Embed Size (px)
Citation preview
CPE5420 – Introduction to Network Security
– Fall 2016
Course Overview
Course Description: This course examines basic issues in network management, testing, and
security; it also discusses key encryption, key management, authentication, intrusion detection,
malicious attack, and insider threats. Security of electronic mail and electronic commerce
systems is also presented.
Prerequisite: CPE5410 (Introduction to Computer Communication Networks) or CS5600
(Computer Networks)
Class Number: On Campus: CPE: 72337 – Distance Education: CPE: 72338
Course Number: CPE5420
Credit Hours: 3.0
Time: MWF @ 10:00 am – 10:50 am
Location: Toomey 260 and Distance Education
Instructor: Egemen K. Çetinkaya
Instructor Contact Information:
132 Emerson Electric Co. Hall
301 W. 16th St.
Rolla, MO 65409-0040
Phone: +1 573 341 6887
E-mail: [email protected]
Skype: starpasha2004
Instructor Office Hours: MWF @ 11:00 am – 11:45 am or by appointment
Administrative Assistant: Ms. Carol Lay, +1 573 341 4509, [email protected], 143 Emerson
Electric Co. Hall
CPE5420 Fall 2016 Syllabus: This syllabus is for all sections of this course
Course Schedule
Tentative schedule of lectures, readings, assignments, and exams. Dates in the future subject to
change.
Week Date Lecture Notes Key Protocols and
Algorithms Readings Assignments
Project
Milestones
Week
01
22
Aug.
Course
Overview N/A N/A N/A
Project
overview,
expectations,
and planning
24
Aug.
Networking
Background N/A K:1.1-1.5, [SRC1984]
[Homework
1] N/A
26
Aug.
Resilience
Overview N/A [SHÇ+2010] N/A N/A
Week
02
29
Aug.
Security
Introduction
RFC 4949, RFC
2196 K:1.6-1.14 N/A N/A
31
Aug. Crypto Overview RFC 4086 K:2 N/A N/A
02
Sep. DES
DES, DES Modes,
RFC 4772
Block Cipher
Modes
K:3.1-3.3 N/A N/A
Week
03
05
Sep.
Labor Day
Holiday N/A N/A N/A N/A
07
Sep. AES AES, DR2001 K:3.5 N/A N/A
09
Sep.
Public-Key
Cryptography
Overview
[IEEE Standard
Specifications for
Public-Key
Cryptography]
K:6.1-6.2 N/A N/A
Week
04
12
Sep. PKCS Algorithms RFC 3447 K:6.3-6.4 N/A N/A
14
Sep.
Asymmetric
Cryptography N/A K:6.5-6.8 N/A N/A
16
Sep.
Cryptographic
Hash Function
SHA-3, RFC 6234,
RFC 1321, RFC
6151
K:5.1-5.2 N/A N/A
Week
05
19
Sep.
Data Integrity
Algorithms
RFC 2104, RFC
6151 K:5.3-5.5 N/A N/A
21
Sep.
Data Integrity
Algorithms
DSS
RFC 4270 K:5.6-5.7 N/A N/A
23
Sep.
Key
Management
and Distribution
NIST SP 800-57
Part 1, Part 2, Part
3
K:9 N/A
Finalize project
topics and
groups
Week
06
26
Sep.
Key
Management
and
Authentication
RFC 5280, RFC
3647
ITU-T X.509
K:15 N/A N/A
28
Sep.
Network and
User
Authentication
RFC 4120,
Kerberos
NIST PIV
Standards
K:10, 13 N/A N/A
30
Sep. Exam 1 Logistics Exam 1 N/A N/A N/A
Week
07
03
Oct.
Higher Layer
Security
[TLS: RFC 5246],
[SSL: RFC 6101,
RFC 7568],
[SN Attack: RFC
6528]
K:19 N/A N/A
05
Oct.
Higher Layer
Security
[HTTPS: RFC 2818]
[SSH: RFC 4251]
[FTP: RFC 2577,
K:25 N/A N/A
RFC 4217]
07
Oct.
Higher Layer
Security
[PGP: RFC 1991],
[OpenPGP: RFC
4880]
[PEM: RFC 1421]
[S/MIME: RFC
5751]
[DKIM: RFC 5585,
RFC 5863, RFC
4686]
[Trustworthy
Email: NIST SP
800-177]
K:20, 21, 22 N/A N/A
Week
08
10
Oct.
Network Layer
Security
[RFC 1636]
[IPsec: RFC 4301,
RFC 4302, RFC
4303]
[IKE: RFC 7296]
[Attacks: RFC
1858, RFC 3128,
RFC 2827, RFC
5927]
K:17 N/A N/A
12
Oct.
