• Fall 2008 Announcements
• Fall 2008 Course Outline

• Fall 2007's online material
  • Fall 2007 Announcements
  • Executive Summary of Fall 2007 Course
  • Sample Project Topics for Fall 2007
  • Fall 2007 Course Outline
• Winter 2007's online material
  • Winter 2007 Announcements
  • Winter 2007 Course Outline

Sources for Cryptography and Computer Security related information on the Web

• General Resources
  • UWO web page regarding copyrights on campus
  • Wikipedia
  • Scholar Google
  • Citeseer
  • ACM Digital Library home page
  • UWO Card Catalog
    • New Books at Taylor Library
    • books cataloged as `computer security' (sorted newest first)
    • books cataloged as `cryptography' (sorted newest first)
    • books cataloged as `risk management' (sorted newest first)
    • books cataloged as `privacy' (sorted newest first)
  • Cornell Library ePrint Archives
    • list of recent cryptography and security papers submitted there
    • past year in cryptography and security paper submitted there
    • cryptanalysis search
    • cryptography search
    • computer security search
    • security search limited to comp sci papers
  • Proquest Digital Disserations and Theses
  • wikileaks database of 6,780+ Congressional reports
• What To Do With The Information Once You Have Found It
  • How To Read A Book by Mortimer Adler and Charles Van Doren. is a great overview of how to critically read serious writing -- see reviews at amazon.com on How To Read A Book.] [ Wikipedia entry on this book]. Some related articles by Adler include:
    • Hard Reading Made Easy By Mortimer J. Adler.
    • How To Read A Difficult Book by Mortimer J. Adler.
    • How to Mark a Book By Mortimer J. Adler.
    • How to Keep Awake While Reading by Mortimer J. Adler.
    • Reading as Learning by Discovery by Mortimer J. Adler.
    • A Meeting of Minds by Mortimer J. Adler.
    • A Lesson in Criticism: Four questions to ask yourself when you are making up your mind about a book By Mortimer J. Adler.
    • Idling: Why It Is So Important Not To Be Busy All The Time by Mortimer J. Adler.
  • Engines for Education (by Roger Schank)
  • What is 6-trait Writing? (list of issues in writing quality relating to: ideas, organization, voice, word choice, sentence fluency, and conventions) -- see also material at: InterActive Six Trait Writing Process and discussion in pdf file Rubrics
  • The Elements of Style by William Strunk Jr. (see also wikipedia entry)
  • Good Writingby Marc H. Raibert
  • Talk on Giving Talks
  • Paper on Giving Talks
  • Why study time does not predict grade point average across college students: Implications of deliberate practice for academic performance
  • The Role of Deliberate Practice in the Acquisition of Expert Performance
  • Wikipedia entries on Project Management
    • Gantt Chart ( Gantt Project)
    • Project planning
    • Project management software
    • Reflective Practice
    • Donald Schon
    • Task Juggler
  • A CS Research Topic Generator or How To pick A Worthy Topic In 10 Seconds
  • Computer Science Writing tips
  • How Theses Get Written: Some Cool Tips (although we are not writing whole theses, some of the points made are relevant to smaller writing tasks)
• General Computer Science Web Sites That Occasionally Cover Cryptography and Computer Security Issues
  • SlashDot ( security related SlashDot articles)
  • Technology/Security view on Digg
  • ACM TechNews
  • ACM Queue
  • Communications of the ACM
  • ACM Computing Surveys
  • Computer (IEEE)
  • IBM Technical Journals
  • Sun Microsystems Labs
  • Sun Innovation Blog
  • Sun Contrarian Minds essays
  • Microsoft Developer's Magazine (particularly annual security issue, e.g., Nov 2007)
  • EE Times
  • eWeek.com
  • Linux Journal
  • IEEE Annals in the History of Computing
  • IEEE Spectrum
  • ITConversations a GigaVox media channel
  • Wired News and Wired Magazine
• Miscellaneous Cryptography and Computer Security Links
  • comp.risks (see also The Risks Digest)
  • Ron Rivest's collection of links on Cryptography and Security
  • Schneier's security blog
  • UW Computer Security Course Blog
    • How to think like a security professional block entry
  • Ross Anderson's security blog (replacement for earlier Anderson blog)
  • The Breach Blog chronicles the latest data breach news from across the country. (US)
  • Data Loss Database Open Security Foundation database of data breaches worldwide
  • Michael Geist blog on Canadian Technology Law (including PIPEDA)
  • Michael Howard's security blog (works in Microsoft's Security group)
  • Brian Kreps Security Fix blog (Washington Post sponsored)
  • Darren Moffit Security Blog (Sun)
  • Glenn Faden -- Trusted Blogger (Sun)
  • Glenn Brunett Security Blog (Sun)
  • Blog by Andrew ``bunnie'' Huang, author of `Hacking the XBox'
  • TechNewsWorld (security section)
  • Dark Reading (computer security news service)
  • Computer Security News
  • IT Security.com
  • Solaris 10 Security site
  • Security Stats.com
  • Electronic Frontier Canada
  • interesting links (by Spillman, author of Classical and Contemporary Cryptology)
  • ITS UWO Security Web Site
    • UWO Policy 1.13 - Code of Behaviour for Use of Computing Resources and Corporate Data
    • UWO Policy 1.20 - Computing Resources Security
  • UWO CS department web page on student privacy issues
• Cryptography and Security Publication Collections
  • crypto authors' sites (home pages and publication lists for many researchers in cryptography/computer security).
