General Information
Time   :   TuTh 2:00pm - 3:20pm
Location : OHE 132
Instructor   :   Bill Cheng, Office Hours: TuTh 10:00am - 11:00am in SAL 228, E-mail: <> or <>   (Please do not send HTML e-mails. They will not be read.)
TA   :   Ho Chung, E-mail: <>, Office Hours: Fri 9:00am - 11:00am in SAL 339
Grader   :   Moo Ryong Ra, E-mail: <>. (The grader will hold office hours the week after the announcement of each programming assignment's grades.)
Lab TA   :   David Morgan, E-mail: <>
Midterm Exam   :   during class time, Thu, 3/6/2008 (firm)
Final Exam   :   2pm-4pm, Thu, 5/8/2008 (firm)
Msg Archives   :   messages from Bill, messages from Ho
Class Resources
Description   :   textbooks, topics covered, grading policies, additional resources, etc.
Papers   :   required technical papers.
Lab   :   information regarding the lab session.
Lectures   :   slides from lectures in HTML and PDF formats.
Homeworks   :   (3-4 homeworks will be assigned. Please also see important information about programming assignments below.)
Term Paper   :   one term paper to be turned in towards the end of the semester.
Moodle   :   social forum can be used for students-to-students discussions about assignments.
(in reversed chronological order)
  • 5/1/2008: The final exam is closed book, closed notes, and closed everything (and no "cheat sheet"). Also, no calculators, cell phones, or any electronic gadgets are allowed. a photo ID. Your ID will be collected at the beginning of the exam and will be returned to you when you turn in your exam. There will be assigned seating.

    The final exam will cover everything after the midterm exam (starting at lecture 14 on 3/4/2008) to the last slide of the lecture on 5/1/2008.

    Here is a quick summary of the topics covered (not all topics covered are listed):

    • Intermediate Cryptographic Protocols
      • bit commitment
      • fair coin flips
      • timestamping
      • subliminal channel
      • ElGamal signature
      • undeniable signature and other digital signature schemes
      • computing with encrypted data
      • one-way accumulators
      • key escrow
    • Advanced Cryptographic Protocols
      • zero knowledge proofs
      • blind signatures
      • ID-based PKC
      • oblivious transfer
      • simultaneous contract signing
    • Esoteric Cryptographic Protocols
      • secure multi-party computation
      • secure election
      • digital cash
      • anonymous message broadcast
    • Key Management
      • pairwise key management
      • conventional key management
        • KDC, Needham-Schroeder, Kerberos
      • public key management
        • certification authority
      • group key management
        • GKMP
        • LHK
        • OFT
        • Diffie-Hellman group key
        • rekeying group keys using batched digital signatures
    • Authentication: know, have, about you
      • Unix passwords
      • Kerberos and Directory Servers
      • public key
      • single sign on
      • some applications and how they do it
      • weaknesses
      • Lamport's hash chains
      • trust models for certification
      • GSS-API
      • applications (unix login, telnet, rsh/rlogin, ssh, http/https, ftp, Windows login, e-mail, NFS, Radius)
      • stopping SPAM
      • digital stamps (quota enforcement for SPAM control)
      • Microsoft Passport
      • Liberty Alliance
    • Authorization
      • Access Matrix
      • capability
      • agent-based
      • policy models
        • discretionary policy
        • mandatory policy
        • Bell LaPadula
      • distributed mechanisms
        • GAA-API
    • Intrusion Detection
      • misuse detection
      • anomaly detection
      • false positive & false negative
    • Wireless
      • the real difference
        • devices and connectivity
      • some of the benefits
        • redundancy of aommunication paths
        • autonomy
      • WEP vulnerabilities
      • Bluetooth vulnerabilities
      • need for end-to-end security
    • HW3 & HW4

  • 2/28/2008: The midterm exam will be closed book, closed notes, and closed everything (and no "cheat sheet"). Also, no calculators, cell phones, or any electronic gadgets are allowed. Please bring a photo ID. Your ID will be collected at the beginning of the exam and will be returned to you when you turn in your exam. There will be assigned seating.

    The midterm exam will cover everything from the beginning of the semester till what was covered by the end of lecture 13. Materials from lecture 4 (lecture given by Ho Chung) will not be on the midterm exam.

    Here is a quick summary of the topics (not all topics covered are listed):

    • Cryptography
      • basic building blocks
        • transposition/permutation
        • substitution
        • monoalphabetic substitution cipher
        • one-time pad
        • stream vs. block
      • conventional/symmetric/secret key
        • DES (and 3DES)
          • components (Fiestel Network, S-boxes, P-boxes)
          • modes of operation (ECB, CBC, CFB, OFB)
        • AES/Rijndael, others (UNIX password)
      • public key/asymmetric
        • RSA
          • private/public key
          • encryption/decryption
        • ElGamal, Elliptic curve cryptosystems
      • digital signatures
      • Diffie-Hellman key exchange
      • hash functions
        • birthday paradox
        • MD5 and SHA-1 broken
        • message authentication code
        • one-time signature (signature using only hashes)
          • Lamport's one-time signature
          • Merkle's one-time signature and tree-based scheme
        • HW2
    • Cryptographic Protocols
      • Basic Protocols
        • key exchange protocols
          • interlock protocol
        • authentication using PKC (NSPK)
          • breaking NSPK
          • fixing NSPK
        • multiple-key PKC
        • secret splitting
        • secret sharing with (k,n)-threshold scheme

  • 2/19/2008: Office hours on Thu, 2/21/2008 has been moved to Thursday, 3:30pm - 4:30pm. Sorry about the inconvenience.

  • 2/7/2008: Instructor is out sick today. Office hour and lecture are canceled. Sorry about the inconvenience.

  • 2/5/2008: Office hours on Wed, 2/6/2008 has been moved to Thursday, 10:30am - 11:30pm. Sorry about the inconvenience.

  • 2/3/2008: Office hours on Monday, 2/4/2008 has been moved one hour ahead to 12:30pm - 1:30pm. Sorry about the inconvenience.

  • 1/10/2008: If you haven't done so, please register with the class mailing list. You are required to register with the class mailing list. (You do not have to be registered for the course to register with the class mailinglist.)

  • 1/10/2008: Watch this area for important announcements.
Important Information about Programming Assignments
Some homework assignments will require you to write some code. You must write your code in C/C++. No other programming language will be accepted and your program must compile and run with a Makefile on (Sorry, no Java.) You must be familiar with the UNIX development environment (vi/pico/emacs, cc/gcc or g++/CC, make, etc.)

If a student signs up late for this class or could not be present at the beginning of the semester, he/she is still required to turn in all assignments on time or he/she will receive a score of 0 for these assignments. No exceptions!


   [Please see copyright regarding copying.]