Network Layer
Security
[BGP Security
Vulnerabilities:
RFC 4272]
[S-BGP: KLS2000],
[BGPSEC: Draft],
[soBGP: Draft]
[LGS2013] N/A N/A
14
Oct.
Network Layer
Security
[DNSSEC: RFC
4033] N/A N/A N/A
Week
09
17
Oct.
Link Layer
Security
[IEEE 802.11-
2012]
[DKB2005],
[SMM+2006],
[KW2003]
N/A N/A
19
Oct.
Link Layer
Security [IEEE/ISO/IEC
8802-1X-2013] N/A N/A N/A
[IEEE 802-1AE-
2006]
21
Oct.
Link Layer
Security
[CHAP: RFC 1994],
[EAP: RFC 3748]
[BOR2003],
[GH2003] N/A
Project report
draft - title,
abstract, outline
MS-Word
template or
LaTeX template
Week
10
24
Oct. Firewall/ACL N/A K:23 N/A N/A
26
Oct. Firewall/ACL N/A K:15.8 N/A N/A
28
Oct.
Network Access
Control
[NAT: RFC 3022,
RFC 2663],
[L2TP: RFC 2661,
RFC 3193],
[PANA: RFC 5191],
[RADIUS: RFC
2865], [Diameter:
RFC 7155]
N/A N/A N/A
Week
11
31
Oct.
Anomaly
Detection N/A
[IDS - CBK2009,
ZLH2003, R1999] N/A N/A
02
Nov. Folklore N/A K:26 N/A N/A
04
Nov. Exam 2 Logistics Exam 2 N/A N/A N/A
Week
12
07
Nov. Special Topics N/A
[Coremelt Attack:
SP2009]JM1 :
presentation
N/A N/A
09
Nov. Special Topics N/A
[Healthcare Attack:
HBR+2008]JM2 :
presentation
[DH Crypto Attack:
N/A N/A
ABD+2015]JM3 :
presentation
[Spam Botnets:
XYA+2008]JM4 :
presentation
11
Nov. Special Topics N/A
[CAPTCHA Attack:
YS2008]JM5 :
presentation
[OSN Attack:
BSB+2009]JM6 :
presentation
N/A N/A
Week
13
14
Nov. Special Topics N/A
[Honeypots:
P2004]JM7 :
presentation
[Heartbleed Bug:
CDF+2014, W2014,
GK2014]JM8 :
presentation
N/A N/A
16
Nov. Special Topics N/A
[Cloud Security:
RTS+2009]JM9 :
presentation
[Attacks in Cloud:
CXZ+2011]JM10 :
presentation
N/A N/A
18
Nov. Special Topics N/A
[Software Security
Testing: PM2004,
CM2004,
ASM2005]JM11 :
presentation
[Secure Software
Development:
M2004, VM2004,
WM2005]JM12 :
presentation
N/A
Project report
draft - solid draft
with references
Week
14
21
Nov.
Thanksgiving
Holiday N/A N/A N/A N/A
23
Nov.
Thanksgiving
Holiday N/A N/A N/A N/A
25
Nov.
Thanksgiving
Holiday N/A N/A N/A N/A
Week
15
28
Nov. Special Topics N/A
[Mobile Malware:
FFC+2011]JM13 :
presentation
[OS Security:
RKM+2012]JM14 :
presentation
N/A N/A
30
Nov. Special Topics N/A
[Privacy (NSA and
Snowden): L2013,
L2014, T2014]JM15 :
presentation
[Web Privacy:
MM2012]JM16 :
presentation
N/A N/A
02
Dec. Special Topics N/A
[OSN Privacy:
KW2009]JM18 :
presentation
[SSO Vulnerabilities:
WCW2012]JM19 :
presentation
N/A N/A
Week
16
05
Dec. N/A N/A N/A
{JM1, JM2},
{JM3, JM4}
Project
presentations
during class
07
Dec. N/A N/A N/A
{JM5, JM6},
{JM7, JM8}
Project
presentations
during class
09
Dec. N/A N/A N/A
{JM9, JM10},
{JM11, JM12}
Project
presentations
during class
Week 15 No Final Exam N/A N/A N/A Project reports
17 Dec. due
Reading assignments: K = [KPS2002]
18 October 2016: Mid-semester grades due by instructor
24 October 2016: Mid-semester grades available via Joe'SS
20 December 2016: Final grades due by instructor
26 December 2016: Final grades available via Joe'SS
Course Materials
Books
The required textbook for this class:
[KPS2002] Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private
Communication in a Public World, 2nd edition, Prentice Hall, 2002.