  • Alan Turing papers relating to cryptography (recently declassified documents relating to Turing's work breaking the Enigma cipher as well as the work of his colleagues on the German Tunny cipher which lead to Colossus -- the first useful computer).
  • NIST Security Publications collections
  • Steven Bellovin's publications on computer security
  • Ronald L. Rivest: publications and talks
  • Matt Bishop's publications
  • David Wagner's papers
  • Ian Goldberg's papers
  • Bruce Schneier's papers
  • Paranoid Penguin Columns from Linux Journal by Mick Bauer.
  • Cryptology ePrint Archive (maintained by International Association for Cryptologic Research)
  • Economics of Security resources page
  • Links on Law, Cryptography and Electronic Communications
  • Special Issue on Emerging Technologies for Homeland Security Communications of the ACM; Volume 47, Issue 3 (March 2004)
• Cryptography and Security Journals, Workshops, and Conferences
  • Cipher Electronic Newsletter of the Technical Commitee on Security & Privacy; A Technical Committee of the Computer Society of the IEEE
  • Online Articles from the journal Cryptologia
  • USENIX Security Symposium
  • IEEE Security & Privacy
  • IEEE Transactions on Information Forensics and Security
  • IEEE Transactions on Dependable and Secure Computing
  • IEE Proceedings on Information Security
  • IEEE Computer Security Foundations Workshop
  • IEEE Computer Security Applications Conference
  • ACM Transactions on Information and System Security
  • Journal of cryptology : the journal of the International Association for Cryptologic Research (Springer Verlag/ Scholar's Portal)
  • International Journal of Digital Evidence (IJDE)
  • Digital Forensic Research WOrkshop Archives
  • Designs, codes, and cryptography (Kluwer/ Scholar's Portal)
  • Computers and Security (North Holland/ Scholar's Portal)
  • Forensic accounting review and Computer security digest (ProQuest)
  • Computer audit update (Elsevier/ Scholar's Portal)
  • Computer Fraud & Security (Elsevier/ Scholar's Portal)
  • International journal of information security (Springer Verlag/ Scholar's Portal)
  • Journal in computer virology (Springer Verlag/ Scholar's Portal)
  • Information management & computer security
  • CCS: ACM Conference on Computer and Communications Security
  • CFP: ACM Computers, Freedom and Privacy
  • DIM: ACM Workshop On Digital Identity Management
  • DRM: ACM Workshop On Digital Rights Management
  • FMSE: ACM Workshop on Formal Methods in Security Engineering
  • InfoSecCD: ACM Information security curriculum development
  • NSPW: ACM New Security Paradigms Workshop
  • SASN: ACM Workshop on Security of ad hoc and Sensor Networks
  • SACMAT: ACM Symposium on Access Control Models and Technologies
  • RBAC: ACM Workshop on Role Based Access Control
  • ACM SIGSAC Review (Security Access Control)
  • SSS: ACM Workshop On Storage Security And Survivability
  • SWS: ACM Workshop On Secure Web Services
  • WORM: ACM Workshop on Rapid Malcode
  • WPES: ACM Workshop On Privacy In The Electronic Society
  • WS: ACM Wireless Security
  • XMLSEC: ACM Workshop On XML Security
  • Applied Cryptography and Network Security (individual proceedings online as part of Springer Verlag Lecture Notes in Computer Science Series)
  • Computer Security ESORICS (individual proceedings online as part of Springer Verlag Lecture Notes in Computer Science Series)
  • Cryptography and Coding (individual proceedings online as part of Springer Verlag Lecture Notes in Computer Science Series)
  • Financial Cryptography (individual proceedings online as part of Springer Verlag Lecture Notes in Computer Science Series)
  • Public Key Cryptography International Workshop (individual proceedings online as part of Springer Verlag Lecture Notes in Computer Science Series)
  • Selected Areas in Cryptography Workshop (individual proceedings online as part of Springer Verlag Lecture Notes in Computer Science Series)
  • Advances in Cryptology (individual proceedings online as part of Springer Verlag Lecture Notes in Computer Science Series)
  • Information Security and Cryptology (individual proceedings online as part of Springer Verlag Lecture Notes in Computer Science Series)
