Security Systems - CSCI 530, Spring 2009

Security Systems - CSCI 530, Spring 2009

General Information

Time	:	TuTh 9:30am - 10:50am
Location	:	OHE 100D
Instructor	:	Bill Cheng (for office hours, please see instructor's web page), E-mail: <bill.cheng@usc.edu>. (Please do not* send HTML e-mails. They will not be read.)*
TA	:	Alix L.H. Chow, E-mail: <lhchow@cs.usc.edu>, Office Hours: Wed 11am - 1pm in SAL 211
Grader	:	Hashem Alayed, E-mail: <alayed@usc.edu>. (The grader will hold office hours the week after the announcement of each project assignment's grades.)
Lab TA	:	David Morgan, E-mail: <davidmor@cs.usc.edu>
Lab Grader	:	Raghavendra Kulkarni, E-mail: <rskulkar@usc.edu>
Midterm Exam	:	during class time, Thu, 3/5/2009 (firm)
Final Exam	:	8-10am (corrected), Tue, 5/12/2009 (firm)

Class Resources

Description	:	textbooks, topics covered, grading policies, additional resources, etc.
Papers	:	required technical papers.
Lab	:	information regarding the lab session.
Lectures	:	slides from lectures in HTML and PDF formats.
Homeworks	:	(4-5 homeworks will be assigned. Please also see important information about programming assignments below.)
Term Paper	:	one term paper to be turned in towards the end of the semester.
Participation	:	rules about rowcalls.
Newsgroup	:	Google Group for discussing course materials and programming assignments. (This group is by invitation only.)

News

(in reversed chronological order)

4/28/2009: The final exam is closed book, closed notes, and closed everything (and no "cheat sheet"). Also, no calculators, cell phones, or any electronic gadgets are allowed. a photo ID. Your ID will be collected at the beginning of the exam and will be returned to you when you turn in your exam. There will be assigned seating.
The final exam will cover everything after the midterm exam (starting at slide 23 of lecture 14 on 2/26/2009) to the last slide of the lecture on 4/30/2009.
Here is a quick summary of the topics covered (not all topics covered are listed):
- Intermediate Cryptographic Protocols
  - subliminal channel
  - ElGamal signature
  - undeniable signature and other digital signature schemes
  - computing with encrypted data
  - one-way accumulators
  - key escrow
- Advanced Cryptographic Protocols
  - zero knowledge proofs
  - blind signatures
  - ID-based PKC
  - oblivious transfer
  - simultaneous contract signing
- Esoteric Cryptographic Protocols
  - secure multi-party computation
  - secure election
  - digital cash
  - anonymous message broadcast
- Key Management
  - pairwise key management
  - conventional key management
    - KDC, Needham-Schroeder, Kerberos
  - public key management
    - certification authority
  - group key management
    - GKMP
    - LHK
    - OFT
    - Diffie-Hellman group key
    - rekeying group keys using batched digital signatures
- Authentication: know, have, about you
  - Unix passwords
  - Kerberos and Directory Servers
  - public key
  - single sign on
  - some applications and how they do it
  - weaknesses
  - Lamport's hash chains
  - trust models for certification
  - GSS-API
  - applications (unix login, telnet, rsh/rlogin, ssh, http/https, ftp, Windows login, e-mail, NFS, Radius)
  - stopping SPAM
  - digital stamps (quota enforcement for SPAM control)
  - Microsoft Passport
  - Liberty Alliance
- Authorization
  - Access Matrix
  - capability
  - agent-based
  - policy models
    - discretionary policy
    - mandatory policy
    - Bell LaPadula
  - distributed mechanisms
    - GAA-API
- Intrusion Detection
  - misuse detection
  - anomaly detection
  - false positive & false negative
- Wireless
  - the real difference
    - devices and connectivity
  - some of the benefits
    - redundancy of aommunication paths
    - autonomy
  - WEP vulnerabilities
  - Bluetooth vulnerabilities
  - need for end-to-end security
- Application of Security - Bistro
  - real-time fingerprinting & timestamping
  - low-latency upload
  - timely transfer to final destination
- HW3, HW4, & HW5

4/23/2009: Information regarding course evaluation for DEN students only is available here. Unfortunately, for non-DEN students, this is not available.

3/30/2009: Office hours this Wednesday (4/1/09) has been canceled. Sorry about the inconvenience.

2/26/2008: The midterm exam will be closed book, closed notes, and closed everything (and no "cheat sheet"). Also, no calculators, cell phones, or any electronic gadgets are allowed. Please bring a photo ID. Your ID will be collected at the beginning of the exam and will be returned to you when you turn in your exam. There will be assigned seating.
The midterm exam will cover everything from the beginning of the semester till slide 22 of lecture 14.
Here is a quick summary of the topics (not all topics covered are listed):
- Cryptography
  - basic building blocks
    - transposition/permutation
    - substitution
    - monoalphabetic substitution cipher
    - one-time pad
    - stream vs. block
  - conventional/symmetric/secret key
    - DES (and 3DES)
      - components (Fiestel Network, S-boxes, P-boxes)
      - modes of operation (ECB, CBC, CFB, OFB)
    - AES/Rijndael, others (UNIX password)
  - public key/asymmetric
    - RSA
      - private/public key
      - encryption/decryption
    - ElGamal, Elliptic curve cryptosystems
  - digital signatures
  - Diffie-Hellman key exchange
  - hash functions
    - birthday paradox
    - MD5 and SHA-1 broken
    - message authentication code
    - one-time signature (signature using only hashes)
      - Lamport's one-time signature
      - Merkle's one-time signature and tree-based scheme
- Cryptographic Protocols
  - Basic Protocols
    - key exchange protocols
      - interlock protocol
    - authentication using PKC (NSPK)
      - breaking NSPK
      - fixing NSPK
    - multiple-key PKC
    - secret splitting
    - secret sharing with (k,n)-threshold scheme
  - Intermediate Cryptographic Protocols
    - bit commitment
      - symmetric cipher, hash function, random number generator
    - fair coin flips
      - hash function, public-key cryptography
    - timestamping
      - naive, improved, centralized, distributed
- 1/5/2009: Registering with the class mailinglist is required for this class because you must get your port assignments. If you have not done so, please visit the mailinglist page after the semester starts. (You do not have to be registered for the course to register with the class mailinglist.)
- 1/5/2009: Watch this area for important announcements.

Prerequisites

Please note that the instructor has never and will never sign anything that says that you can waive any of the prerequisites below:

CSci 402: Operating Systems. (If you have not taken this class at USC, you must take the CSci 402 placement exam; no exceptions.)
Qualify for a D-clearance. Please read the Placement Exam Instructions carefully. (If you are a new student, please also read New MS Student Info for an explanation of these terms.)

Important Information about Programming Assignments

Some homework assignments will require you to write some code. You must write your code in C/C++. No other programming language will be accepted and your program must compile and run with a Makefile on nunki.usc.edu. (Sorry, no Java.) You must be familiar with the UNIX development environment (vi/pico/emacs, cc/gcc or g++/CC, make, etc.)

If a student signs up late for this class or could not be present at the beginning of the semester, he/she is still required to turn in all assignments on time or he/she will receive a score of 0 for these assignments. No exceptions!