(E-book is accessible online via the library.)
Optional Books
Generic Security
[S2017] William Stallings, Cryptography and Network Security: Principles and Practice, 7th
edition, Prentice Hall, 2017.
[A2008] Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed
Systems, 2nd edition, Wiley, 2008.
(It is available online via author's website.)
[V2013] John R. Vacca, Computer and Information Security Handbook, 2nd edition, Morgan
Kaufmann, 2013.
(E-book is accessible online via the library.)
[SS2010] Peter Stavroulakis and Mark Stamp, Handbook of Information and Communication
Security, Springer-Verlang, 2010.
(E-book is accessible online via the library and doi.)
[QTK+2008] Yi Qian, David Tipper, Prashant Krishnamurthy, and James Joshi, Information
Assurance: Dependability and Security in Networked Systems, Morgan Kaufmann, 2008.
(E-book is accessible online via the library.)
[S2011] Mark Stamp, Information Security: Principles and Practice, 2nd edition, Wiley, 2011.
(E-book is accessible online via the library.)
[B2004] Matt Bishop, Introduction to Computer Security, Addison-Wesley Professional, 2004.
(E-book is accessible online via the library.)
[B2002] Matt Bishop, Computer Security: Art and Science, Addison-Wesley Professional, 2002.
(E-book is accessible online via the library.)
[SB2015] William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 3rd
edition, Prentice Hall, 2015.
[S2006] David Salomon, Foundations of Computer Security, Springer-Verlang, 2006.
(E-book is accessible online via the library and doi.)
[AB2010] Tansu Alpcan and Tamer Başar, Network Security: A Decision and Game-Theoretic
Approach, Cambridge University Press, 2010.
(E-book is accessible online via the library.)
Cryptography
[MOV1996] Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, Handbook of
Applied Cryptography, CRC Press, 1996.
(It is available online via author's website.)
[S1995] Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C,
2nd edition, Wiley, 1995.
(E-book is accessible online via the library.)
[PP2010] Christof Paar and Jan Pelzl, Understanding Cryptography, Springer-Verlang, 2010.
(E-book is accessible online via the library and doi.)
[V2006] Serge Vaudenay, A Classical Introduction to Cryptography: Applications for
Communications Security, Springer, 2006.
(E-book is accessible online via the library and doi.)
[BJL+2006] Thomas Baigèneres, Pascal Junod, Yi Lu, Jean Monnerat, and Serge Vaudenay, A
Classical Introduction to Cryptography Exercise Book, Springer, 2006.
(E-book is accessible online via the library and doi.)
[DR2001] Joan Daemen and Vincent Rijmen, The Design of Rijndael: AES - The Advanced
Encryption Standard, Springer Berlin Heidelberg, 2001.
(It is available online via author's website.)
Malicious Logic
[YY2004] Adam Young and Moti Yung, Malicious Cryptography: Exposing Cryptovirology,
Wiley, 2004.
(E-book is accessible online via the library.)
[A2006] John Aycock, Computer Viruses and Malware, Springer, 2006.
(E-book is accessible online via the library and doi.)
[F2005] Eric Filiol, Computer viruses: from theory to applications, Springer-Verlang, 2005.
(E-book is accessible online via the library and doi.)
Cloud Security
[LP2015] Flavio Lombardi and Roberto Di Pietro, Security for Cloud Computing, Artech House,
2015.
(E-book is accessible online via the library.)
[L2015] Fabio Alessandro Locati, OpenStack Cloud Security, Packt Publishing, 2015.
(E-book is accessible online via the library.)
[A2014] Imad M. Abbadi, Cloud Management and Security, Wiley, 2014.
(E-book is accessible online via the library.)
[X2014] Kaiqi Xiong, Resource Optimization and Security for Cloud Services, Wiley, 2014.
(E-book is accessible online via the library.)
[SRH2014] Raj Samani, Jim Reavis, and Brian Honan, CSA Guide to Cloud Computing,
Syngress, 2014.
(E-book is accessible online via the library.)
[NP2014] Surya Nepal and Mukaddim Pathan, Security, Privacy and Trust in Cloud Systems,
Springer-Verlang, 2014.
(E-book is accessible online via the library and doi.)
[H2011] Ben Halpert, Auditing Cloud Computing: A Security and Privacy Guide, Wiley, 2011.
(E-book is accessible online via the library.)
[KV2010] Ronald L. Krutz and Russell Dean Vines, Cloud Security: A Comprehensive Guide to
Secure Cloud Computing, Wiley, 2010.
(E-book is accessible online via the library.)