  • Topics in Cryptology (individual proceedings online as part of Springer Verlag Lecture Notes in Computer Science Series)
  • Cryptographic Hardware and Embedded Systems (individual proceedings online as part of Springer Verlag Lecture Notes in Computer Science Series)
• Cryptography and Computer Security News Groups
  • comp.security.announce
  • sci.crypt
  • sci.crypt.research
  • sci.crypt.random-numbers
  • comp.security
  • alt.privacy
  • sci.engr.safety
  • comp.society.privacy
  • comp.security.firewalls
  • alt.security.pgp
  • sci.security.pgp.announce
  • comp.security.pgp.tech
  • comp.security.pgp.resources
  • comp.security.pgp.discuss
  • comp.security.ssh
  • mailing.unix.openssh-dev
  • talk.politics.crypto
  • comp.os.linux.security
  • comp.security.misc
• Online Cryptography and Computer Security Software Packages
  • CAP software web page (by Spillman, author of Classical and Contemporary Cryptology)
  • ccrypt home page
  • International PGP Home page
  • Gnu Privacy Guard home page (implementation of OpenPGP)
  • OpenSSH home page
  • OpenSSL home page
• Online Cryptography and Security Books
  • Managing Information Security Risks: The OCTAVESM Approach(Safari Books Online -- UWO access)
  • Information Security: An Integrated Collection of Essays by Marshall D. Abrams, Sushil Jajodia, and Harold J. Podell (IEEE Press) (1995)
  • Building Secure Systems by Morrie Gasser (1988)
  • The Foundations of Cryptography by Oded Goldreich (FreeTechBooks)
  • Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy by Dr. Stefan Brands (FreeTechBooks)
  • Methods of Cryptanalysis: Lecture Notes by Dr. Alex Biryukov (FreeTechBooks)
  • Introduction to Modern Cryptography by Mihir Bellare and Phillip Rogaway (FreeTechBooks)
  • Security Engineering - A Guide to Building Dependable Distributed Systems by Ross Anderson (FreeTechBooks)
  • Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. Van Oorschot, Scott A. Vanstone (FreeTechBooks)
  • Securing Java: Getting Down to Business with Mobile Code by Gary McGraw and Edward W. Felten (FreeTechBooks)
  • Linux Security for Beginners by Neil A. Smyth (FreeTechBooks)
  • Secure Programming for Linux and Unix by David A. Wheeler (FreeTechBooks)
  • Artech House Computer Security Series
  • web page contains link to zipped pdf files for US Army Field Manual 34-40-2, Basic Cryptanalysis chpts 2 and 3 contains discussion of cracking substition ciphers, Appendices A, B, and C give frequency stats for english digraphs, trigraphs, and tetragraphs.
• Online Cryptography and Security Course Information
  • 6.875 Cryptography and Cryptanalysis, Spring 2005 (MIT OpenCourseWare)
  • 6.876J / 18.426J Advanced Topics in Cryptography, Spring 2003 (MIT OpenCourseWare)
  • 6.897 Selected Topics in Cryptography, Spring 2004 (MIT OpenCourseWare)
  • 6.857 Network and Computer Security, Fall 2003 (MIT OpenCourseWare)
  • An experience teaching a graduate course in cryptography (Aviel D. Rubin)
• Cryptography and Security Research Groups
  • Cryptography and Information Security Group at MIT (links to theses and publications)
  • Microsoft's Cryptography Group
  • IBM's Cryptography Research Group
  • Light Blue Touch Paper (security research group at Cambridge University)
  • Security and Cryptography at UCSD
  • UCL Crypto Group (Microelectronics Laboratory)
  • NYU Cryptography Group
  • UC Davis Cryptography Group
  • UC Davis Computer Security Laboratory
    • Computer Security Archives Project
  • Security Lab at Stanford University
  • Applied Cryptography Group at Stanford
  • Cryptography, Security, and Privacy group at University of Waterloo
  • The cryptology and coding group at DTU (Technical University of Denmark)
  • University of Virginia Computer Security Reading Group
  • CERT (CMU center for internet security expertise)
  • CERIAS Purdue Center for Education and Research in Information Assurance and Security
  • EDUCAUSE/Cornell Institute for Computer Policy and Law
  • Biometrics Research at Michigan State University
  • Johns Hopkins University Information Security Institute
  • Secure Internet Programming (Princeton)
• Wikipedia entries of note
  • General Computer Security
