The University of Western Ontario
London, Canada
Department of
Computer Science
CS 413 / 634 -- Cryptography and Security
Course Outline -- Fall 2007
Course Description
This is an introductory survey course that addresses the current state of
the security of computer systems (and particularly the problems associated
with networked computers). Within the context of computer security,
particular focus is given to cryptography, both to better understand how
it works and to also understand the limitations of its usage. Around this
core material, students will develop projects/papers where they investigate, in
depth, a particular aspect of computer security that they are most interested
in.
Prerequisites, Anti-requisites (if
any)
Operating Systems ---
Students are expected to have previous experience with some UNIX variation.
There is school equipment available if you do not have your own.
Programming Languages ---
Although coursework does not directly require programming, there may be
times when doing a bit of programming makes it easier to solve a homework
problem.
Course Work --- According to the Academic Calendar:
- Computer Science 340a/b. (np-complete algorithms, exhausitive search, etc.)
- Mathematics 223b. (basic number theory, modular arithmetic, etc.)
- NOTE: This is not a course where a lot of proofs are done, but it is a
course where counting and statistics are sometimes referred to in order to
justify a particular solution to a problem. If you are interested in things
like finite fields and Markov Models (which are sometime used in this field),
you can either develop such matters in your course paper/project or
consider taking a course in cryptography from the Math department where it
is sometimes offerred as a special topics course and where a more
theoretical approach would be expected.
Students are responsible for ensuring that they meet the prerequisite
requirements or have obtained appropriate special permission in the event
that they don't meet the formal requirements. Students not meeting
the requirements nor having the appropriate permission may be dropped
from the course as per Senate regulations.
Instructor
Robert E. Webber
Office: Room 384, Middlesex College
Office Hours: To be announced.
Phone: x86916 (prefer email)
E-Mail: webber@csd.uwo.ca (use 413 in subject line to get best results from my spam filtering software)
Textbook, Lecture Notes
- Required textbooks:
- Readings for CS413, edited by Robert E. Webber, Fall 2007 (available
in University Bookstore)
Course Website
Lecture Topics
- privacy, technical security issues, formal security issues, informal security
issues, risk and threat analysis, attack trees, access control matrix, Bell-LaPudula
model, Biba's model, covert channel, inference control, CAPTCHA, firewalls,
intrusion detection, human factor issues, user security awareness, password
security, software security errors, security code review, data lifetime, trust,
incident handling, the Internet Worm, ssh, substitution ciphers, Vigenere cipher,
Kasiski Attack, index of coincidence, entropy of English, Zipf's Law, Enigma cipher,
diffusion, confusion, Shannon's five criteria, known plaintext attack, stream
cipher systems, testing randomness, linear feedback shift registers, RC4,
public key cryptosystems (RSA), block ciphers, Feistel cipher, DES, AES,
designing encryption algorthms
Class Schedule
Lectures: 3 hours (Tuesday 12:30 - 2:30 pm [MC 320], Friday 12:30 - 1:30 pm [MC 320])
Labs: 0 hours
TA Consulting Hours (to be
announced on course announcements page)
Computing Facilities
NOTE: some course homeworks will require access to the departmental computing facilities for online handin.
Each student will be given an account on the
Computer Science Department senior undergraduate computing facility, GAUL . In
accepting the GAUL account, a student agrees to abide by the department's Rules of Ethical Conduct .
Note: After-hours access to certain Computer Science lab
rooms is by student card. If a student card is lost, a replacement card will no
longer open these lab rooms, and the student must bring the new card to a member of the
Systems Group in Middlesex College Room 346.
Email Contact
We will occasionally need to send email messages to the whole
class, or to students individually. Email will be sent to your GAUL or ITS email address (depending on which one comes with the class list). You
must make sure that you read your email on GAUL and ITS on a frequent and regular basis, or have
it forwarded to an alternative email address if you prefer to read it there.
However, you should note that email at ITS (your UWO account)
and other email providers such as hotmail.com or yahoo.com may have quotas or limits on
the amount of space they can use. If you let your email accumulate there, your mailbox may
fill up and you may lose important email from your instructors. Losing email that
you have forwarded to an alternative email address is not an excuse for not knowing about
the information that was sent.
Student Evaluation
- There will be one open book, open notes, (no electronics) in-class exam counting 20% of the
mark. This will cover the course readings up to that point in the semester.
- There will be 4 homeworks during the semester, each counting 5% for a total of
20% of the computed mark. Most of the homeworks will involve cryptanalysis
of a sample piece of encoded text (illustrating weaknesses in various
cryptographic schemes). In such cases, each student will have
a separate piece of text to figure out. Groups working on such tasks will
become responsible for solving all of the texts assigned their various members.
The homeworks can be done either individually or in groups of your choosing.
(a larger group should be able to do better work than if the same people did
the work individually -- the marking scheme may de-emphasize this
advantage of large groups over smaller groups at the discretion of the
instructor).
Working in groups and not declaring the group would be fraudulent behaviour
and handled as an academic offense. The work handed in is assumed to be
your individual work unless you list under your name on the title page the
other members of your group. For more details on required formats and hand in
policies, see the homework specs.
