-

Time	:	MW 10:30am - 11:50am (although the schedule of classes says it starts at 10am)
Location	:	OHE 122
Instructor	:	Bill Cheng, Office Hours: MTh 12:45pm - 1:45pm in SAL 342, E-mail: <bill.cheng@usc.edu> or <william@bourbon.usc.edu>   (Please do not send HTML e-mails. They will not be read.)
TA	:	Ho Chung, E-mail: <hochung@usc.edu>, Office Hours: Fri 10am - 12pm in SAL 339, Voice: (213) 740-6507
Lab TA	:	Yash Gandhi, E-mail: <ygandhi@usc.edu>, Office Hours: (TBD)
Grader	:	Mansi Shah, E-mail: <mansiash@usc.edu>,    (The grader will hold office hours the week after the announcement of each programming assignment's grades.)
Exam 1	:	in class, 10:30am - 11:50am, Mon, 3/6/2006 (firm)
Exam 2	:	in class, 10am - 11:40am, Wed, 4/26/2006 (firm)
Msg Archives	:	messages from Bill, messages from Ho, messages from Yash, messages from Mansi

Description	:	textbooks, topics covered, grading policies, additional resources, etc.
Papers	:	required technical papers.
Lab	:	information regarding the lab session.
Lectures	:	slides from lectures in HTML and PDF formats.
Homeworks	:	(3-4 homeworks will be assigned. Please also see important information about programming assignments below.)
Term Paper	:	one term paper to be turned in towards the end of the semester.

• 4/19/2006: Exam 2 is closed book, closed notes, and closed everything (and no "cheat sheet"). Also, no calculators, cell phones, or any electronic gadgets are allowed. a photo ID. Your ID will be collected at the beginning of the exam and will be returned to you when you turn in your exam. There will be assigned seating.

  Exam 2 is comprehensive (cover all the topiocs of the semester). If a particular problem appeared in exam 1, it will not appear in exam 2. Here is a quick summary of the topics covered, in addition to those mentioned for exam 1 (please note that not all topics covered are listed):

  • Key Management
    • group key management
      • GKMP
      • LHK
      • OFT
      • Diffie-Hellman group key
      • rekeying group keys using batched digital signatures
  • Authentication: know, have, about you
    • Unix passwords
    • Kerberos and Directory Servers
    • public key
    • single sign on
    • some applications and how they do it
    • weaknesses
    • Lamport's hash chains
    • trust models for certification
    • GSS-API
    • applications (unix login, telnet, rsh/rlogin, ssh, http/https, ftp, Windows login, e-mail, NFS, Radius)
    • stopping SPAM
    • Microsoft Passport
    • Liberty Alliance
  • Authorization
    • Access Matrix
    • capability
    • agent-based
    • policy models
      • discretionary policy
      • mandatory policy
      • Bell LaPadula
    • distributed mechanisms
      • proxies
      • GAA-API
  • Intrusion Detection
    • detection - what
      • misuse detection
      • anomaly detection
    • detection - where
      • network based
      • host based
      • application based
    • response
    • coordination of detection
      • CISL
      • IDMEF
  • Wireless
    • the real difference
      • devices and connectivity
    • some of the benefits
      • redundancy of aommunication paths
      • autonomy
    • WEP vulnerabilities
    • Bluetooth vulnerabilities
    • need for end-to-end security
  • Upload
    • real-time timestamp
    • low-latency commit
    • timely data transfer
    • security protocol
      • use of SHA1
      • use of digital signature
      • use of public key and secret key encryption
  • Homeworks

• 4/3/2006: The class today is canceled because the instructor is sick today.

• 2/27/2006: Exam 1 will be closed book, closed notes, and closed everything (and no "cheat sheet"). Also, no calculators, cell phones, or any electronic gadgets are allowed. Please bring a photo ID. Your ID will be collected at the beginning of the exam and will be returned to you when you turn in your exam. There will be assigned seating.

  Exam 1 will cover everything from the beginning of the semester till what was covered by the end of lecture today. Here is a quick summary of the topics (not all topics covered are listed):

  • Cryptography
    • basic building blocks
      • transposition/permutation
      • substitution
      • monoalphabetic substitution cipher
      • one-time pad
      • stream vs. block
    • conventional/symmetric/secret key
      • DES (and 3DES)
        • components (Fiestel Network, S-boxes, P-boxes)
        • modes of operation (ECB, CBC, CFB, OFB)
        • HW2
      • AES/Rijndael, others (UNIX password)
    • public key/asymmetric
      • RSA
        • private/public key
        • encryption/decryption
      • ElGamal, Elliptic curve cryptosystems
    • digital signatures
    • Diffie-Hellman key exchange
    • hash functions
      • one-time signature (signature using only hashes)
        • Lamport's one-time signature
        • Merkle's one-time signature and tree-based scheme
      • SHA-1 broken
      • message authentication code
    • visual cryptography
      • black and white bitmaps
      • color bitmaps or grey scale pictures
  • Key Management
    • pairwise key management
    • conventional key management
      • KDC, Kerberos, Needham-Schroeder
    • public key management
      • certification authority
    • key management in practice
      • key storage
      • key distribution
      • key revocation
      • security architectures

• 1/24/2006: The lab lecture this week on Friday, 1/27/2006 is canceled. This also means that the individual lab sessions next week are canceled.

• 1/18/2006: The office hour on Thursady 1/19/2006 is canceled.

• 1/3/2006: If you haven't done so, please register with the class mailing list. You are required to register with the class mailing list.

• 1/3/2006: Watch this area for important announcements.

• CSci402: Operating Systems.
• Qualify for a D-clearance. Please read the CS Course D-Clearance Info carefully.

If a student signs up late for this class, he/she is still required to turn in all assignments on time or he/she will receive a score of 0 for these assignments. No exceptions!