Upload
eustace-arnold
View
223
Download
6
Embed Size (px)
Citation preview
Introduction to Information Security
J. H. WangSep. 15, 2014
Instructor
• Instructor– Jenq-Haur Wang (王正豪 )– Associate Professor, CSIE, NTUT– Office: R1534, Technology Building– E-mail: [email protected]– Homepage: http://www.ntut.edu.tw/~jhwang/ – Tel: ext. 4238
Course Overview
• Course: Information Security• Time: 9:10-12:00am on Mondays• Classroom: R627, 6th Teaching Building• Prerequisite: Discrete Mathematics,
Computer Networks• Course webpage:
http://www.ntut.edu.tw/~jhwang/IS/– The latest announcement and schedule
updates
• TA: (TBD)
Target Students
• For those who– Major in Computer Science or
Information Technology, and– Are familiar with basic computer
networks and discrete mathematics, and– Are preparing to investigate more
details in selected topics and recent developments in system, networks, and information security
Resources
• Textbook: Network Security Essentials: Applications and Standards, 5th ed., by William Stallings, Pearson Education, Inc., 2013. (imported by Kai-Fa Publishing)– http://williamstallings.com/NetworkSecurity/ – (International Edition is available now, but earlier
versions are also acceptable)– Online chapters and appendices available
• References: – Cryptography and Network Security: Principles and
Practice, Sixth Edition, by William Stallings, Prentice-Hall, 2013 (from which our textbook is adapted)
– Slides, documents, and tools
Teaching
• Lectures• Homework assignments
– Homework should be turned in within two weeks
• Mid-term exam and quiz• Term project: programming exercises
or topical surveys– How do intruders attack our systems– What kinds of security tools are available– How do we protect against attacks
Grading Policy
• (Tentative) grading policy– Homework assignments: ~30%– Midterm exam and quiz: ~35%– Term projects: ~35%
• Programming exercises or topical surveys
Course Description
• Introduction to basic concepts in information security and their applications – Cryptography
• Encryption, hash function, digital signature
– Network security applications• HTTPS, wireless security, e-mail security, IP
security
– System security• Intrusion, virus, firewall
What is Information Security?
• Example scenarios– Receiving unsolicited messages, e-mail spam,
phishing, advertisements, …– Computer system hijacked: popups, hanged, …– Communication gets wiretapped or
eavesdropped…– Fake online transaction – Your friend denied receipt of your message– Disputes on the rights of an image– Playing online audio without permission– Natural disaster: fire, physical attacks (911), …– …
More Security-Related Terms
• System security– User authentication, access control– Database security– OS security, infrastructure– Software security: browser, malicious software,
virus• Network security
– Networking protocol, applications– E-commerce, …
• Information security– Spam, phishing, …– Multimedia security: watermarking, information
hiding, digital rights management (DRM), …
Outline & Schedule• Outline
– Introduction (Ch. 1)– Cryptography (Ch. 2-3)
• Symmetric encryption and message confidentiality• Public-key cryptography and message authentication
– Network security applications (Ch. 4-9) [Ch.4-8 in 4th ed.]• Key distribution and user authentication• Network access control and cloud security [new in 5th ed.]• Transport-level security• Wireless network security• Electronic mail security• IP security
– System security (Ch. 10-12) [Ch.9-11 in 4th ed.]• Intruders• Malicious software• Firewalls
Outline & Schedule (Cont’)– Online chapters (Ch.13-15) [Ch.12-13 in 4th ed.]
• Network management security• Legal and ethical aspects• SHA-3 [new in 5th ed.]
– Appendices• Some aspects of number theory• Projects for teaching network security
– Online appendices• Standards and organizations• TCP/IP and OSI• Pseudorandom number generation• Kerberos encryption techniques• Data compression using ZIP• PGP random number generation• The base-rate fallacy [new in 5th ed.]• Radix-64 conversion [new in 5th ed.]
Outline & Schedule (Cont’)• (Tentative) Schedule
– Introduction: 1-2 wks– Cryptography: 3-4 wks – Network security applications: 7-8 wks
• TCP/IP• Web, SSH, E-mail, IP security
– System security: 1-2 wks• Password, virus, intrusion detection, firewall
• Due to the time limits, we will try to cover most of the major topics above without going into too much detail– E.g.: mathematical parts such as number theory (Appendix A)– A broad overview, and then focus on selected topics in depth
Additional Resources
• Review on computer networking and TCP/IP protocols
• More slides on network and information security
• Useful tools for network and system security
• Web resources and recommended reading (at the end of each chapter)
More on Term Project
• Programming exercises using security libraries– Implementation of security algorithms (AES, RSA, …)– Implementation of a client-server application (e.g.
secured communication tool, file exchange, transactions, …)
– …• Topical surveys in information security-related
topics, e.g.:– Demonstration on how to use a security tool to
defend against some attacks– Comparison of security standards or algorithms– Potential security weakness in systems, and possible
solutions or countermeasures– The latest developments in information security
More on Term Project
• Proposal: required after midterm (Due: Nov. 24, 2014)– One-page description of what you want to
do for the term project, and team members
• Presentation: required for each team– In the last three (to four) weeks of this
semester: (Dec.22, ) Dec. 29, Jan. 5, Jan. 12
• Final report:– Presentation files, source codes and
executable files
Thanks for Your Attention!