The University of Western Ontario
London, Canada

Department of Computer Science

CS 413 / 634 -- Cryptography and Security

Course Outline -- Winter 2007

Course Description

Prerequisites, Anti-requisites (if any)

Operating Systems --- Students are expected to have previous experience with some UNIX variation. There is school equipment available if you do not have your own.

Programming Languages --- Although coursework does not directly require programming, there may be times when doing a bit of programming makes it easier to solve a homework problem.

Course Work --- According to the Academic Calendar:

• Computer Science 340a/b. (np-complete algorithms, exhausitive search, etc.)
• Mathematics 223b. (basic number theory, modular arithmetic, etc.)

Students are responsible for ensuring that they meet the prerequisite requirements or have obtained appropriate special permission in the event that they don't meet the formal requirements. Students not meeting the requirements nor having the appropriate permission may be dropped from the course as per Senate regulations.

Instructor

    Robert E. Webber
    Office: Room 384, Middlesex College
    Office Hours: To be announced.
    Phone: x86916 (prefer email)
    E-Mail: webber@csd.uwo.ca (use 413 in subject line to get best results from my spam filtering software)

Textbook, Lecture Notes

• Required textbooks:
  • Classical and Contemporary Cryptology, Richard J. Spillman, ISBN 0-13-182831-2, Pearson Prentice-Hall, 2005
  • Secrets and Lies: Digital Security in a Networked World, Bruce Schneier, ISBN: 0471453803 (paperback), Wiley (January 30, 2004)
• Recommended textbooks:
  • The Essence of Computing Projects -- A Student's Guide, Christian W. Dawson, ISBN: 0-13-021972-X, Pearson Education Limited, 2000, (TAYSTK QA76.27.D39 2000)

Course Website

http://www.csd.uwo.ca/courses/CS413a/index.html and/or http://www.csd.uwo.ca/courses/CS413b/index.html Announcements related to the course are made on the course web pages. The homeworks and reports are marked under the assumption that students are familiar with the material on the course web pages associated with the current semester.

Lecture Topics

• privacy, authentication, integrity, access control, covert channels, intrusion detection, audit records, classical encryption techniques, cryptanalysis, block ciphers, AES, DES, public key cryptography, PGP, SSL, SSH, SHA, key management, attack trees, man-in-the-middle, traffic analysis, timing attacks, denial of service, worm, virus, buffer overflow, software reliability, passwords, biometrics

Class Schedule

   Lectures: 3 hours (Monday 11:30 - 1:30 pm [MC 320], Wednesday 11:30 - 12:30 pm [MC 320])

   Labs: 0 hours

TA Consulting Hours (to be announced on course announcements page)

Computing Facilities

NOTE: some course homeworks will require access to the departmental computing facilities for online handin.

Each student will be given an account on the Computer Science Department senior undergraduate computing facility, GAUL .  In accepting the GAUL account, a student agrees to abide by the department's  Rules of Ethical Conduct .

Note:  After-hours access to certain Computer Science lab rooms is by student card. If a student card is lost,  a replacement card will no longer open these lab rooms, and the student must bring the new card to a member of the Systems Group in Middlesex College Room 346.

Email Contact

We will occasionally need to send email messages to the whole class, or to students individually. Email will be sent to your GAUL or ITS email address (depending on which one comes with the class list). You must make sure that you read your email on GAUL and ITS on a frequent and regular basis, or have it forwarded to an alternative email address if you prefer to read it there.

However, you should note that email at ITS (your UWO account) and other email providers such as hotmail.com or yahoo.com may have quotas or limits on the amount of space they can use. If you let your email accumulate there, your mailbox may fill up and you may lose important email from your instructors.  Losing email that you have forwarded to an alternative email address is not an excuse for not knowing about the information that was sent.

Student Evaluation

• There will be 6 homeworks during the semester, each counting 5% for a total of 30% of the computed mark. Most of the homeworks will involve cryptanalsysis of a sample piece of encoded text (illustrating weaknesses in various cryptographic schemes). In such cases, each student will have a separate piece of text to figure out. Groups working on such tasks will become responsible for solving all of the texts assigned their various members.

  The homeworks can be done either individually or in groups of your choosing. (a larger group should be able to do better work than if the same people did the work individually -- the marking scheme may de-emphasize this advantage of large groups over smaller groups at the discretion of the instructor). Working in groups and not declaring the group would be fraudulent behaviour and handled as an academic offense. The work handed in is assumed to be your individual work unless you list under your name on the title page the other members of your group. For more details on required formats and hand in policies, see the homework specs.

