CIS/TCOM 551Computer and Network SecuritySlide Set 1

Carl A. GunterSpring 2004

Contact Information

Course web page: http://www.cis.upenn.edu/~cis551

Gunter Office: 509 Levine Telephone: 215-898-9506 Office hour: 2 to 3 on Mondays Email: gunter@cis.upenn.edu

Michael May Email: mjmay@saul.cis.upenn.edu Web: http://www.seas.upenn.edu/~mjmay

Pre-Requisites

TCOM 500 (or 512) is a pre-requisite for enrollment in CIS/TCOM 551

CIS 500 is recommended Programming

Some programming background is expected.

Distributed programming is desirable but we will teach it if you need to learn.

Course Scope

Design Analysis Programming

AvailabilityIntegrityConfidentiality

Questions (Technical)

How does the security for these things work? The ATM for my bank The card reader on door of Levine The fob for opening the doors on my

minivan My PennKey The card purchase I made over the web My active badge The wireless network in SEAS My Starbucks card and my DC subway

pass

Questions (Policy and Industry)

How can we identify ourselves on the Internet?

How can I Control the privacy of my data? Properly use private data for commercial gain? Properly use private data for enterprise

management or research? Will legislation help us with spam or DoS? How can we secure computers attached to

the Internet?

Organization of Lectures

Security threats, requirements, and models

Cryptology Protocols Internet and web architectures and

security standards Enterprise perimeters (firewalls and VPNs) Electronic commerce (SSL and web

services) Security topics

Smart cards and biometrics Security for ubiquitous computing and

wireless networks Topics as time allows

As Time Allows

Denial of Service (DoS) Viruses Access control systems Spam Legislative and international issues

for cybersecurity Intrusion detection Privacy (technical and otherwise) RFID tags

Possible References

Secure Electronic Commerce. Warwick Ford and Michael S. Baum. Prentice Hall 1996.

Network Security Essentials: Applications and Standards. William Stallings. Prentice Hall 2000.

Firewalls and Internet Security: Repelling the Wily Hacker, WR Cheswick and SM Bellovin, Addison-Wesley, 1994.

Security in Computing, CP Pfleeger and SL Pfleeger, 3rd Edition, 2002.

Handbooks

Handbook of Applied Cryptography. Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. CRC 1997.

Applied Cryptography, Second Edition, Bruce Schneier, 1996.

History of Cryptology

The Codebreakers; The Comprehensive History of Secret Communication from Ancient Times to the Internet. David Kahn. Scribner 1996.

The Code Book : The Science of Secrecy from Ancient Egypt to Quantum Cryptography. Simon Singh. Anchor Books 2000.

Reading for Fun and Profit

Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. Clifford Stoll. Pocket Books 2000.

Crypto : How the Code Rebels Beat the Government -- Saving Privacy in the Digital Age. Steven Levy. Viking Press 2001.

Cryptonomicon. Neal Stephenson. Harperperennial Library 2000.

Secrets and Lies, Bruce Schneier, 2000.

Exams and Projects

Exams First midterm: Feb 10 (drop date is Feb

13) 60 min 15% Second midterm: March 25: 60 min,

15% Final exam: Somewhere between April

29 and May 7, 120 minutes, 30% Projects

3 or 4 term projects, 25% Final project, due May 7, 15%