Spring 2006
CS4803-CNS- Computer and Network Security

Time: Tu,Th: 3:05 pm - 4:25 pm.
Place: College of Computing (CoC) 101.
Instructor: Alexandra (Sasha) Boldyreva
Email: aboldyre@cc.gate.... Please include "4803" in the subject.
Office hours: Tu 4:30-5:30,W 2-3pm, in CoC 254.
TA: TBA
TA's office hour: TBA

Announcements.
There will be no class on February 2nd.
(More announcements to appear here during the course.)

Course description. This is a 3-credit undergraduate-level introduction to information security course. We will study the common threats and attacks and the fundumental concepts and techniques used to ensure secure computing and communication. We will focus on several important sub-areas of the broad area of security such as

• cryptography (protocols for ensuring data privacy, authenticity and integrity, such as symmetric and public-key encryption schemes, message authentication codes and digital signatures; and methods to analyze their security),
• computer and system security (security policies, access control, viruses, etc.),
• network security (IP and Web transactions security, etc).

In addition to studying the general concepts we will learn how the main cryptographic schemes (e.g. AES in CBC mode, RSA-OAEP, ElGamal, etc.) and network security protocols (e.g. Kerberos, IPSec, SSL) work. We will gain some practical experience in attacking and defending various security goals.

Textbooks and other materials. There are two textbooks essential for the course.

1. (required) "Security in Computing" by Charles P. Pfleeger and Shari Lawrence Pfleeger, Prentice Hall, 3rd edition, ISBN# 0-13-035548-8.
2. (highly recommended) "Network Security - Private Communication in a Public World" by Charlie Kaufman, Radia Perlman and Mike Speciner, Prentice Hall, 2nd edition, ISBN#: 0-13-046019-2.

There is no good textbook on cryptography for this course, but there are very good lecture notes by M. Bellare and P. Rogaway available online (the links will be provided below).

Below I will also post the slides that I will use in the lectures and the papers we will discuss.

Prerequisits. Discrete mathematics, Operating Systems, Computer Networks. C/C++ and/or Java.

Requirements. Homeworks including paper-and-pencil questions and programming assignments (35%), Exam I (20%), Exam II (20%), final project (25%).

Rules. Georgia Tech and College of Computing academic Honor Code applies. Homeworks are announced in class and are posted on the class web page. Each homework will specify whether you should work on it individually or in pairs (meaning you can work on some homeworks with at most one other person), but in any case you have to write and turn in your own pen-and-pencil solutions and indicate the name of your collaborator, if any. For the programming assignments you can turn in the same code, but you have to write your own comments. You can consult external sources while doing the homeworks and the project, as long as you properly reference the sources. But you cannot copy neither other source codes nor solutions, you have to write your own. Homework solutions should be turned in in class, before the lecture starts, on a due day (TBA). Programming assignments to be submitted by the same time. If you are unable to attend a lecture when a homework is due, you can email the TA a postscript or a PDF file with your written solutions before the time of the class. No late homeworks will be accepted. You can (and it is recommended) to work on the final project in pairs (with at most one other person). Even though I may provide some ideas, ou will have to find a topic for your project yourself and confirm it with me. You are advised to start thinking about you project early.

Syllabus (to be updated during the course)

Acknowlegements. Some of the slides (mostly for the computer and network security sections) are based on the slides created by Jonathan Katz from the University of Maryland.