Title: Computer Science 427/527
1Computer Science 427/527 Title Computer
Security (3 credits) Meets
Tuesday/Thursday 250 - 400 pm Where
WHETS Teacher Robert E. Mahan
Pacific Northwest National Laboratory
Phone 627-4336 (home) e-mail
robertmahan_at_charter.net Can also contact me by
calling WHETS control in Richland at/or near the
end of the class period.
2Class Web Site
- Old web site is at
- www.tricity.wsu.edu/cs427
- New web site (actually an ftp site) is at
- http//www.tricity.wsu.edu/rmahan
- There is text, slides, admin, and homework
assignments for Security 2005 located here.
3Class Text Stallings, William,Cryptography and
Network Security, Principles and Practice, 3rd
edition, Prentice Hall, 2003. Supplementary
Texts Schneier, Bruce, Applied Cryptography,
2nd ed., Wiley 1996. Includes algorithms and
source code in C.
4Supplementary Texts
- Schneier, Bruce, Secrets and Lies, Digital
Security in a Networked World, Wiley, 2000.
Weaknesses of the pure technology approach to
security. - Stinson, Douglas R., Cryptography Theory and
Practice, 2nd edition, Chapman Hall/CRC Press,
2002. Heavy mathematical treatment of
cryptography including proofs.
5Supplementary Texts Pfleeger, Charles P.,
Security in Computing, 3rd edition, Prentice
Hall, 2003. Well balanced covers material not
found in other texts. Oppliger, Rolf, Security
Technologies for the World Wide Web, 2nd
edition, 2003, Artech House. Arguably the best
text on WWW security currently available.
6Just Good Reading Kahn, David, The
Codebreakers The Story of Secret Writing,
Scribner, 1996. The most widely acclaimed
history of cryptography. Singh, Simon, The
Code Book, Anchor Books, 1999. A best seller
about the history of making and breaking
codes. Stoll, Clifford, The Cuckoos Egg,
Doubleday, 1989. A best seller about tracking
bad guys through cyber space. Mitnick, Kevin
D., The Art of Deception, Wiley, 2002. Tales
from one of the most notorious hackers.
7Grading Exams Mid-term and final in-class,
full period, closed book. Homework Problem
solutions and short programming
assignments. Project Research paper on computer
security. 527 standard is higher. Both require
citations of sources. Can be used for graduation
writing requirement, but you need to do the
paperwork. Grades 40 h/w and papers, 30
mid-term, 30 final.
8Undergraduates State-of-the-art survey, at least
10 pages in length, single spaced. Choose one of
the following topics Due date April 17, 2004 (2
weeks before final exams). Topic 1 The Security
of the Diffie-Hellman Algorithm. Topic 2
Internet key exchange protocols. Topic 3
Analysis of passphrases as an alternative to
passwords.
9Diffie-Hellman
- Diffie-Hellman security relies on the difficulty
- of the discrete logarithm problem. This project
- describes attempts to determine what size
- primes are required for security. In particular,
- evaluate the secure identification option of the
- Sun Network File System, which uses Diffie-
- Hellman algorithm with a prime p of 192 bits.
-
10- Diffie-Hellman Paper
- Describe the different steps necessary to solve
the discrete logarithm problem (DLP). - Discuss the state-of-the-art results obtained for
the solution of DLP. - Discuss the SUN NFS cryptosystem, and discuss
some of its deficiencies. - Make recommendations in order to have a secure
size for the prime number p used in the
Diffie-Hellman algorithm for the next ten years.
11Topic 2 Internet Key Exchange Protocols The
IETF has developed several key exchange protocols
intended for the exchange of keys over the
Internet. These have had performance problems and
are not widely used. Evaluate protocols developed
by the IETF and report on their effectiveness.
Include any current efforts to develop improved
protocols.
12- Internet Key Exchange Paper
- Describe the different protocols that are
available. - Discuss their strengths and weaknesses.
