Introduction to Information Security J. H. Wang Sep. 11, 2017
Instructor Instructor Jenq-Haur Wang (王正豪) Associate Professor, Dept. CSIE, Taipei Tech. Office: R1534, Technology Building E-mail: jhwang@csie.ntut.edu.tw Homepage: http://www.ntut.edu.tw/~jhwang/ Tel: ext. 4238
Course Overview Course: Information Security Time: 2:10-4:00pm on Mondays, 10:10-11:00am on Thursdays Classroom: R427, 6th Teaching Building & R234, Technology Building Prerequisite: Discrete Mathematics, Computer Networks Course webpage: http://www.ntut.edu.tw/~jhwang/IS/ The latest announcement and schedule updates TA: Mr. Ma (@R1424, Technology Building) E-mail: wirl2017 @ yahoo.com.tw
Target Students For those who Major in Computer Science or Information Technology, and Are familiar with basic computer networks and discrete mathematics, and Are preparing to investigate more details in selected topics and recent developments in system, networks, and information security
Resources Textbook: Cryptography and Network Security: Principles and Practice, Seventh Edition, by William Stallings, Pearson Education, 2017 http://williamstallings.com/Cryptography/ (Global Edition is available now, but earlier versions are also acceptable) Online chapters and appendices available References: Network Security Essentials: Applications and Standards, 6th ed., by William Stallings, Pearson, 2017. (adapted from our textbook) Slides, documents, and tools
Teaching Lectures Experience sharing from previous seniors and the industry About three homework assignments Homework should be turned in within two weeks One quiz, and one mid-term exam Term project: system development or topical surveys How did intruders attack our systems What kinds of security tools are available How do we protect against attacks
Grading Policy (Tentative) grading policy Homework assignments: ~30% Quiz and midterm exam : ~35% Term projects: ~35% System development or topical surveys For those not familiar with the “midterm alert”: Rule#1: ! (x, alerted(x) => failed(x)) Rule#2: ! (x, !alerted(x) => !failed(x) Conclusion: pay attention to your own potential score range as early as possible!
Course Description Introduction to basic concepts in information security and their applications Cryptography Encryption, hash function, digital signature Network security applications HTTPS, wireless security, e-mail security, IP security System security Intrusion, virus, firewall
What is Information Security? Example scenarios Receiving unsolicited messages, e-mail spam, phishing, advertisements, … Computer system hijacked: popups, hanged, … Communication gets wiretapped or eavesdropped… Fake online transaction Your friend denied receipt of your message Disputes on the rights of an image Playing online audio without permission Natural disaster: fire, physical attacks (911), … …
More Security-Related Terms System security User authentication, access control Database security OS security, infrastructure Software security: browser, malicious software, virus Network security Networking protocol, applications E-commerce, … Information security Spam, phishing, … Multimedia security: watermarking, information hiding, digital rights management (DRM), …
Outline & Schedule Plan of the textbook: Background (Ch. 1-2) Cryptography Symmetric Ciphers (Ch. 3-8) Asymmetric Ciphers (Ch. 9-10) Cryptographic Data Integrity Algorithms (Ch. 11-13) Mutual Trust (Ch. 14-15) Network and Internet Security (Ch. 16-20) System Security (Ch. 21-23) Legal and Ethical Issues (Ch. 24)
Table of Contents 1. Computer and Network Security Concepts 2. Introduction to Number Theory 3. Classical Encryption Techniques 4. Block Ciphers and the Data Encryption Standard 5. Finite Fields 6. Advanced Encryption Standard
7. Block Cipher Operation 8. Random Bit Generation and Stream Ciphers 9. Public-Key Cryptography and RSA 10. Other Public-Key Cryptosystems 11. Cryptographic Hash Functions 12. Message Authentication Codes 13. Digital Signatures
14. Key Management and Distribution 15. User Authentication 16. Network Access Control and Cloud Security 17. Transport-Level Security 18. Wireless Network Security 19. Electronic Mail Security 20. IP Security
21. Malicious Software 22. Intruders 23. Firewalls 24. Legal and Ethical Aspects
Outline & Schedule (Cont’) (Tentative) Schedule Background: 1-2 wks Cryptography: 6-7 wks Network security applications: 3-4 wks TCP/IP Web, SSH, E-mail, IP security Experience sharing: 1-2 wks System security: 1-2 wks Password, virus, intrusion detection, firewall Term project presentation: 3-4 wks
Due to the time limits, we will try to cover most of the major topics without going into too much detail E.g.: Mathematical parts such as number theory and finite fields (Ch.2 & Ch.5) Theoretical parts in cryptography Details of information security standards, protocols, RFCs A broad overview, and then focus on selected topics in depth
Additional Resources Review on computer networking and TCP/IP protocols More slides on network and information security Useful tools for network and system security Online resources by Stallings and at Pearson Useful Websites and documents Online chapters (Ch.21-24) Appendix.C-Y & Glossary Review questions, problems, and programming problems (at the end of each chapter)
More on Term Project System development using security libraries Implementation of security algorithms (AES, RSA, …) Implementation of a client-server application (e.g. secured communication tool, file exchange, transactions, …) Topical surveys in information security-related topics, e.g.: Demonstration on how to use a security tool to defend against recent attacks Analysis of potential security weakness in systems, and possible solutions or countermeasures Focused survey on the latest technical developments in information security Specific issues in mobile security, cloud security & privacy, big data security, … Focus on the quality and technical depth of your presentation
More on Term Project Proposal: required after midterm (Due: Nov. 16, 2017) One-page description of your planning for term project, and responsibilities of your team members More details to be announced before midterm Presentation: required for each team The ONLY time slots in the last four weeks of this semester: Dec. 18, 21, 25, 28, Jan. 1, 4, 8, 11. Final report: (Due: Jan. 12, 2018) Presentation files, source codes and executable files, documentation
Thanks for Your Attention!