The homeworks are due to be handed in online by midnight (end of day) on the
designated Tuesday. Late penalties are then as follows:
- 5 percent reduction for up to Wednesday midnight (one day late)
- 10 percent reduction for up to Thursday midnight (two days late)
- 20 percent reduction for up to Friday midnight (three days late)
- 50 percent reduction for up to Monday midnight (start of the next week)
- handins after Monday midnight can be made for the purposes of getting
feedback on whether one's project is finally working (although it would
be too late for a mark).
- There will be an individual project counting 60% of the course
mark. In this context, a project could be primarily based on reading
relevant portions of the security literatures or could involve programming.
The ideas surrounding the development of a project will
be discussed in class and supplementary material appears in the course readings.
The project mark will be broken down into the following parts:
- 7% -- proposal [2 printed copies]: see book and homework spec regarding
the parts of a proper proposal (which includes a time line for accomplishing
the project). In the event that a project changes significantly from the
proposal, at the discretion of the instructor, a new proposal may be required
with various admendments to the marking scheme (if you are thinking about
changing your mind after the proposal has been handed in, you should definitely
discuss the matter with the instructor to sort out how this would effect the
project marking).
- 3% -- an in-class 10 minute presentation of the proposal
- 10% -- first step [2 printed copies]: An introduction to your topic and
summary/discussion in one of your major references on the topic (size roughly
1/5th of the ultimate paper).
Also, a note on any revisions of the proposal's plan, current version of the
bibliography for the final report.
- 5% -- an in-class 10 minute presentation of the contents of the first step.
- 30% -- final report [2 printed copies if you want one back after marking]
- 5% -- an in-class 20 minute presentation of the contents of the final report.
Late penalties associated with the various written parts of the project will be at the
rate of 10% per day late (not counting weekends). The in-class presentations
should follow quickly on top of the hand-in of the written material (late penalties
will be exacted when deemed necessary). In the case
of the final presenation, an in-class status presentation summarizes the state of
your project will need to be done before the end of the semester, even if the
final writen version is coming in later than that.
Administrative penalties associated with not following the instructions
on exams will not exceed 10% of the value of the exam. Academic offences
related to the exams will be handled through the Dean's office. Typical
first offense penalty is minus the value of the task.
No mark will exceed 100%. Bonuses and administrative penalties
are applied to the marks before any exam curving is done.
Academic offense penalties are applied after curving.
If for any reason a course task is cancelled,
the percentage
of the course mark associated with that task will be added to the portion
associated with the final handin of the course project.
As usual, written material will be marked and returned as soon as
convenient.
Schedule
[NOTE: homework due dates are tentative pending
departmental approval. If they are changed, there will be an announcement on the
course announcements page.]
- [W01, Th] 6 Sept 2007: First day of classes
- [W01, F] 7 Sept 2007: First meeting of class
- [W02, Tu] 11 Sept 2007
- [W02, F] 14 Sept 2007: Last day to add class
- [W03, Tu] 18 Sept 2007: Homework 1 due
- [W04, Tu] 25 Sept 2007: project proposal due
- [W05, Tu] 2 Oct 2007: final presentations will be scheduled by drawing lots.
- [W05, Tu] 2 Oct 2007: Homework 2 due
- [W06, M] 8 Oct 2007: Giving thanks that we get this Monday off (won't be counted in
any late penalty calculations)
- [W06, Tu] 9 Oct 2007:
- [W07, Tu] 16 Oct 2007: project step one due
- [W08, Tu] 23 Oct 2007: Homework 3 due
- [W09, Tu] 30 Oct 2007
- [W10, Tu] 6 Nov 2007: In class exam.
- [W11, Tu] 13 Nov 2007: Homework 4 due
- [W12, Tu] 20 Nov 2007
- [W13, Tu] 27 Nov 2007: Final writeup due.
- [W14, Tu] 4 Dec 2007
- NOTE: final in-class presentations will be scheduled backward to accomodate
class size from the date of the last class, figuring two presentations can be done
each 50-minute period with no more than five presentations scheduled for any
consecutive three 50-minute periods, and only one presentation scheduled for the
last 50-minute period of the semester.
- [W14, W] 5 Dec 2007: Last day of classes
- NOTE: No final exam in this course.
Homework Schedule
- All homeworks will be available as soon as possible.
- See discussion of late homeworks under Student Evaluation.
Procedural problems such as jammed printers
should be brought to the immediate attention of the instructor, who may exact
a small penalty for not being properly prepared.
Extensions: Extensions will be granted
only by the course instructor. If you have serious medical or compassionate grounds for an
extension, you should take supporting documentation to the office of the Dean of your
faculty, who will contact the instructor.
Ethical Conduct
All homeworks are individual homeworks in that
each student is individually responsible for handing in their homework.
Students may work in groups on homeworks, see discussion under Student
Evaluation for more details.
Homeworks will be marked on both content and style.
Homeworks that are judged to be the result of academic dishonesty will, for the
student's first offence, be given a mark of zero with an additional penalty equal to the
weight of the homework also being applied. You are responsible for reading and
respecting the Computer Science Department's policy on Scholastic Offences
and Rules of Ethical Conduct.
For additional departmental policies or procedural wording that I may have
overlooked, see
http://www.csd.uwo.ca/~aija/COTemplate.htm as well as
http://www.csd.uwo.ca/~aija/policies.html. If there is a contradiction
between this document and the policies indicated above, please let the instructor
know by email soonest.