[MKL2009] Tim Mather, Subra Kumaraswamy, and Shahed Latif, Cloud Security and Privacy,
O'Reilly Media, 2009.
(E-book is accessible online via the library.)
Supplementary Books
[KR2017] James F. Kurose and Keith W. Ross, Computer Networking: A Top-Down Approach,
7th edition, Pearson, 2017.
(Note that this a mandatory book (and must be read) for anyone who wants start networking
research with me.)
[T2002] Kishor S. Trivedi, Probability and Statistics with Reliability, Queuing, and Computer
Science Applications, 2nd edition, Wiley, 2002.
(Note that this is the required textbook for CPE 6440, Network Performance Analysis.)
[K2012] Srinivasan Keshav, Mathematical Foundations of Computer Networking, Addison-
Wesley Professional, 2012.
(E-book is accessible online via the library.)
[CLR+2009] Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein,
Introduction to Algorithms, 3rd edition, MIT Press, 2009.
Papers
[SRC1984] Jerome H. Saltzer, David P. Reed, and David D. Clark, “End-to-End Arguments in
System Design,” ACM Transactions on Computer Systems, Volume 2, Issue 4, pp. 277 – 288,
November 1984.
[SHÇ+2010] James P.G. Sterbenz, David Hutchison, Egemen K. Çetinkaya, Abdul Jabbar, Justin
P. Rohrer, Marcus Schöller, and Paul Smith, “Resilience and Survivability in Communication
Networks: Strategies, Principles, and Survey of Disciplines,” Computer Networks, Volume 54,
Issue 8, pp. 1245 – 1265, June 2010.
[KLS2000] Stephen Kent, Charles Lynn, and Karen Seo, “Secure Border Gateway Protocol (S-
BGP),” IEEE Journal on Selected Areas in Communications, Volume 18, Issue 4, pp. 582 – 592,
April 2000.
[LGS2013] Robert Lychev, Sharon Goldberg, and Michael Schapira, “BGP Security in Partial
Deployment: Is the Juice Worth the Squeeze?,” in Proceedings of the ACM SIGCOMM
Conference, Hong Kong, August 2013, pp. 171 – 182.
[DKB2005] Djamel Djenouri, Lyes Khelladi, and Nadjib Badache, “A Survey of Security Issues
in Mobile Ad Hoc and Sensor Networks,” IEEE Communications Surveys & Tutorials, Volume
7, Issue 4, pp. 2 – 28, 4th Quarter 2005.
[SMM+2006] Minho Shin, Justin Ma, Arunesh Mishra, and William A. Arbaugh, “Wireless
Network Security and Interworking,” Proceedings of the IEEE, Volume 94, Issue 2, pp. 455 –
466, February 2006.
[KW2003] Chris Karlof and David Wagner, “Secure routing in wireless sensor networks: attacks
and countermeasures,” Ad Hoc Networks, Volume 1, Issues 72-3, pp. 293 – 315, September
2003.
[BOR2003] Danilo Bruschi, Alberto Ornaghi, and Emilia Rosti, “S-ARP: a Secure Address
Resolution Protocol,” in Proceedings of the 19th Annual Computer Security Applications
Conference (ACSAC), Las Vegas, NV, December 2003, pp. 66 – 74.
[GH2003] Mohamed G. Gouda and Chin-Tser Huang, “A secure address resolution protocol,”
Computer Networks, Volume 41, Issue 1, pp. 57 – 71, January 2003.
[CBK2009] Varun Chandola, Arindam Banerjee, and Vipin Kumar, “Anomaly Detection: A
Survey,” ACM Computing Surveys, Volume 41, Issue 3, pp. 15:1 – 15:58, July 2009.
[ZLH2003] Yongguang Zhang, Wenke Lee, and Yi-An Huang, “ Intrusion Detection Techniques
for Mobile Wireless Networks,” Wireless Networks, Volume 9, Issues 5, pp. 545 – 556,
September 2003.
[R1999] Martin Roesch, “Snort – Lightweight Intrusion Detection for Networks,” in
Proceedings of the 13th USENIX Conference on System Administration (LISA), Seattle, WA,
November 1999, pp. 229 – 238.
[SP2009] Ahren Studer and Adrian Perrig, “The Coremelt Attack,” in Proceedings of the 14th
European Symposium on Research in Computer Security (ESORICS), Saint-Malo, France,
September 2009, pp. 37 – 52.
[KLG2013] Min Suk Kang, Soo Bum Lee, and Virgil D. Gligor, “The Crossfire Attack,” in
Proceedings of the IEEE Symposium on Security and Privacy (SP), Berkeley, CA, May 2013, pp.
