Introduction to Information Security J. H. Wang Sep. 15, 2014

Instructor –Jenq-Haur Wang ( 王正豪 ) –Associate Professor, CSIE, NTUT –Office: R1534, Technology Building – –Homepage: –Tel: ext. 4238

Course Overview Course: Information Security Time: 9:10-12:00am on Mondays Classroom: R627, 6th Teaching Building Prerequisite: Discrete Mathematics, Computer Networks Course webpage: –The latest announcement and schedule updates TA: (TBD)

Target Students For those who –Major in Computer Science or Information Technology, and –Are familiar with basic computer networks and discrete mathematics, and –Are preparing to investigate more details in selected topics and recent developments in system, networks, and information security

Resources Textbook: Network Security Essentials: Applications and Standards, 5th ed., by William Stallings, Pearson Education, Inc., (imported by Kai-Fa Publishing) – –(International Edition is available now, but earlier versions are also acceptable) –Online chapters and appendices available References: – Cryptography and Network Security: Principles and Practice, Sixth Edition, by William Stallings, Prentice-Hall, 2013 (from which our textbook is adapted) –Slides, documents, and tools

Teaching Lectures Homework assignments –Homework should be turned in within two weeks Mid-term exam and quiz Term project: programming exercises or topical surveys –How do intruders attack our systems –What kinds of security tools are available –How do we protect against attacks

Grading Policy (Tentative) grading policy –Homework assignments: ~30% –Midterm exam and quiz: ~35% –Term projects: ~35% Programming exercises or topical surveys

Course Description Introduction to basic concepts in information security and their applications –Cryptography Encryption, hash function, digital signature –Network security applications HTTPS, wireless security, security, IP security –System security Intrusion, virus, firewall

What is Information Security? Example scenarios –Receiving unsolicited messages, spam, phishing, advertisements, … –Computer system hijacked: popups, hanged, … –Communication gets wiretapped or eavesdropped… –Fake online transaction –Your friend denied receipt of your message –Disputes on the rights of an image –Playing online audio without permission –Natural disaster: fire, physical attacks (911), … –…

More Security-Related Terms System security –User authentication, access control –Database security –OS security, infrastructure –Software security: browser, malicious software, virus Network security –Networking protocol, applications –E-commerce, … Information security –Spam, phishing, … –Multimedia security: watermarking, information hiding, digital rights management (DRM), …

Outline & Schedule Outline –Introduction (Ch. 1) –Cryptography (Ch. 2-3) Symmetric encryption and message confidentiality Public-key cryptography and message authentication –Network security applications (Ch. 4-9) [Ch.4-8 in 4 th ed.] Key distribution and user authentication Network access control and cloud security [new in 5 th ed.] Transport-level security Wireless network security Electronic mail security IP security –System security (Ch ) [Ch.9-11 in 4 th ed.] Intruders Malicious software Firewalls

Outline & Schedule (Cont’) –Online chapters (Ch.13-15) [Ch in 4 th ed.] Network management security Legal and ethical aspects SHA-3 [new in 5 th ed.] –Appendices Some aspects of number theory Projects for teaching network security –Online appendices Standards and organizations TCP/IP and OSI Pseudorandom number generation Kerberos encryption techniques Data compression using ZIP PGP random number generation The base-rate fallacy [new in 5 th ed.] Radix-64 conversion [new in 5 th ed.]

Outline & Schedule (Cont’) (Tentative) Schedule –Introduction: 1-2 wks –Cryptography: 3-4 wks –Network security applications: 7-8 wks TCP/IP Web, SSH, , IP security –System security: 1-2 wks Password, virus, intrusion detection, firewall Due to the time limits, we will try to cover most of the major topics above without going into too much detail –E.g.: mathematical parts such as number theory (Appendix A) –A broad overview, and then focus on selected topics in depth

Additional Resources Review on computer networking and TCP/IP protocols More slides on network and information security Useful tools for network and system security Web resources and recommended reading (at the end of each chapter)

More on Term Project Programming exercises using security libraries –Implementation of security algorithms (AES, RSA, …) –Implementation of a client-server application (e.g. secured communication tool, file exchange, transactions, …) –… Topical surveys in information security-related topics, e.g.: –Demonstration on how to use a security tool to defend against some attacks –Comparison of security standards or algorithms –Potential security weakness in systems, and possible solutions or countermeasures –The latest developments in information security

More on Term Project Proposal: required after midterm (Due: Nov. 24, 2014) –One-page description of what you want to do for the term project, and team members Presentation: required for each team –In the last three (to four) weeks of this semester: (Dec.22, ) Dec. 29, Jan. 5, Jan. 12 Final report: –Presentation files, source codes and executable files

Thanks for Your Attention!