Information Security, Fall 2016

The goal of this course is to acquaint the students with security issues in multi-user information systems and computer networks and to provide them with training in the fundamental techniques, particularly cryptography, for security and their applications in practical areas such as electronic commerce, network intrusion protection, and security management.

• 02/01: grade report revised.
• 01/26: Grade Report available; contact Yih-Kuen Tsay by 5PM 01/27 if you have any question or request.
• 01/02: suggested solutions for HW#3 available.
• 12/19: for the field trip to the Acer eDC on 12/27, the buses depart at 12:30PM from the front of the Second Students' Activities Center; back to the departing place around 5:30–6:00PM.
• 12/13: project descriptions: Option #1 (Prof. Tsay), Option #2 (Prof. Lin), Option #3 (Prof. Tsay), and Option #4 (Prof. Sun).
• 12/13: Guidelines for Term Project announced; proposal due 12/27.
• 12/09: class average of midterm: Part I: 26.3/50, Part II: 49/100.
• 12/04: HW#3 (use International Edition of the textbook!) due 12/13.
• 11/29: slides for Key Management and for User Authentication available.
• 11/22: slides for Hash Functions and for Message Authentication available.
• 11/07: slides for RSA, ECC, and Digital Signatures available.
• 11/06: suggested solutions for HW#1A and HW#1B available.
• 10/11: HW#1B (use International Edition of the textbook!) due 11/01.
• 10/11: slides for Multiple Ciphers and Modes of Operation and for Random Number Generation and Stream Ciphers available.
• 10/04: deadline of HW#1A extended to 10/18.
• 10/04: slides for AES available.
• 09/20: HW#1A (use International Edition of the textbook!) due 10/11.
• 09/20: slides for Block Ciphers and DES and for Basic Number Theory and Finite Fields available.
• 09/13: slides for Course Introduction, Subject Overview, and Classical Encryption Techniques available.
• 09/12: website announced. This website is the primary source of all up to date course information and syllabus of Information Security 2016; there is no separate PDF version for the syllabus.

Yeali S. Sun (孫雅麗), Room 909, Management II, 3366-1195, Xsunny@ntu.edu.twX (between the enclosing pair of X's)
Yeong-Sung Lin (林永松), Room 808, Management II, 3366-1191, Xyeongsunglin@gmail.comX (between the enclosing pair of X's)
Yih-Kuen Tsay (蔡益坤), Room 1108, Management II, 3366-1189, Xtsay@ntu.edu.twX (between the enclosing pair of X's)
Guest speaker: Mike Hsiao (蕭舜文), Xhsiaom@gmail.comX (between the enclosing pair of X's)

Tuesday 2:20~5:20PM, Room 205, College of Management, Building 2.

葉展奇 (for Prof. Sun), Xr04725042@ntu.edu.twX (between the enclosing pair of X's)
簡伯銓 (for Prof. Lin), Xr04725015@ntu.edu.twX (between the enclosing pair of X's)
張子建 (for Prof. Tsay), Xr03725007@ntu.edu.twX (between the enclosing pair of X's)

By appointment; please contact the instructor or TA directly.

Operating Systems and Computer Networks.

• Cryptography and Network Security: Principles and Practice, 6th Edition (International), W. Stallings, Prentice Hall, 2014. (Note: be sure to check out the errata list on the website of the book!)

• Supplementary readings.

We will study the design and underlying principles of automated tools for protecting information, including software and data, stored on computers or communicated over networks. The main focus will be on the fundamentals and applications of cryptographic technology. We will follow mainly the textbook of W. Stallings and enhance the contents with class notes and supplementary readings.

• Overview: basic concepts, architecture, model, etc. (.5 week: 09/13a) [slides: Course Introduction; Overview]
• Symmetric Cryptography: classical techniques, block ciphers, DES, finite fields, AES, pseudorandom number generation, stream ciphers, etc. (3.5 weeks: 09/13b, 09/20, 10/11, 10/25) [slides: Classical Techniques, Block Ciphers and DES, Finite Fields, AES, Multiple Ciphers and Modes of Operation, Random Number Generation and Stream Ciphers]
• Public-Key (Asymmetric) Cryptography: number theory, RSA, ECC, etc. (3 weeks: 09/27, 10/04, 10/18) [slides: RSA, ECC]
• Digital Signatures (1 week: 11/01) [slides]
• Midterm (2016/11/08)
• Hash Functions (.5 week: 11/22a) [slides]
• Message Authentication (.5 week: 11/22b) [slides]
• Key Management and User Authentication (1 week: 11/29) [slides: Key Management, User Authentication]
• Network Security: IPsec, virtual private networks (VPNs), IP traceback, firewalls, denial of service, etc. (3 weeks: 12/06, 12/13, 12/20) [slides: Part I, Part II]
• Field Trip (12/27) [schedule]
• Web Security (.5 week: 01/03a) [slides]
• Malware Analysis (.5 week: 01/03b) [slides]
• Final (2017/01/10)

Homework 10%, Midterm 30%, Final 30%, Term Project 20%, Attendance/Participation 10%.

1. Cryptography and Network Security: Principles and Practice, 6th Edition, W. Stallings, Prentice Hall, 2014. (Note: textbook of this course.)
2. Introduction to Cryptography, 2nd Edition, J.A. Buchmann, Springer, 2004. (Note: an introductory book self-contained with a succinct coverage of mathematical foundations.)
3. Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, B. Schneier, John Wiley & Sons, 1996. (Note: a very comprehensive book on cryptography and its applications.)
4. Security in Computing, 4th Edition, C.P. Pfleeger and S.L. Pfleeger, Prentice Hall PTR, 2006. (Note: similar to [1] in scope and in technical depth. It covers fewer encryption algorithms, but is more comprehensive in system/program security. It also has chapters on data base security, security management, and legal and ethical issues.)
5. Firewalls and Intranet Security: Repelling the Wily Hacker, 2nd Edition, W.R. Cheswick, S.M. Bellovin, and A.D. Rubin, Addison-Wesley, 2003.
6. Building and Managing Virtual Private Networks, D. Kosiur, John Wiley & Sons, 1998.
7. Building SET Application for Secure Transactions, M.S. Merkow, J. Breithaupt, and K. Wheeler, John Wiley & Sons, 1998.
8. Practical UNIX and Internet Security, 3rd Edition, S. Garfinkel, G. Spafford, and A. Schwartz, O'Reilly & Associates, 2003.
9. Secure Programming with Static Analysis, B. Chess and J. West, Addison-Wesley, 2007.
10. Operating System Concepts, 8th Edition (Chapters 14 and 15), A. Silberschatz, P.B. Galvin, and G. Gagne, Wiley, 2008.
11. Computer Networks, 5th Edition (Chapter 8), A.S. Tanenbaum, Prentice Hall, 2010.
12. Distributed Systems: Concepts and Design, 5th Edition (Chapter 7), G. Coulouris, J. Dollimore, and T. Kindberg, Addison-Wesley, 2011.
13. The Risks Digest, ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator.
14. The OWASP Website. (Note: a website dedicated to Web application security.)

[Midterm 2006: Part I]
[Midterm 2007: Part I]
[Midterm 2008: Part I]
[Midterm 2009: Part I]
[Midterm 2010: Part I, Part II]
[Midterm 2011: Part I]
[Midterm 2012: Part I] [Final 2012: Part I]
[Midterm 2013: Part I]
[Midterm 2014: Part I] [Final 2014: Part I]
[Midterm 2015: Part I] [Final 2015: Part I]