127 – 141.
[HBR+2008] Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark,
Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, and William H. Maisel,
“Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power
Defenses,” in Proceedings of the IEEE Symposium on Security and Privacy (SP), Oakland, CA,
May 2008, pp. 129 – 142.
[XYA+2008] Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan
Osipkov, “Spamming Botnets: Signatures and Characteristics,” in Proceedings of the ACM
SIGCOMM Conference, Seattle, WA, August 2008, pp. 171 – 182.
[YS2008] Jeff Yan and Ahmad Salah El Ahmad, “A Low-cost Attack on a Microsoft
CAPTCHA,” in Proceedings of the 15th ACM Conference on Computer and Communications
Security (CCS), Alexandria, VA, October 2008, pp. 543 – 554.
[BSB+2009] Leyla Bilge, Thorsten Strufe, Davide Balzarotti, and Engin Kirda, “All Your
Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks,” in
Proceedings of the 18th International Conference on World Wide Web (WWW), Madrid, April
2009, pp. 551 – 560.
[P2004] Niels Provos, “A Virtual Honeypot Framework,” in Proceedings of the 13th USENIX
Security Symposium, San Diego, CA, August 2004, pp. 1 – 14.
[CDF+2014] Marco Carvalho, Jared DeMott, Richard Ford, and David A. Wheeler, “Heartbleed
101,” IEEE Security and Privacy, Volume 12, Issue 4, pp. 63 – 67, July/August 2014.
[W2014] David A. Wheeler, “Preventing Heartbleed,” IEEE Computer, Volume 47, Issue 8, pp.
80 – 83, August 2014.
[GK2014] Daniel E. Geer Jr., and Poul-Henning Kamp, “Inviting More Heartbleed,” IEEE
Security and Privacy, Volume 12, Issue 4, pp. 46 – 50, July/August 2014.
[ZL2012] Dimitrios Zissis and Dimitrios Lekkas, “Addressing cloud computing security issues,”
Future Generation Computer Systems, Volume 28, Issue 3, pp. 583 – 592, March 2012.
[XX2013] Zhifeng Xiao and Yang Xiao, “Security and Privacy in Cloud Computing,” IEEE
Communications Surveys & Tutorials, Volume 15, Issue 2, pp. 843 – 859, 2nd Quarter 2013.
[RTS+2009] Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, “Hey, You,
Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds,” in
Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS),
Chicago, IL, November 2009, pp. 199 – 212.
[CXZ+2011] Ashley Chonka, Yang Xiang, Wanlei Zhou, and Alessio Bonti, “Cloud security
defence to protect cloud computing against HTTP-DoS and XML-DoS attacks,” Journal of
Network and Computer Applications, Volume 34, Issue 4, pp. 1097 – 1107, July 2011.
[LBM+1994] Carl E. Landwehr, Alan R. Bull, John P. McDermott, and William S. Choi, “A
Taxonomy of Computer Program Security Flaws,” ACM Computing Surveys, Volume 26, Issue
3, pp. 211 – 254, September 1994.
[ESK+2012] Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel, “A
Survey on Automated Dynamic Malware-Analysis Techniques and Tools,” ACM Computing
Surveys, Volume 44, Issue 2, pp. 6:1 – 6:42, February 2012.
[M2004] Gary McGraw, “Software Security,” IEEE Security and Privacy, Volume 2, Issue 2,
pp. 80 – 83, March/April 2004.
[VM2004] Denis Verdon and Gary McGraw, “Risk Analysis in Software Design,” IEEE Security
and Privacy, Volume 2, Issue 4, pp. 79 – 84, July/August 2004.
[WM2005] Kenneth R. van Wyk and Gary McGraw, “Bridging the Gap Between Software
Development and Information Security,” IEEE Security and Privacy, Volume 3, Issue 5, pp. 75 –
79, September/October 2005.
[PM2004] Bruce Potter and Gary McGraw, “Software Security Testing,” IEEE Security and
Privacy, Volume 2, Issue 5, pp. 81 – 85, September/October 2004.
[CM2004] Brian Chess and Gary McGraw, “Static Analysis for Security,” IEEE Security and
Privacy, Volume 2, Issue 6, pp. 76 – 79, November/December 2004.
[ASM2005] Brad Arkin, Scott Stender, and Gary McGraw, “Software Penetration Testing,”
IEEE Security and Privacy, Volume 3, Issue 1, pp. 84 – 87, January/February 2004.
[FFC+2011] Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steve Hanna, and David
Wagner, “A Survey of Mobile Malware in the Wild,” in Proceedings of the 1st ACM Workshop
on Security and Privacy in Smartphones and Mobile Devices (SPSM), Chicago, IL, October
2011, pp. 3 – 14.
