Introduction to Information Security J. H. Wang Sep. 14, 2016

Instructor Instructor Jenq-Haur Wang (王正豪) Associate Professor, CSIE, NTUT Office: R1534, Technology Building E-mail: jhwang@csie.ntut.edu.tw Homepage: http://www.ntut.edu.tw/~jhwang/ Tel: ext. 4238

Course Overview Course: Information Security Time: 9:10-11:00am on Wednesdays, 9:10-10:00am on Thursdays Classroom: R1322, Technology Building Prerequisite: Discrete Mathematics, Computer Networks Course webpage: http://www.ntut.edu.tw/~jhwang/IS/ The latest announcement and schedule updates TA: Mr. Chen (@R1424, Technology Building)

Target Students For those who Major in Computer Science or Information Technology, and Are familiar with basic computer networks and discrete mathematics, and Are preparing to investigate more details in selected topics and recent developments in system, networks, and information security

Resources Textbook: Network Security Essentials: Applications and Standards, 5th ed., by William Stallings, Pearson Education, Inc., 2013. (imported by Kai-Fa Publishing) http://williamstallings.com/NetworkSecurity/ (International Edition is available now, but earlier versions are also acceptable) Online chapters and appendices available References: Cryptography and Network Security: Principles and Practice, Sixth Edition, by William Stallings, Prentice-Hall, 2013 (from which our textbook is adapted) Slides, documents, and tools

Teaching Lectures Experience sharing from the industry About three homework assignments Homework should be turned in within two weeks One mid-term exam and one quiz Term project: programming exercises or topical surveys How do intruders attack our systems What kinds of security tools are available How do we protect against attacks

Grading Policy (Tentative) grading policy Homework assignments: ~30% Midterm exam and quiz: ~35% Term projects: ~35% Programming exercises or topical surveys

Course Description Introduction to basic concepts in information security and their applications Cryptography Encryption, hash function, digital signature Network security applications HTTPS, wireless security, e-mail security, IP security System security Intrusion, virus, firewall

What is Information Security? Example scenarios Receiving unsolicited messages, e-mail spam, phishing, advertisements, … Computer system hijacked: popups, hanged, … Communication gets wiretapped or eavesdropped… Fake online transaction Your friend denied receipt of your message Disputes on the rights of an image Playing online audio without permission Natural disaster: fire, physical attacks (911), … …

More Security-Related Terms System security User authentication, access control Database security OS security, infrastructure Software security: browser, malicious software, virus Network security Networking protocol, applications E-commerce, … Information security Spam, phishing, … Multimedia security: watermarking, information hiding, digital rights management (DRM), …

Outline & Schedule Outline Introduction (Ch. 1) Cryptography (Ch. 2-3) Symmetric encryption and message confidentiality Public-key cryptography and message authentication Network security applications (Ch. 4-9) [Ch.4-8 in 4th ed.] Key distribution and user authentication Network access control and cloud security [new in 5th ed.] Transport-level security Wireless network security Electronic mail security IP security System security (Ch. 10-12) [Ch.9-11 in 4th ed.] Intruders Malicious software Firewalls

Outline & Schedule (Cont’) Online chapters (Ch.13-15) [Ch.12-13 in 4th ed.] Network management security Legal and ethical aspects SHA-3 [new in 5th ed.] Appendices Some aspects of number theory Projects for teaching network security Online appendices Standards and organizations TCP/IP and OSI Pseudorandom number generation Kerberos encryption techniques Data compression using ZIP PGP random number generation The base-rate fallacy [new in 5th ed.] Radix-64 conversion [new in 5th ed.]

Outline & Schedule (Cont’) (Tentative) Schedule Introduction: 1-2 wks Cryptography: 3-4 wks Network security applications: 6-7 wks TCP/IP Web, SSH, E-mail, IP security Experience sharing: 1-2 wks System security: 1-2 wks Password, virus, intrusion detection, firewall Term project presentation: 3-4 wks

Due to the time limits, we will try to cover most of the major topics above without going into too much detail E.g.: Mathematical parts such as number theory (Appendix A) Theoretical parts such as cryptography Details of information security standards, protocols, RFCs A broad overview, and then focus on selected topics in depth

Additional Resources Review on computer networking and TCP/IP protocols More slides on network and information security Useful tools for network and system security Web resources and recommended reading (at the end of each chapter)

More on Term Project Programming exercises using security libraries Implementation of security algorithms (AES, RSA, …) Implementation of a client-server application (e.g. secured communication tool, file exchange, transactions, …) Topical surveys in information security-related topics, e.g.: Demonstration on how to use a security tool to defend against some attacks Comparison of security standards or algorithms Potential security weakness in systems, and possible solutions or countermeasures The latest developments in information security Mobile security, cloud security & privacy, big data security, … Focus on the quality and technical depth of your presentation

More on Term Project Proposal: required after midterm (Due: Nov. 16, 2016) One-page description of what you want to do for the term project, and responsibilities of your team members More details to be announced before midterm Presentation: required for each team In the last three (to four) weeks of this semester: (Dec.21-22, ) Dec. 28-29, Jan. 4-5, Jan. 11-12 Final report: Presentation files, source codes and executable files

Thanks for Your Attention!