  The homeworks are due to be handed in online by midnight (end of day) on the designated Monday. Late penalties are then as follows:

  • 5 percent reduction for up to Tuesday midnight (one day late)
  • 10 percent reduction for up to Wednesday midnight (two days late)
  • 20 percent reduction for up to Thursday midnight (three days late)
  • 40 percent reduction for up to Friday midnight (four days late)
  • handins after Friday midnight can be made for the purposes of getting feedback on whether one's project is finally working (although it would be too late for a mark).
• There will be an individual project counting 70% of the course mark. In this context, a project could be primarily based on reading relevant portions of the security literatures or could involve programming. The ideas surrounding the development of a project will be discussed in class along the lines presented in the recommended text The Essence of Computing Projects -- A Student's Guide. The project mark will be broken down into the following parts:
  • 10% -- proposal [2 printed copies]: see book and homework spec regarding the parts of a proper proposal (which includes a time line for accomplishing the project). In the event that a project changes significantly from the proposal, at the discretion of the instructor, a new proposal may be required with various admendments to the marking scheme (if you are thinking about changing your mind after the proposal has been handed in, you should definitely discuss the matter with the instructor to sort out how this would effect the project marking).
  • 10% -- first step [2 printed copies]: 20% of the polished text for the final version of the report, a note on any revisions of the proposal's plan, current version of the bibliography for the final report.
  • 15% -- second step [2 printed copies]: 50% of the polished text for the final version of the report, a note on any revisions of the proposal's plan, current version of the bibliography for the final report.
  • 35% -- final report [2 printed copies if you want one back after marking]
  Late penalties associated with the various parts of the project will be at the rate of 5% per day late (not counting weekends). Normally I will be available during office hours on Monday, Tuesday, Wednesday, and Thursday. If you need to hand in something for Friday, you should discuss this with the instructor to see what procedure, if any, is available on that day.
• Administrative penalties associated with not following the instructions on exams will not exceed 10% of the value of the exam. Academic offences related to the exams will be handled through the Dean's office. Typical first offense penalty is minus the value of the homework, which in the case of the exams would mean failing the course.
• No mark will exceed 100%. Bonuses and administrative penalties are applied to the marks before any exam curving is done. Academic offense penalties are applied after curving.

If for any reason an homework, quiz, or midterm is cancelled, the percentage of the course mark associated with that task will be added to the portion associated with the final handin of the course project.

As usual, homeworks and exams will be marked and returned as soon as convenient. As usual, final exam and final course marks will not be made available until the department posts the final course marks or the registrar's office makes marks available.

 Schedule

• [W01, M] 8 Jan 2007: First day of classes, first day of our class.
• [W02, M] 15 Jan 2007:
• 16 Jan 2007: last day to add
• [W03, M] 22 Jan 2007: first homework due
• [W04, Tu] 30 Jan 2007:
• [W05, M] 5 Feb 2007: By the end of office hours on this day, two printed copies of the project proposal should be handed to the instructor.
• 5 Feb 2007: second homework due
• [W06, M] 12 Feb 2007:
• 15 Feb 2007: Last day to drop [check official university calendar to be sure if this matters to you.]
• 19 Feb 2007: third homework due
• [W07, M] 19 Feb 2007: By the end of office hours on this day, two printed copies of the first project step should be handed to the instructor.
• 26 Feb -- 2 Mar 2007: Reading Week
• [W08, M] 5 Mar 2007:
• [W09, M] 12 Mar 2007: fourth homework due
• [W10, M] 19 Mar 2007: By the end of office hours on this day, two printed copies of the second project step should be handed to the instructor.
• [W11, M] 26 Mar 2007: fifth homework due
• [W12, M] 2 Apr 2007:
• 09 Apr 2007: sixth homework due
• [W13, M] 9 Apr 2007: By the end of office hours on this day, two printed copies of the final project report should be handed to the instructor.
• 12 Apr 2007: Last day of classes (if you have not yet handed in your final project report, be sure you have discussed the matter with the instructor and that he has agreed to appropriate arrangements for handing it in late).

Homework  Schedule

• All six homeworks will be available as soon as possible.
• See discussion of late homeworks under Student Evaluation. Procedural problems such as jammed printers should be brought to the immediate attention of the instructor, who may exact a small penalty for not being properly prepared.

    Extensions: Extensions will be granted only by the course instructor. If you have serious medical or compassionate grounds for an extension, you should take supporting documentation to the office of the Dean of your faculty, who will contact the instructor.

Ethical Conduct

All homeworks are individual homeworks in that each student is individually responsible for handing in their homework. Students may work in groups on homeworks, see discussion under Student Evaluation for more details.

Homeworks will be marked on both content and style. Homeworks that are judged to be the result of academic dishonesty will, for the student's first offence, be given a mark of zero with an additional penalty equal to the weight of the homework also being applied. You are responsible for reading and respecting the Computer Science Department's policy on  Scholastic Offences  and Rules of Ethical Conduct.

For additional departmental policies or procedural wording that I may have overlooked, see http://www.csd.uwo.ca/~aija/COTemplate.htm as well as http://www.csd.uwo.ca/~aija/policies.html. If there is a contradiction between this document and the policies indicated above, please let the instructor know by email soonest.