[RKM+2012] Franziska Roesner, Tadayoshi Kohno, Alexander Moshchuk, Bryan Parno, Helen
J. Wang, and Crispin Cowan, “User-Driven Access Control: Rethinking Permission Granting in
Modern Operating Systems,” in Proceedings of the IEEE Symposium on Security and Privacy
(SP), San Francisco, CA, May 2012, pp. 224 – 238.
[FWC+2010] Benjamin C. M. Fung, Ke Wang, Rui Chen, and Philip S. Yu, “Privacy-preserving
data publishing: A survey of recent developments,” ACM Computing Surveys, Volume 42, Issue
4, pp. 14:1 – 14:53, June 2010.
[L2013] Susan Landau, “Making Sense of Snowden: What's Significant in the NSA Surveillance
Revelations,” IEEE Security and Privacy, Volume 11, Issue 4, pp. 54 – 63, July/August 2013.
[L2014] Susan Landau, “Making Sense of Snowden Part II: What's Significant in the NSA
Surveillance Revelations,” IEEE Security and Privacy, Volume 12, Issue 1, pp. 62 – 64,
January/February 2014.
[T2014] Bob Toxen, “The NSA and Snowden: Securing the All-Seeing Eye,” Communications
of the ACM, Volume 57, Issue 5, pp. 44 – 51, May 2014.
[MM2012] Jonathan R. Mayer and John C. Mitchell, “Third-Party Web Tracking: Policy and
Technology,” in Proceedings of the IEEE Symposium on Security and Privacy (SP), San
Francisco, CA, May 2012, pp. 413 – 427.
[GHH+2011] Hongyu Gao, Jun Hu, Tuo Huang, Jingnan Wang, and Yan Chen, “Security Issues
in Online Social Networks,” IEEE Internet Computing, Volume 15, Issue 4, pp. 56 – 63,
July/August 2011.
[ZSZ+2010] Chi Zhang, Jinyuan Sun, Xiaoyan Zhu, and Yuguang Fang, “Privacy and Security
for Online Social Networks: Challenges and Opportunities,” IEEE Network, Volume 24, Issue 4,
pp. 13 – 18, July/August 2010.
[KW2009] Balachander Krishnamurthy and Craig E. Wills, “On the Leakage of Personally
Identifiable Information Via Online Social Networks,” in Proceedings of the 2nd ACM
Workshop on Online Social Networks (WOSN), Barcelona, August 2009, pp. 7 – 12.
[WCW2012] Rui Wang, Shuo Chen, and XiaoFeng Wang, “Signing Me onto Your Accounts
through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed
Single-Sign-On Web Services,” in Proceedings of the IEEE Symposium on Security and Privacy
(SP), San Francisco, CA, May 2012, pp. 365 – 379.
[ABD+2015] David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry,
Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke
Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul
Zimmermann, “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice,” in
Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS),
Denver, CO, October 2015, pp. 5 – 17.
[DAM+2015] Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Elie Bursztein,
Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, and J. Alex Halderman,
“Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security,” in
Proceedings of the ACM Internet Measurement Conference (IMC), Tokyo, October 2015, pp. 27
– 39.
Links
US CERT ICS CERT NSA FBI Cyber Crime The Internet Crime Complaint Center U.S. Public Policy Council of ACM IEEE Cybersecurity Initiative Security-related RFCs Internet Storm Center Security Tools Schneier on Security ACM SIG-Security @ MST Movies/Documentaries: The Imitation Game, Breaking the Code, Citizenfour, Sneakers,
Takedown, Zero Days, U-571 Miscellaneous Videos: Enigma Machine, Flaw in the Enigma Code, Anonymous, Cracking
Stuxnet: a 21st-Century Cyberweapon, Creating Better Passwords By Making Up Stories, Cyber Wars: The Hacker as Hero, Zero Days: White Hat and Black Hat Hackers Len Adleman 2002 ACM Turing Talk (Pre-RSA Days: History and Lessons), Ron Rivest 2002 ACM Turing Talk (The Early Days of RSA: History and Lessons), Adi Shamir 2002 ACM Turing Talk (Cryptography: State of the science)
Course Policies
These policies are subject to change and students will be notified of any changes.
