|
Instructor: |
Tom Austin |
|
Office Location: |
MH 216 |
|
Telephone: |
408-924-7227 |
|
Email: |
|
|
Office Hours: |
Monday/Thursday noon-1 pm |
|
Class Days/Time: |
Monday/Wednesday 1:30-2:45 pm |
|
Classroom: |
MH 222 |
|
Prerequisites: |
CS 146 & (CS 47 or CMPE 102 or CMPE 120), "C-" or better. |
Course materials such as syllabus, handouts, notes, assignment instructions, etc. can be found on my faculty web page at https://www.cs.sjsu.edu/~austin/cs166-spring17/ or on Canvas Leaning Management System course login website at http://sjsu.instructure.com. You are responsible for regularly checking with the messaging system through Canvas to learn of any updates.
Fundamental security topics including cryptography, protocols, passwords, access control, software security, and network security. Additional topics selected from multilevel security, biometrics, tamper-resistant hardware, information warfare, e-commerce, system evaluation and assurance, and intrusion detection. Prerequisite: CS 146 (with a grade of "C-" or better) and either CS 47 or CMPE 102 or CMPE 120 (with a grade of "C-" or better). Due to ABET accreditation, I need to see proof of your prerequisites or I must drop you from the course.
Upon successful completion of this course, students will be able to understand the major technical security challenges in each of the following four areas: cryptography, access control, protocols, and software. More specific outcomes are listed here:
· Given an iteration of the Fiat-Shamir zero knowledge protocol, find Alice's secret S, and verify that v = S2 mod N (assessed with an exam question)
· Suppose that Alice's RSA public key is (N,e). Determine Alice's private key d. (assessed with an exam question)
Information
Security: Principles and Practice, 2nd edition, Mark Stamp,
(Wiley, May 2011, ISBN-10: 0470626399, ISBN-13: 978-0470626399).
Other readings will be listed on the class schedule.
Final grades will be determined by a weighted average of the following:
Extra credit assignments may be offered sporadically throughout the semester.
Nominal grading scale:
|
Percentage |
Grade |
|
92 and above |
A |
|
90 - 91 |
A- |
|
88 - 89 |
B+ |
|
82 - 87 |
B |
|
80 - 81 |
B- |
|
78 - 79 |
C+ |
|
72 - 77 |
C |
|
70 - 71 |
C- |
|
68 - 69 |
D+ |
|
62 - 67 |
D |
|
60 - 61 |
D- |
|
59 and below |
F |
Attendance is strongly recommended, but not mandatory. Should you show up late to class, quietly sit down, and do not expect me to go over material that you missed just for your benefit.
You will be expected to bring your laptop to class in order to work on the labs. You may work with a partner for labs, but NOT for homework assignments unless otherwise indicated.
Cell phone use is prohibited.
Per University Policy S16-9, university-wide policy information relevant to all courses, such as academic integrity, accommodations, etc. will be available on Office of Graduate and Undergraduate Programs' Syllabus Information web page at http://www.sjsu.edu/gup/syllabusinfo/.
Please note that the schedule is subject to change with fair notice, which will be posted through Canvas at https://sjsu.instructure.com.
|
Week |
Date |
Topics and Readings |
|
1 |
1/30 |
Introduction – chapter 1 |
|
1 |
2/1 |
Classic crypto – chapter 2 |
|
2 |
2/6 |
Stream ciphers / block ciphers – chapter 3 |
|
2 |
2/8 |
More block ciphers |
|
3 |
2/13 |
Public key crypto – chapter 4 |
|
3 |
2/15 |
More public key crypto |
|
4 |
2/20 |
Hash functions – chapter 5 |
|
4 |
2/22 |
More hash functions |
|
5 |
2/27 |
Password cracking |
|
5 |
3/1 |
Authentication using passwords – chapter 7 |
|
6 |
3/6 |
Alternate authentication methods |
|
6 |
3/8 |
TEST REVIEW |
|
7 |
3/13 |
MIDTERM 1 |
|
7 |
3/15 |
Authorization: classifications and CAPTCHAs – chapter 8 |
|
8 |
3/20 |
Authorization: firewalls |
|
8 |
3/22 |
Authorization: intrusion detection |
|
9 |
3/27 |
SPRING BREAK |
|
9 |
3/29 |
SPRING BREAK |
|
10 |
4/3 |
Cross-site request forgery lab |
|
10 |
4/5 |
Simple protocols – chapter 9 |
|
11 |
4/10 |
Timestamps, zero-knowledge proofs, SSH, SSL – chapter 10 |
|
11 |
4/12 |
IPSec |
|
12 |
4/17 |
Kerberos, WEP, GSM |
|
12 |
4/19 |
Cryptocurrencies – Bitcoin paper https://bitcoin.org/bitcoin.pdf |
|
13 |
4/24 |
Software flaws – chapter 11 |
|
13 |
4/26 |
TEST REVIEW |
|
14 |
5/1 |
MIDTERM 2 |
|
14 |
5/3 |
Cross-site scripting (XSS), SQL injection |
|
15 |
5/8 |
Malware – chapter 12 |
|
15 |
5/10 |
Insecurity in software |
|
16 |
5/15 |
TEST REVIEW |
|
Final Exam |
5/22 |
12:15 pm in MH 222 |