    • Anomaly-based intrusion detection system (references Symantice's Manhunt product and Lancope's StealthWatch)
    • Attack Tree
    • Backdoor
    • Black Hat
    • buffer overflow exploit
    • Cisco Security Agent
    • Code Review
    • computer forensics
    • computer insecurity
    • computer security
    • Covert channel
    • Cryptovirology
    • Defensive Programming
    • DNS Backbone Denial of Service Attacks
    • DEF CON (Hacker Convention)
    • DNS cache poisoning
    • DNS Security Extensions
    • Information Technology Audit
    • intrusion detection
    • intrusion detection systems
    • Intrusion Prevention System
    • Morris Worm
    • PIPEDA (Personal Information Protection and Electronic Documents Act
    • pretty good privacy (PGP)
    • privacy
    • Probabilistic Risk Assessment
    • Risk
    • Risk Analysis
    • Risk Management
    • secure communication
    • Safety Engineering (Fault Tree Analysis)
    • secure by design
    • Security Engineering
    • SELinux
    • Shatter Attack
    • SNORT (free software network intrusion detection and prevention system)
    • Software Security Assurance
    • SQL injection
    • SQL Slammer Worm
    • SSH
    • SSL (transport layer security)
    • Timeline of notable computer viruses and worms
    • Tripwire software
    • Trusted Computing
    • Trusted Computing Group
    • Van Eck phreaking
    • Virtual Private Network
    • XBox Linux
    • Zero Day Attack
  • Cryptography Specific:
    • AES
    • bigram (digrams)
    • block cipher
    • Books On Cryptography
    • Cellular automata ( Conway's Game of Life)
    • Cryptanalysis
    • Cryptanalysis of Enigma
    • Crypto-anarchism
    • cryptography
    • DES
    • Differential cryptanalysis
    • Elliptic Curve Cryptography
    • Enigma Machine
    • Enigma Rotor Details
    • frequency analysis
    • index of coincidence
    • Integral cryptanalysis
    • Linear cryptanalysis
    • linear feedback shift register
    • List of Cryptographers
    • Man in the middle attack
    • n-grams
    • Piling Up Lemma (linear cryptanalysis)
    • Playfair Cipher
    • Public Key Cryptography
    • Quantum Cryptography
    • Random number generation
    • Random number generator
    • RC 4
    • RSA
    • Side channel attack
    • stream cipher
    • Timing Attacks
    • Topics in Cryptography
    • Traffic Analysis
    • transposition cipher
    • trigrams
    • Triple DES
    • Vigenere Cipher
• Other resources:
  • Towards understanding IT security professionals and their tools
  • Risks of Untrustworthiness by Peter G. Neumann
  • Illustrative Risks to the Public in the Use of Computer Systems and Related Technology by Peter G. Neumann,
  • Computer security in the real world by Butler Lampson
  • Kevin's Word List Page has links to a bunch of places where people have put together all words in the English (and other) language. Some of them with frequency of usage information.
  • Useful English Language Statistics
  • Statistical Distributions of English Text
  • Here is some statistical information that is helpful when trying to solve cryptograms
  • CryptTool (so far, only available under Windows)
  • EverCrack (Windows and Linux)
  • Prediction and entropy in printed English by Claude Shannon (circa 1951 paper on a Machine Learning course web site)
  • Modern optimisation algorithms for cryptanalysis by Andrew Clark (IEEE, 1994)
  • Genetic Algorithms in Cryptography by Bethany Delman M.S. Thesis, July 2004, Rochester Institute of Technology
  • SANS Top-20 Internet Security Attack Targets (2006 Annual Update)
  • Information systems security design methods: implications for information systems development by Richard Baskerville (ACM Computing Surveys, 1994)
  • Matching attack patterns to security vulnerabilities in software-intensive system designs by Michael Gegick and Laurie Williams (ACM 2005)
  • Sun's Whitfield Diffie on ECC and Solaris 10 OS security (Sun Inner Circle Newsletter -- ECC = elliptic curve cryptography)
  • NIST's Plan for New Cryptographic Hash Functions contains links relating to workshop reports, policy changes to abandon SHA-1, and starting a competition for designing a replacement for the SHA-2 family of hash functions.
