Home Publications Teaching
 

Computer Security (years 3&4, fall 2018, Computer Science)

Part I Cryptography. (W1-W7)

Ch.1. Introduction and historical context. Security objectives, attacks and adversaries (W1)

Ch.2. Symmetric encryptions, the Feistel network, DES, 3DES and AES. Security notions for symmetric encryptions. Block ciphers modes of operation. Hash functions (MD5, SHA1, SHA2, SHA3) and message authentication codes. (HMAC). (W2,W3)

Ch.3. Public-key cryptography. Asymmetric encryption functions RSA. The Diffie-Hellman-Merkle key exchange and ElGamal encryption. Digital signatures: RSA and DSA. Padding schemes for asymmetric encryptions and digital signatures. (W4,W5,W6)

Ch.4. Mathematical background. Brief recap on: algorithms complexity, information theory, probability theory and number theory. (W7)

Lecture slides are available here

A brief transcript here

As supplementary learning material, you are highly encouraged to use HAC which is freely available on-line, i.e., Menezes, A. J., Van Oorschot, P. C., & Vanstone, S. A. (1996). Handbook of applied cryptography. CRC press. The following book chapters are highly recommended:

- some math background here http://cacr.uwaterloo.ca/hac/about/chap2.pdf

- public-key crypto http://cacr.uwaterloo.ca/hac/about/chap8.pdf

- more on primality testing and group generators http://cacr.uwaterloo.ca/hac/about/chap4.pdf

- more insights on efficient implementations, e.g, repeated square-and-multiply http://cacr.uwaterloo.ca/hac/about/chap14.pdf

Part II Software & Network Security (W8-W14).

Ch.1. Buffer overflow attacks. Stack memory layout and function calls. Exploiting buffer overflows. Countermeasures: address randomization, non-executable stack, stackguard. (W8)

Mandatory reading: Wenliang Du, Computer Security: A Hands-on Approach, sample chapter, Chapter 4 Buffer Overflows http://www.cis.syr.edu/~wedu/seed/Book/book_sample_buffer.pdf

Don't forget lab material! http://www.cis.syr.edu/~wedu/seed/Labs_16.04/Software/Buffer_Overflow/Buffer_Overflow.pdf

Helpful summary by Marius Minea http://staff.cs.upt.ro/~marius/curs/sec/lect3.pdf

Ch.2. Wireless security, the 802.11 protocol suite: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA, TKIP), WPA2 (AES). (W8)

Mandatory reading: Chapter 7 from: Praphul Chandra, Bulletproof Wireless Security (GSM, UMTS, 802.11 and AdHoc Security), Newnes, ISBN: 0-7506-7746-5 , 2005

Ch.3. Key-exchange and tunneling protocols in the real world. The Internet Protocol Security (IPsec) security suite. Secure Sockets Layer (SSL), Transport Layer Security (TLS) . Secure Shell (SSH). Kerberos network authentication. (W8)

Mandatory reading: Chapter 12 - Authentication protocol - the real world, from: Wenbo Mao, Modern Cryptography:Theory and Practice, 648 pages, Prentice Hall, ISBN13:9780130669438, ISBN10: 0-13-066943-1, 2003.

Ch.4. Authentication protocols, fundamentals. Practical discussions on banking & OS security.

Mandatory reading, for the theoretical part: Chapter 10 - Identification and Entity Authentication, from HAC http://cacr.uwaterloo.ca/hac/about/chap10.pdf

Laboratory sessions

Part I Cryptography. (W1-W8)

W1: Password-based authentication in UNIX [pdf]

W2: Symmetric Encryption in .NET: Algorithms, Properties and Methods [pdf]

W3: Hash Functions and MAC Codes in .NET [pdf]

W4:Evaluation (I)

W5: The RSA Public-Key Cryptosystem in .NET. The DSA Signature Algorithm in .NET [pdf]

W6: Computational Problems Behind Public-Key Cryptosystems, BigIntegers In Java [pdf]

W7: Cryptography in Java: Symmetric and Asymmetric Encryptions, Password Based Key-derivations. [pdf]

W8: Evaluation (II)

Part II Network & Software Security (W9-W14, TBD).

W9: X509 certificates and HTTPS connections in Java [pdf]

W10: Setuid and setgid programs (please use SEED materials) [SEED]

W11: Buffer overflow attacks (please use SEED materials) [SEED]

W12: Return-to-libc attacks (please use SEED materials) [SEED]

W13: Format string vulnerabilities (please use SEED materials) [SEED]

W14: Evaluation (III)

Exam

Part I: 30-40 questions, multiple choices, here is a sample subject pdf

Part II: 4-5 questions, here is a sample subject pdf

Securitatea Informatiei (Informatica, an II, Ingineria Sistemelor, an III)

se vor utiliza materialele de la cursul Computer Security anii 3&4 Calculatoare de mai sus, aditional se pot folosi si urmatoarele materiale in limba romana:

Material scris, carte 200 pagini, in limba romana

Slideuri curs, 83 slide-uri in limba romana

Tehnici Avansate de Securitatea Informatiei (master SIAPS, an I)

Subiectele cursului includ:

TBA

Subiectele proiectului

Tema poate fi selectata din urmatoarele directii ce urmeaza a fi particularizate in baza discutiilor cu studentul: i) securitate criptografica in sisteme embedded (e.g., implementari de functii criptografice in sisteme cu microcontrollere), ii) securitate criptografica pe dispozitive mobile (e.g., smartphones, tablete, etc.) iii) securitate criptografica in aplicatii dezvoltate in limbaje high-level (e.g.., NET sau Java) iv) studii de caz (e.g., usable security, e-banking, etc.)

Inteligenta Artificiala si Sisteme Autonome (master SIAPS, an II)

Subiectele laboratorului includ :

Lucrarile 1-7 - Rezolvarea Problemelor prin Strategii de Cautare, Strategii Neinformate de Cautare, Implementarea Strategiilor de Cautare Neinformate, Strategii Informate de Cautare, Implementarea Strategiilor de Cautare Informate, Optimizari A*: IDA*, SMA*; tehnici de cautare prin imbunatatire iterativaBasic concepts and terminology, theoretical foundations. Anexa 1 - Elemente de Teoria Complexitatii Algoritmilor (material inclus in Lucrarea 1)

Bibliografie: Bogdan Groza, Introducere in inteligenta artificiala - aplicatii cu strategii de cautare neinformate si informate, 90 pagini, ISBN 978-973-625-779-7, 2008

(Last updated: 04/2017)