- Discuss current IETF efforts to develop new or
improved protocols including the timeline. - Indicate your views on how effective this will
effort will be what are the barriers/issues. -
13Topic 3 Passphrases versus passwords There is
increasing concern about the viability of the
continued reliance on passwords as a means of
authentication and access control. Newer methods
of breaking passwords are becoming more effective
and faster. Passphrases have been offered as an
effective alternative to the traditional
password.
14- Topic 3 Objectives
- Describe the theory behind passwords and
passphrases for authentication. - In particular, address the concept of entropy
and how it applies to passwords and passphrases. - Discuss methods used to break both types of
authenticators considering their strengths and
weaknesses. - Compare the effectiveness of passphrases to
multi-factor authenticators and summarize a
recommended approach. -
15Graduate Students Analysis, at least 20 pages in
length, single spaced on the security of
Supervisory Control and Data Acquisition (SCADA)
systems Due date April 17, 2005 (2 weeks
before finals). SCADA systems are used to
control critical systems in various industries
including electric power, water quality,
natural gas distribution, etc. These systems
once used proprietary protocols, but are
transitioning to Internet protocols. This
raises security issues regarding the
vulnerability of the U.S. critical
infrastructure.
16- SCADA Paper
- Describe the purpose and history of SCADA
systems used in the U.S critical infrastructure
including the motivation for the transition to
IP-based SCADA. - Describe the technical aspects of SCADA in terms
of components, communications, and protocols. - Describe problems/weaknesses in existing the
SCADA environment (both technical and
non-technical).
17SCADA Paper
- Describe steps that need to be taken to improve
SCADA security - Report on your assessment of whether those steps
are being taken in the electric power industry
and why, or why not they are being taken or not
taken.
18Homework Include the following printed in the
top right-hand corner of all homework, project,
and test submissions Your Full name Your
student ID Your location (i.e., Pullman,
Vancouver, Tri-Cities) Assignment Number Date
submitted This greatly simplifies sorting and
returning papers. Failure to do this will result
in a deduction of points. Good idea to make
yourself a template!
19- Homework/Project/Test Disputes
- Your work will be graded by a TA. If you have any
- dispute with your grade and seek a remedy, you
will - need to submit an argument in your favor.
Include - A clear description of what you are disputing.
- The reason for the dispute (justifying a grade
change). - What points you believe should have been awarded.
- In preparing homework
- Show all work steps and include any assumptions
you - make.
- Write clearly and legibly.
- Staple your pages together.
20Projects Software projects have no prescribed
language or format. You will not be graded on
documentation, style, or formatting
practices. I dont care what language you use
you can use Excel if that solves the
problem. You must submit source code, results,
and enough documentation for the work to make
sense. Ensure that you clearly highlight answers
so they can be easily found.
21Academic Integrity/Ethics You are expected to
behave in accordance with high standards of
ethical behavior as defined in the Student
Handbook. Discovered breaches will result in a
loss of points on the 1st offense and a course
grade of F for any subsequent occurrence.
Plagarism will not be tolerated. See
http//www.eecs.wsu.edu/syllabus/ eeungrad/academ
ic-integrity.html for the detailed rules!
22Disability Accommodations Reasonable
accommodations are available for students who
have a documented disability. Please notify the
instructor during the 1st week of class of any
accommodations needed for the course. Late
notification may cause the request to be
unavailable. All accommodations must be approved
each semester by the Coordinator of Disability
Services, (Marjorie Seipt at WSU-Tri- Cities
372-7351 see your advisory on campus). If you
need services and have not already met with
Disability Services you need to take immediate
action.
23Pullman TA Your campus TA information
is Rongsen He Bldg/Room Sloan 330 Phone
335-1886 E-Mail rhe_at_eecs.wsu.edu Office Hours
Mon/Thurs 9-11 am Use for questions, problems
help, advice.