  • circa 2001 information relating to the NIST backed AES design competition
  • Secure Deletion of Data from Magnetic and Solid-State Memory (by Peter Gutmann, 1996 USENIX Security Symposium)
  • Article on Fall 2003 U of Calgary Course on Computer Viruses and Malware ( CPSC 527 Course Outline)
  • The Case for Elliptic Curve Cryptography (NSA)
  • Implementation Tutorial On ECC
  • Keeping Secrets in Hardware: The Microsoft XboxCase Study by Andrew Huang (CHES 2002).
  • Java Security White Papers
  • Introduction to SELinux (by Mick Bauer, Linux Journal)
  • Discussion of malware as a service industry arising from discovering a program that was intercepting SSL traffic before it got encrypted
  • What to Do When Your Security's Breached by Tim Wilson, (Site Editor, Dark Reading) and related Slashdot discussion of this article
  • `Trusted Computing' Frequently Asked Questions Version 1.1 (August 2003) Ross Anderson
  • Intel Whitepaper on Trusted Platform Module (TPM) based Security on Notebook PCs - White Paper (June 2002)
  • Trusted Computing Group's home page
  • A Self-Study Course In Block-Cipher Cryptanalysis by Bruce Schneier
  • Cryptanalysis of S-DES (59 page tutorial on differential cryptanalysis and linear cryptanalysis on a reduced version of DES)
  • paper on brute force cracking of DES circa 1998
  • Attack Modeling for Information Security and Survivability Andrew P. Moore, Robert J. Ellison, Richard C. Linger
  • From System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirements Engineering Axel van Lamsweerde, Simon Brohez, Renaud De Landtsheer, David Janssens
  • Designing Security Requirements Models through Planning Volha Bryl, Fabio Massacci, John Mylopoulos, and Nicola Zannone
  • Requirements Engineering for Trust Management: Model, Methodology, and Reasoning Paolo Giorgini, Fabio Massacci, John Mylopoulos, Nicola Zannone
  • Software Engineering for Security: a Roadmap Premkumar T. Devanbu, Stuart Stubblebine
  • A BSD Rootkit Primer (O'Reilly Press interview with author)
  • Security Code Review Guidelines (1996)
  • Open Web Application Security Project (OWASP)
  • Protecting browser state from web privacy attacks
  • Remote timing attacks are practical
  • Security Analysis of a Cryptographically-Enabled RFID Device
• The Computer Security Industry:
  • Digital Boundary Group (London, Ontario)
  • Forensic Data Recovery (Victoria, B. C.)
  • BT Counterpane (Bruce Schneier's Counterpane company bought by BT)
  • Mitnick Security, LLC
  • RSA: The Security Division of EMC
  • Sophos anti-virus and anti-spam software for businesses
  • eEye Digital Security
  • Norman antivirus, firewall, network security
  • Cybertrust global information security specialist
  • McAffee
  • index of Computer Security Companies in the UK
  • Tresys Technology (Security Enhanced Linux)
  • Symantec
  • CA, Inc. (Computer Associates)
  • SecurityFocus 's vulernabilties list
• Goverment Computer Security related sites:
  • Information and Privacy Commissioner Ontario
  • Office of the Privacy Commissioner of Canada
  • E-mail Encryption Made Simple (Information and Privacy Commissioner Ontario, 1999)
  • Government Security Policy Overview (Treasury Board of Canada Secretariat)
  • Communications Security Establishment Canada's National Cryptologic Agency
  • courses offered by IT Security Learning Centre (Communications Security Establishment) [see also: programs of study]
  • Introduction to Information Technology Security Communications Security Establishment (course online material)
  • 2005 Report of Auditor General on Information Technology Security Office of the Auditor General of Canada
  • Corporate Security Information Technology: Security Requirements for Remote Access Services [19 Apr 2006] Goverment of Ontario Information & Technology Standards (19 pages)
  • Security Agencies of the world Compiled by Jerry Proc.
  • Computer Crime & Intellectual Property Section (United States Department of Justice)
  • CVE (Common Vulnerabilities and Exposures) CVE is sponsored by the US-CERT at the U.S. Department of Homeland Security at Mitre
  • US-CERT United States Computer Emergency Readiness Team
  • Computer Security Division National Institute of Standards and Technology (US).
  • Biometrics Catalog (US Dept. of Justice)
  • US Department of Energy's Computer Incident Advisory Capability (CIAC)
  • Internet Fraud Complaint Center FBI and the National White Collar Crime Center
  • Best Practices for Seizing Electronic Evidence (U S Secret Service note)
  • Digital Evidence in the Courtroom: A guide for law enforcement and prosecutors (National Institute of Justice -- The Research, Development, and Evaluation Agency of the U S Department of Justice)
  • CSA - Standards - About the Privacy Code (Canadian Standards Association)

I can be contacted by email at webber@csd.uwo.ca in the manner described in the course outline.