Introduction to Information Security

J. H. WangSep. 15, 2014

Instructor

• Instructor– Jenq-Haur Wang (王正豪 )– Associate Professor, CSIE, NTUT– Office: R1534, Technology Building– E-mail: jhwang@csie.ntut.edu.tw– Homepage: http://www.ntut.edu.tw/~jhwang/ – Tel: ext. 4238

Course Overview

• Course: Information Security• Time: 9:10-12:00am on Mondays• Classroom: R627, 6th Teaching Building• Prerequisite: Discrete Mathematics,

Computer Networks• Course webpage:

http://www.ntut.edu.tw/~jhwang/IS/– The latest announcement and schedule

updates

• TA: (TBD)

Target Students

• For those who– Major in Computer Science or

Information Technology, and– Are familiar with basic computer

networks and discrete mathematics, and– Are preparing to investigate more

details in selected topics and recent developments in system, networks, and information security

Resources

• Textbook: Network Security Essentials: Applications and Standards, 5th ed., by William Stallings, Pearson Education, Inc., 2013. (imported by Kai-Fa Publishing)– http://williamstallings.com/NetworkSecurity/ – (International Edition is available now, but earlier

versions are also acceptable)– Online chapters and appendices available

• References: – Cryptography and Network Security: Principles and

Practice, Sixth Edition, by William Stallings, Prentice-Hall, 2013 (from which our textbook is adapted)

– Slides, documents, and tools

Teaching

• Lectures• Homework assignments

– Homework should be turned in within two weeks

• Mid-term exam and quiz• Term project: programming exercises

or topical surveys– How do intruders attack our systems– What kinds of security tools are available– How do we protect against attacks

Grading Policy

• (Tentative) grading policy– Homework assignments: ~30%– Midterm exam and quiz: ~35%– Term projects: ~35%

• Programming exercises or topical surveys

Course Description

• Introduction to basic concepts in information security and their applications – Cryptography

• Encryption, hash function, digital signature

– Network security applications• HTTPS, wireless security, e-mail security, IP

security

– System security• Intrusion, virus, firewall

What is Information Security?

• Example scenarios– Receiving unsolicited messages, e-mail spam,

phishing, advertisements, …– Computer system hijacked: popups, hanged, …– Communication gets wiretapped or

eavesdropped…– Fake online transaction – Your friend denied receipt of your message– Disputes on the rights of an image– Playing online audio without permission– Natural disaster: fire, physical attacks (911), …– …

More Security-Related Terms

• System security– User authentication, access control– Database security– OS security, infrastructure– Software security: browser, malicious software,

virus• Network security

– Networking protocol, applications– E-commerce, …

• Information security– Spam, phishing, …– Multimedia security: watermarking, information

hiding, digital rights management (DRM), …

Outline & Schedule• Outline

– Introduction (Ch. 1)– Cryptography (Ch. 2-3)

• Symmetric encryption and message confidentiality• Public-key cryptography and message authentication

– Network security applications (Ch. 4-9) [Ch.4-8 in 4th ed.]• Key distribution and user authentication• Network access control and cloud security [new in 5th ed.]• Transport-level security• Wireless network security• Electronic mail security• IP security

– System security (Ch. 10-12) [Ch.9-11 in 4th ed.]• Intruders• Malicious software• Firewalls

Outline & Schedule (Cont’)– Online chapters (Ch.13-15) [Ch.12-13 in 4th ed.]

• Network management security• Legal and ethical aspects• SHA-3 [new in 5th ed.]

– Appendices• Some aspects of number theory• Projects for teaching network security

– Online appendices• Standards and organizations• TCP/IP and OSI• Pseudorandom number generation• Kerberos encryption techniques• Data compression using ZIP• PGP random number generation• The base-rate fallacy [new in 5th ed.]• Radix-64 conversion [new in 5th ed.]

Outline & Schedule (Cont’)• (Tentative) Schedule

– Introduction: 1-2 wks– Cryptography: 3-4 wks – Network security applications: 7-8 wks

• TCP/IP• Web, SSH, E-mail, IP security

– System security: 1-2 wks• Password, virus, intrusion detection, firewall

• Due to the time limits, we will try to cover most of the major topics above without going into too much detail– E.g.: mathematical parts such as number theory (Appendix A)– A broad overview, and then focus on selected topics in depth

Additional Resources

• Review on computer networking and TCP/IP protocols

• More slides on network and information security

• Useful tools for network and system security

• Web resources and recommended reading (at the end of each chapter)

More on Term Project

• Programming exercises using security libraries– Implementation of security algorithms (AES, RSA, …)– Implementation of a client-server application (e.g.

secured communication tool, file exchange, transactions, …)

– …• Topical surveys in information security-related

topics, e.g.:– Demonstration on how to use a security tool to

defend against some attacks– Comparison of security standards or algorithms– Potential security weakness in systems, and possible

solutions or countermeasures– The latest developments in information security

More on Term Project

• Proposal: required after midterm (Due: Nov. 24, 2014)– One-page description of what you want to

do for the term project, and team members

• Presentation: required for each team– In the last three (to four) weeks of this

semester: (Dec.22, ) Dec. 29, Jan. 5, Jan. 12

• Final report:– Presentation files, source codes and

executable files

Thanks for Your Attention!