Difference between revisions of "MSc:SecurityOfSystemsAndNetworks"

From IU
Jump to navigation Jump to search
 
(9 intermediate revisions by the same user not shown)
Line 2: Line 2:
   
 
* <span>'''Course name:'''</span> Security of systems and networks (SSN)
 
* <span>'''Course name:'''</span> Security of systems and networks (SSN)
  +
* <span>'''Course number:'''</span> SNE-08
 
   
   
Line 75: Line 75:
 
! Type of Evaluation !! Points
 
! Type of Evaluation !! Points
 
|-
 
|-
| Labs || 30
+
| Labs || 36
 
|-
 
|-
| Project || 30
+
| Project || 20
 
|-
 
|-
| Weekly Quiz || 10
+
| Weekly Quiz || 4
 
|-
 
|-
| Exam || 30
+
| Exam || 40
 
|}
 
|}
   
Line 101: Line 101:
 
| D. Poor || 0-50
 
| D. Poor || 0-50
 
|}
 
|}
  +
  +
===To pass the course, you need:===
  +
  +
# To achieve more than 50% on the final exam.
  +
# To achieve more than 50% on each individual lab
  +
  +
=== Lab policy: ===
  +
  +
# Only one extension of the deadline is allowed for the labs
  +
# Students with less than 60% point of a lab, must retake the lab, in which case the highest score will be 65% of the overall score of the lab
  +
  +
  +
=== Retake: ===
  +
  +
The retake of the exam will be oral, but only if the labs have been finished.
   
 
=== Resources and reference material ===
 
=== Resources and reference material ===
Line 127: Line 142:
 
| 5 || Labs|| 24h
 
| 5 || Labs|| 24h
 
|-
 
|-
| 6 || Project|| 32h
+
| 6 || Project|| 24h
 
|}
 
|}
   
Line 172: Line 187:
 
* Authentication
 
* Authentication
 
* Authorization
 
* Authorization
 
=== What forms of evaluation were used to test students’ performance in this section? ===
 
 
{| class="wikitable" style="margin:auto"
 
|+
 
|-
 
! Form !! Yes/No
 
|-
 
| Development of individual parts of software product code || No
 
|-
 
| Homework and group projects || Yes
 
|-
 
| Midterm evaluation || No
 
|-
 
| Testing (written or computer based) || Yes
 
|-
 
| Reports || Yes
 
|-
 
| Essays || No
 
|-
 
| Oral polls || No
 
|-
 
| Discussions || Yes
 
|}
 
 
   
 
=== Typical questions for ongoing performance evaluation within this section ===
 
=== Typical questions for ongoing performance evaluation within this section ===
Line 224: Line 214:
 
* Simple Authentication Protocols
 
* Simple Authentication Protocols
 
* Real-World Security Protocols
 
* Real-World Security Protocols
 
=== What forms of evaluation were used to test students’ performance in this section? ===
 
 
 
{| class="wikitable" style="margin:auto"
 
|+
 
|-
 
! Form !! Yes/No
 
|-
 
| Development of individual parts of software product code || No
 
|-
 
| Homework and group projects || Yes
 
|-
 
| Midterm evaluation || No
 
|-
 
| Testing (written or computer based) || Yes
 
|-
 
| Reports || Yes
 
|-
 
| Essays || No
 
|-
 
| Oral polls || No
 
|-
 
| Discussions || Yes
 
|}
 
 
   
 
=== Typical questions for ongoing performance evaluation within this section ===
 
=== Typical questions for ongoing performance evaluation within this section ===
Line 273: Line 237:
 
* Insecurity in Software
 
* Insecurity in Software
 
* Operating Systems and Security
 
* Operating Systems and Security
 
=== What forms of evaluation were used to test students’ performance in this section? ===
 
 
 
{| class="wikitable" style="margin:auto"
 
|+
 
|-
 
! Form !! Yes/No
 
|-
 
| Development of individual parts of software product code || No
 
|-
 
| Homework and group projects || Yes
 
|-
 
| Midterm evaluation || No
 
|-
 
| Testing (written or computer based) || Yes
 
|-
 
| Reports || Yes
 
|-
 
| Essays || No
 
|-
 
| Oral polls || No
 
|-
 
| Discussions || Yes
 
|}
 
   
 
=== Typical questions for ongoing performance evaluation within this section ===
 
=== Typical questions for ongoing performance evaluation within this section ===

Latest revision as of 10:07, 26 August 2024

Security of systems and networks

  • Course name: Security of systems and networks (SSN)


Course characteristics

Key concepts of the class

  • Applied cryptography
  • Security protocols
  • Network and Internet security
  • Authentication and Authorization
  • Software Security

What is the purpose of this course?

This course will cover the fundamentals of security, security protocols, and their applications in real-world. The topics covered in this course include applied cryptography, authentication, passwords, practical security, social aspects of security, SSL/TLS, crypto. Furthermore, this course will strengthen the security knowledge of the students and guide them in the right direction for their upcoming research projects and advanced courses. The course is divided into two parts. The first part will cover the theory and hands-on practice of the concepts taught at class. And the second part of the course will focus on the course projects. The student will work on a security project by using the concepts taught in the class.