Correspondence
Don't hesitate contacting me outside of the office hours, but first confirm my availability via e-
mail. Subject line of all e-mails regarding this class must start with: CPE5420 - followed by a
meaningful indicator of the content. Otherwise, e-mails can be misfiltered and not read (faculty
members receive many e-mails daily). If you don't hear from me within 48 hours, please resend
the e-mail. I expect students will check their e-mails regularly for any announcements. We will
primarily utilize the course website and (maybe) Canvas during this class. I will utilize
S&Tconnect for potential performance issues. You can also instant message me via Skype, but
do not call on Skype before confirming my availability. The course Facebook page will be
utilized to share news, interesting facts, discussions etc.
Attendance
On-campus students are expected to attend all classes. Students enrolled in the distance
education section of the course are encouraged to participate in the live class, but are welcome to
watch the archived lectures instead. Note that 5% of the course grade is constituted by student
participation activities such as in-class interactions. Attendance to the exams, which will be
administered during the class time (Exam 1: 30 September 2016 and Exam2: 04 November
2016), and in-class project presentations (05-09 December 2016) are mandatory. Distance
students will be required to take the exam with a webcam and headset or by an approved proctor
during the normal class time. There will not be make-up options for these unless prior
arrangements are made, or in the event of emergencies and sudden illness (which must be
documented by the student). If you are in a state of contagious illness (e.g. Flu, Ebola), don't
come to the class but notify me ahead of time. Flu shots are recommended for everyone.
Distance students will be required to present their presentations with a webcam and headset
during normal class time (preferred) or a previously recorded presentation if unable to present
live.
Classroom Courtesy
We will physically meet in the Toomey 260 and the lectures will be webcast as well as archived.
Students are expected to be prompt to the class. Due to interference with the recording system, I
will ask everyone to turn off their cellphones (not even silence or vibrate!). Please avoid typing
or eating snacks near the microphones as it creates annoying noise to others.
Assignments
Assignments are due on the due date at 11:59 pm. Unless prior arrangements are made, late
assignments are not accepted. Assignments must be sent either in pdf as an attachment or
plaintext e-mail format.
Readings
Students are expected to read all required readings before the corresponding lecture. While most
paper readings are hyperlinked to a version that is available on the author's webpage, some are
not; however, all papers are available via the library. Alternatively, once you VPN into the
campus network, papers are accessible from the course webpage.
Presentations
Students are expected to give 1-2 presentation(s) in the corresponding class throughout the
semester based on a scholarly paper. Each presentation is expected to last ~20 min. Student
initials are marked (e.g. JM1
Joe Miner1) in the schedule. They will be assigned on a first-come,
first-served basis (check the readings in the third part of the course and e-mail me which paper
you would like to present). Presentations must be sent 48 hours in advance so I can provide
feedback to you. You can use the presentation guidelines found in this template. Presentations
will be evaluated based on the following scoring rubric (thanks to Vicki Hopgood for the rubric).
Computer Labs
The Linux desktops are located in EECH 107 & CS 213 and you can SSH into these machines
using VPN (Note that there is a new VPN client). The Windows PCs are located in EECH 105 &
106. I expect that students will use the computing resources according to the MST IT Policy. If
you need resources for any intrusive testing or programming, contact me first. If you have
computer-related problems, contact IT Help Desk.
Collaborative Software Support
For WebEx problems, contact Video Communications Center (VCC). For Canvas problems,
contact Educational Technology (EdTech).
Title IX
Missouri University of Science and Technology is committed to the safety and well-being of all
members of its community. US Federal Law Title IX states that no member of the university
community shall, on the basis of sex, be excluded from participation in, or be denied benefits of,
or be subjected to discrimination under any education program or activity. Furthermore, in
accordance with Title IX guidelines from the US Office of Civil Rights, Missouri S&T requires
that all faculty and staff members report, to the Missouri S&T Title IX Coordinator, any notice
of sexual harassment, abuse, and/or violence (including personal relational abuse,
relational/domestic violence, and stalking) disclosed through communication including but not
limited to direct conversation, email, social media, classroom papers and homework exercises.
Missouri S&T's Title IX Coordinator is Vice Chancellor Shenethia Manuel. Contact her directly
([email protected]; (573) 341-4920; 113 Centennial Hall) to report Title IX violations. To learn
more about Title IX resources and reporting options (confidential and non-confidential) available
to Missouri S&T students, staff, and faculty, please visit http://titleix.mst.edu.
Disability Support
If you have a documented disability and anticipate needing accommodations in this course, you
are strongly encouraged to meet with me early in the semester. You will need to request that the
Disability Support Services staff send a letter to me verifying your disability and specifying the
accommodation you will need before I can arrange your accommodation.
