Lecture Schedule

Note: You are responsible for all the material referenced below, even if it not explicitly covered in class. (You are, of course, also responsible for material covered in class, even if it is not covered in the reading material below.) "Bishop" refers to "Computer Security: Art and Science," by Bishop. "KPS" refers to "Network Security: Private Communication in a Public World" (2nd edition), by Kaufman, Perlman, and Speciner.

Other references are given, as noted.

I provide a copy of my slides for convenience. However, looking at these slides is not a substitute for attending lectures; they are just a guideline to what was covered in class.

Lecture	Date	Summary and Reading
1	Sept 2	Introduction and course overview Slides for lecture 1 Bishop, Chapter 1 Reflections on Trusting Trust, by Thompson Managed Security Monitoring, by Schneier. (Note that Schneier is the CTO of Counterpane, so take what he says with the appropriate grain of salt. However, what he says here provides interesting food for thought.)
2	Sept 4	Overview of security; introduction to cryptography Slides for lecture 2 Bishop, Sections 9.1, 9.2 (not 9.2.1) KPS, Sections 2.1-2.4, 3.2
3	Sept 9	Some simple schemes for private-key encryption, and why they are insecure Slides for lecture 3 Bishop, Sections 9.1, 9.2 (not 9.2.1) Stinson: "Cryptography: Theory and Practice (2nd edition)", Chapter 1 (available in the library). This is not required, but reviews what I did in class for the shift, substitution, and Vigenere ciphers.
4	Sept 11	Security notions for private-key encryption Slides for lecture 4 Bishop, Section 9.2.3 KPS, Chapters 2.1-2.4
5	Sept 16	Private-key encryption schemes, modes of encryption Slides for lecture 5 Bishop, Section 9.2.3 KPS, Sections 3.1-3.3, 3.5, 4.1, 4.2, 4.4 (note: you are not required to know specific details about either DES or AES)
-	Sept 18	School closed
6	Sept 23	Basic number theory, public-key encryption, RSA There were no slides for lecture 6 Bishop, Section 9.3.2 KPS, Sections 7.1-7.3, 7.6-7.8, 6.1, 6.2, 6.3.1-6.3.4, 6.6. (Section 7.4 was mentioned, but not covered, in class. You may be interested in reading it, but it is not required.)
7	Sept 25	RSA, generating random primes, El Gamal encryption, hybrid encryption There were no slides for lecture 7 Bishop, Section 9.3 KPS, Sections 6.3.6.1, 6.3.6.2, 6.4.3 (plus the first two pages of Section 6.4, which are needed to understand Section 6.4.3)
8	Sept 30	Message integrity, message authentication codes, signature schemes Slides for lecture 8 Why Cryptosystems Fail, by Anderson Analysis of the (In)security of an Electronic Voting System, by Kohno, et al. (Note: You are not responsible for this for the final exam.) Bishop, Section 10.6 (pages 266-267 only) KPS, Section 2.5.5
9	Oct 2	Signature schemes, hash functions, PKI Slides for lecture 9 KPS, Sections 5.1, 6.3.6.3, 6.5 (you are not responsible for any details of DSS), 15.1, 15.2, 15.3.1, 15.3.2
10	Oct 7	Access control, Security policies Slides for lecture 10 Bishop, Chapters 2, Sections 4.1-4.6
11	Oct 9	Security policies: confidentiality, integrity Slides for lecture 11 Bishop, Sections 5.1-5.2.1, 6.1
12	Oct 14	Integrity policies, access control Slides for lecture 12 Bishop, Sections 6.1-6.3, 6.4 (not 6.4.1), 6.5, 15.1
13	Oct 16	Access control Slides for lecture 13 Bishop, Chapter 15
-	Oct 21	Midterm
14	Oct 23	Midterm review, design principles, computer viruses/worms Slides for lecture 14 Bishop, Chapter 13 The material about viruses and worms was taken from Chapter 3 of "White-Hat Security Arsenal," by Rubin (this is not required reading, but it is an enjoyable read!)
15	Oct 28	Representing identity, certification authorities Slides for lecture 15 Bishop, Chapter 14
16	Oct 30	Anonymity and pseudonymity, anonymizers Slides for lecture 16 The article about "crowds", an http anonymizer (not required reading)
17	Nov 4	More on PKI, revocation Slides for lecture 17 KPS, Chapter 15
18	Nov 6	Authentication, passwords Slides for lecture 18 KPS, Chapters 9, 10.1-10.7
19	Nov 11	Authentication protocols, session keys, key exchange/key establishment Slides for lecture 19 See previous lecture KPS, Section 12.2
20	Nov 13	Protocols for mutual authentication and key exchange: weaknesses, attacks, defenses, and principles Slides for lecture 20 KPS, Chapter 11
21	Nov 18	Protocols for mutual authentication and key exchange: weaknesses, attacks, defenses, and principles Slides for lecture 21 See previous lecture
22	Nov 20	Authentication and mediated authentication Slides for lecture 22 See previous lecture
23	Nov 25	Guest lecture: Greg Bard on intrusion detection
24	Dec 2	Real-world protocols for network security Slides for lecture 24 KPS, Sections 10.8-10.10 (you are responsible for this even though I did not cover all of it in class); Chapter 16 Bishop, Sections 11.3 (contains an overview of the network layers), 11.4 (most of this will be superseded by material from KPS; the most important section is 11.4.4) For more details about the concept of network layers, I recommend Chapter 1 (and especially Section 1.7) of "Computer Networking: A Top-Down Approach Featuring the Internet, 1st edition," by Kurose and Ross. Pages 602-603 of that book also contain useful discussion reinforcing what we covered in class.
-	Dec 4	Class cancelled due to illness
25	Dec 9	IPSec and IKE Slides for lecture 25 KPS, Sections 17.1-17.5 and 18.4-18.6 (you do not need to memorize any low-level details about what IPSec or IKE do, but you should understand the protocols in sufficient detail to explain them if they are given to you on an exam)
26	Dec 11	Secure programming (guest lecture by Joe Testa); SSL; course review Joe Testa's slides on secure programming (this material will not be covered on the final) Remaining slides for lecture 26 KPS, Sections 19.1-19.8, 19.12 (again, you are not responsible for any low-level details of SSL) KPS, Sections 22.1-22.3