Prerequisites

  • No specific prerequisites are mandated.

Recommendations for students on how to succeed in the course

References:

  • Attend the lectures
  • Read the lecture notes
  • Read the related chapters in the book


  • Attend and finish the labs


  • Finish your assigned project successfully

Course Objectives Based on Bloom’s Taxonomy

What should a student remember at the end of the course?

By the end of the course, the students should be able to:

  • Demonstrate the acquired knowledge and skills in applied cryptography (symmetric and asymmetric cryptography),
  • Operate classical enigma machine, encode and decode messages with it
  • Demonstrate the working knowledge of famous cryptographic algorithms and discuss their shortcomings
  • Demonstrate and operate the already implemented security protocols over internet,
  • Reason about the problems in the security of networked systems and current internet and their existing solutions,
  • Solve mathematical problems (especially in number theory),

What should a student be able to apply at the end of the course?

By the end of the course, the students should be able to apply:

  • Crypt-analyze ciphertext and decrypt through frequency analysis and other important techniques
  • Design security protocols
  • Find security flaws in security protocols
  • Get hands-on experience of the existing enterprise cryptographic algorithms and use them in projects,
  • Demonstrate the skill of finding out security issues in networked systems and internet technologies,

Course evaluation

The acquired knowledge will be evaluated via labs, a project, and the exam, with points as in the following table:

Type of Evaluation Points
Labs 36
Project 20
Weekly Quiz 4
Exam 40

Grades range

The grades will be given according to the following table:

Grade Range of points
A. Excellent 91-100
B. Good 81-90
C. Satisfactory 51-80
D. Poor 0-50

To pass the course, you need:

  1. To achieve more than 50% on the final exam.
  2. To achieve more than 50% on each individual lab

Lab policy:

  1. Only one extension of the deadline is allowed for the labs
  2. Students with less than 60% point of a lab, must retake the lab, in which case the highest score will be 65% of the overall score of the lab


Retake:

The retake of the exam will be oral, but only if the labs have been finished.

Resources and reference material

  • Lecture slides
  • Book
  • Links to the online material will be provided (if any)

Course Sections

The main sections of the course and approximate hour distribution between them is as follows:

Section Section Title Teaching Hours
1 Cryptography 40%
2 Access Control 25%
3 Protocols 25%
4 Software 10%
5 Labs 24h
6 Project 24h

Section 1 title:

Cryptography

Topics covered in this section:

  • Basics of Crypto
  • Symmetric Key Crypto
  • Public Key Crypto
  • Hash Functions

Typical questions for ongoing performance evaluation within this section

  1. What are typical classic crypto methods?
  2. What are the differences in stream and block ciphers from performance standpoint?
  3. How to measure the security of cryptographic algorithms?
  4. How to encrypt and decrypt with different asymmetric crypto algorithms?
  5. How to embedd backdoors in crypto algorithms?
  6. How to realize key exchange through Hiffie-Hellman using traditional techniques and elliptic curve techniques?
  7. How to make security algorithms efficient?

Typical questions for seminar classes (labs) within this section

  1. Make enigma machine with pringle box
  2. Assess the security of different setups of RSA
  3. Implement man in the middle attack
  4. Implement addition over elliptic curves
  5. Solve crypto math problems

Test questions for final assessment in this section

  1. Same as above

Section 2 title:

Access Control

Topics covered in this section:

  • Authentication
  • Authorization

Typical questions for ongoing performance evaluation within this section

  1. What are pros and cons of using symmetric and asymmetric cryptographic mechanisms for authentication?
  2. What is man in the middle attack?
  3. Develop home-grown authentication mechanisms?
  4. How Kerberos reduces the communication overhead?
  5. Where is shibboleth used?

Typical questions for seminar classes (labs) within this section

  1. Implement different variants of authentication protocols
  2. Find out security flaws in authentication protocols
  3. Identify shortcomings of different protocols

Test questions for final assessment in this section

  1. Same as above

Section 3 title:

Protocols

Topics covered in this section:

  • Simple Authentication Protocols
  • Real-World Security Protocols

Typical questions for ongoing performance evaluation within this section

  1. How does SSL and TLS work?
  2. HOw does SSL and TLS combine symmetric and asymmetric cryptography?

Typical questions for seminar classes (labs) within this section

  1. Assess the security of SSL and TLS handshakes

Test questions for final assessment in this section

  1. Same as above

Section 4 title:

Software

Topics covered in this section:

  • Software Flaws and Malware
  • Insecurity in Software
  • Operating Systems and Security

Typical questions for ongoing performance evaluation within this section

  1. Why is software as important to security as crypto, access control, protocols?
  2. If your software is subject to attack, can your security can be broken Regardless of strength of crypto, access control, or protocols? Why?
  3. What are the main factors of software that compromise the security of systems?


Test questions for final assessment in this section

  1. As above