Academic Integrity
Academic integrity is an essential part of your success at MST (and thereafter). Academic
dishonesty such as cheating, plagiarism, or sabotage is prohibited, and MST policy will be
followed upon any instance of these. Following are the guidelines:
Homework
You can discuss homework with each other, but can not write up together. You can use the Web/books/papers/library for finding a solution methodology, but do not
search for a solution manual nor use an existing solution manual for your assignment. Any student who copies or permits another student to copy will receive a 0 for the assignment,
and the MST policy will be initiated.
Software
You can discuss code/pseudocode with each other, but can not write the software together unless it is a group project.
You can use software libraries available, but properly cite the source in your code as a comment. Any student who copies or permits another student to copy will receive a 0 for the assignment,
and the MST policy will be initiated.
Exams
You are expected to answer exam questions by yourself. No additional resources (e.g., programmable calculators, phones, cheat sheets, etc.) are allowed and cheating in the exams is forbidden.
Any student who copies or permits another student to copy will receive a 0 for the exam, and the MST policy will be initiated.
Project Report
You must not copy/paste your report from other resources. Proper citation is required for the work of others. I will utilize Turnitin plagiarism detection software. Any student who plagiarizes will receive a 0 for the project, and the MST policy will be initiated. Below are some links that can be useful for the writing part of any submission:
1. MST Writing Center 2. Reference Sources and Literature Citation by James P.G. Sterbenz 3. Academic Integrity and Plagiarism by James P.G. Sterbenz
4. Writing Technical Articles by Henning Schulzrinne
Penalties vary from a warning up to expulsion from the university. Before your actions, I suggest
you think twice, and save us headache. When in doubt, don't hesitate to ask me!
Grading
This course is intended for graduate and upper-level undergraduate students. The grade for
graduate students cannot be lower than C. If you have not taken the prerequisites for this class,
talk to me as soon as possible.
Grading Scale
Percentile Letter Significance
90-100 A Excellent
80-89 B Superior
70-79 C Medium
60-69 D Inferior
50-59 F Failure
The weights of each component for the overall grade is as below:
Grading Weights
Weight Component
20% Exam 1
20% Exam 2
10% Paper presentation
20% Homework and quizzes
25% Project
5% Participation
Important Notes:
Exam 1 will cover topics from the beginning of the class to Exam 1, which will be administered on 30 September 2016.
Exam 2 will cover topics from the beginning of the class to Exam 2; however, emphasis will be on topics covered after Exam 1. Exam 2 will be administered on 04 November 2016.
Online students must have a webcam and a headset (microphone and speaker) [for proctoring]. Ability to print and scan (either scanner or high resolution camera) PDF documents is required for the exams. Skype, Google Hangout or other software that enables seeing each other might be required.
Each student is expected to present 1-2 papers throughout the semester. The in-class student presentations will contribute 10% of the overall grade. Presentations will be evaluated based on the following scoring rubric (thanks to Vicki Hopgood for the rubric).
There will be regular homework assignments (including programming assignments) and quizzes to provide you and me with feedback of your understanding of the course topics.
Participation grades will be based on questions asked, interactions, leading discussions, finding the bugs in lecture notes and course website, recommendations for reading, etc. Distance students are encouraged to participate during live class sessions but will not be penalized if unable to. Participation for asynchronous distance students will rely on e-mail messages.
Employer reimbursement and immigration status cannot be a consideration in the final grade. Publishable projects are subject to extra credit.
Feedback
Do not hesitate to contact me if you have opinions to improve the course. You don't have to wait
until end of semester.
Project Prospects
Students are expected to explore a topic of their choice that is relevant to the class in detail
through the project. Project teams will be formed of at most three students (generally two) per
team. Distance students will be assisted in forming teams and are encouraged to collaborate via
Skype/Google Hangouts and work together using services such as Dropbox. The project grade
contributes a major portion of the final grade. The overall project grade (extra credit will be
given for publishable projects with my guidance) will depend on:
Project Grading
Percentile Component
40% Novelty of ideas and results
40% Project report
20% Project presentation
Project reports must be sent only in pdf format. Final reports should be in total length of 10-15
pages. You can use this MS-Word template or LaTeX template for project reports. Students must
submit the deliverables according to the following dates:
Due Dates for Project Deliverables
Due Date Deliverable
23 September 2016 Project title and group members
21 October 2016 Project report draft - title, abstract, outline
18 November 2016 Project report draft - solid draft with references
05-09 December 2016 Project presentations during class
15 December 2016 Project reports due
Project teams and topics are as below:
Project Teams and Topics
Team {initials} Topics
{JM1, JM2} Sample Topic 1
Last updated 22 August 2016 – Valid XHTML 1.1
©2014-2016 Egemen K. Çetinkaya< [email protected]>
