midterm Exam	:	Wed, 3/10/2004 (firm), in MHP 101 (south end Trousdale Parkway, just north of Exposition Blvd).
Final Exam	:	in WPH B-27, 11am-1pm, Wed, 5/5/2004 (firm) (WPH is located in section 4F of the campus map; to get to WPH B-27, please enter through the basement of the SOS building, which is just south of WPH)
Newsgroup	:	Yahoo Group: cs_530, please see rules regarding the use of this newsgroup
Msg Archives	:	messages from Bill, messages from Ho, messages from Sumeet

Description	:	textbooks, topics covered, grading policies, additional resources, etc.
Papers	:	required technical papers.
Lectures	:	slides from lectures in HTML and PDF formats.
Homeworks	:	(2-4 homeworks will be assigned. Please also see important information about programming assignments below.)
Term Paper	:	one term paper to be turned in towards the end of the semester.

• 4/26/2004: The final exam is closed book, closed notes, and closed everything (and no "cheat sheet"). Also, no calculators are allowed. Please bring a photo ID. Your ID will be collected at the beginning of the exam and will be returned to you when you turn in your exam. There will be assigned seating.

  In addition to the topics covered by the midterm exam, the final exam will cover the following topics:

  • Authentication
    • hash chains
    • trust models for certification
    • GSS-API
    • applications (unix login, telnet, rsh/rlogin, ssh, http/https, ftp, Windows login, e-mail, NFS, Radius)
    • Microsoft Passport
    • Liberty Alliance
  • Authorization
    • Access Matrix
    • capability
    • agent-based
    • policy models
      • discretionary policy
      • mandatory policy
      • Bell LaPadula
    • distributed mechanisms
      • proxies
      • GAA-API
  • Intrusions
    • detection - how
      • signature based
      • anomaly based
    • detection - where
      • network based
      • host based
      • application based
    • response
    • coordination of detection
      • CISL
      • IDMEF
  • Wireless
    • the real difference
      • devices and connectivity
    • some of the benefits
      • redundancy of aommunication paths
      • autonomy
    • WEP vulnerabilities
    • Bluetooth vulnerabilities
    • need for end-to-end security
  • Upload
    • real-time timestamp
    • low-latency commit
    • timely data transfer
    • security protocol
      • use of SHA1
      • use of digital signature
      • use of public key and secret key encryption
  • Homeworks

• 4/7/2004: Dr. Ashish Soni will be giving a guest lecture on Monday, 4/12. He will give an introduction to the companion lab class and also talk about security certifications.

• 3/7/2004: The midterm exam is closed book, closed notes, and closed everything (and no "cheat sheet"). Also, no calculators are allowed. Please bring a photo ID. Your ID will be collected at the beginning of the exam and will be returned to you when you turn in your exam. There will be assigned seating.

  The midterm exam will cover the following topics:

  • Cryptography
    • basic building blocks
      • transposition/permutation
      • substitution
      • monoalphabetic substitution cipher
      • one-time pad
      • stream vs. block
    • conventional/symmetric/secret key
      • DES (and 3DES)
        • components (Fiestel Network, S-boxes, P-boxes)
        • modes of operation (ECB, CBC, CFB, OFB)
      • AES/Rijndael, others (UNIX password)
    • public key/assymetric
      • RSA
        • private/public key
        • encryption/decryption
      • ElGamal, Elliptic curve cryptosystems
    • digital signatures
    • Diffie-Hellman key exchange
    • hash functions
      • one-time signature (signature using only hashes)
        • tree-based
  • Key Management
    • pairwise key management
    • conventional key management
      • KDC, Kerberos, Needham-Schroeder
    • public key management
      • certification authority
    • key storage
    • key generation
    • group key management
      • rekeying group keys using batched digital signatures
  • Authentication: know, have, about you
    • Unix passwords
    • Kerberos and Directory Servers
    • public key
    • single sign on
    • some applications and how they do it
    • weaknesses

• 3/1/2004: The midterm exam will be held during class time in MHP 101 (south end Trousdale Parkway, just north of Exposition Blvd).

• 1/20/2004: Dr. Neuman asked me announce the Internet Societies Symposium on Network and Distributed Systems Security which will be held in San Diego on Feburary 4th and 5th. This is a really good conference on practical computer security research.

  Although the hotel reservation deadline has passed, I was told that the hotel is still accepting reservations at the conference rate.

  

• 1/16/2004: If a student signs up late for this class, he/she is still required to turn all projects and homeworks on time or he/she will receive a score of 0 for these assignments. No exceptions!

• 1/15/2004: The spec for HW1 is out. It's due at 11:45PM on 1/30/2004. Electronic submissions only, so please read the submission instructions. Remember, you can submit multiple versions. So, don't submit till the last minute!

  If you don't know the password to the homework web page, that's because you either did not come to class or have not registered with the class mailinglist.

• 1/13/2004: Most class related announcements will be done through e-mail via an e-mail reflector setup by the instructor. Please see instructions on how to get on this list (you should do this as soon as possible).

• 1/9/2004: (update on the companion lab course) The companion lab for this course will be offered as CSci 590 (Advanced Computer Security Systems) with Dr. Ashish Soni <asoni@usc.edu> on Mondays from 8:30am to 10:00am in KAP 160. This lab course will apply toward a student's MS degree. All students are encouraged to take this lab class. Interested students should contact the grad advisor, Siria Martinez <siriamar@usc.edu>, for D-clearance.

• 1/9/2004: The class room has changed from OHE 100D to OHE 100C.

• 12/22/2003: A companion lab for this course will be offered as Directed Research. All students are encouraged to take this lab class. More information will be forthcoming.

• 12/5/2003: Watch this area for important announcements.

• CSci402: Operating Systems.
• Qualify for a D-clearance. Please read the Placement Exam Instructions carefully and make sure that you have filled out the Pre-registration Form.