• Take-home final exam questions will be placed HERE at 11:30 AM on Monday, March 14.
• The final is due at 11:30 PM, Wednesday, March 16 via TEACH. (Do not email it to me!)

Announcements

• Schedule and Classroom: Monday and Wednesday, 2:00-3:50 PM, Owen Hall 102.
• In order to view or print the PDF files, you need Adobe Acrobat Reader. Make sure that you install the most recent version of Acrobat Reader in your computer, otherwise, you may not be able to view or print the documents found on this site.
• Parts of the course material in ECE 575 Data Security and Cryptography are relevant to ECE 478/578. However, ECE 575 is not required.
• Why should you care about this class? Read this article. (Published in IEEE Computer.)
• My office hours: Thursday 3:00-5:00 PM. My office: Owen 304.
• Our TAs are Onur Aciicmez and Angela (Wen-Chun) Yang. Onur's office hours are Friday 3:00-5:00 PM. Angela's office hours are Thursday 3:30-5:00 PM. The TA offices are in the ECE Library (Owen Hall 300 area, near my office).
• Take Action
• In-class midterm will be held on Monday, February 7. Open book and notes. No sharing and communication.
• Project abstract and title are due Wednesday, February 16.
• Project report and/or presentation are due Monday, March 7.
• Selected projects will be presented on Wednesday, March 9.
• Homework solutions are here. Access requires login name and password. Please obtain them from Dr. Koç or the TAs in person. Email requests will be ignored.
• The midterm (HW4) is posted here. Requires the same login name and password as the homework solutions webpage. Homework #4 is due 11:30PM Friday, February 18.
• Alice and Bob: Security's inseparable couple. (Thanks to Matthew Turkington)
• Accepted abstracts for projects are here.
• NIST SHA information   Phasing out SHA-1   SHA-1 is broken   THE SHORT PAPER.
• Feb 17: Midterm grades are posted!
• If your project abstract is not here, send me an email or see me.
• Final review questions will be covered on Wednesday, March 2.
• Selected Projects for Class Presentation on March 9, Wednesday 2-3:50PM
  Rose: X-Sig
  Kalina: WEP, WPA, and EAP
  Yared & Hankins: Security Keys in Vehicles
  Yee: Bluetooth Vulnerabilities
  Luong: Hackers
  Harvey & Jones: Physical Security

Grades

• TBA

Project

• Project Requirements
• The title and abstract are due Wednesday February 16.
• The report and/or presentation are due Monday, March 7.
• Selected projects will be presented on Wednesday, March 9.
• Read the Project Requirements for details!

Projects for Winter 2005

• Winter 2005: Abstracts and Reports & Presentations

  Projects from Past Terms

  • Spring 2004: Abstracts and Reports & Presentations
  • Spring 2003: Abstracts and Reports & Presentations
  • Spring 2002: Abstracts and Reports & Presentations
  • Spring 2000: Abstracts and Reports & Presentations

  ---

  Homework Assignments

  • Homework #1 - Due 11:30 PM, Friday January 21
    Section 2.7 (Pages 57-58): Problems 3, 5, 6.
    Section 3.7 (Pages 92-94): Problems 2, 3, 5, 8, 12.
    

  • Homework #2 - Due 11:30 PM, Friday January 28
    Section 4.5 (Pages 114-115): Problems 1, 3, 4, 5, 6.
    Section 5.8 (Pages 143-146): Problems 2, 3, 4, 9, 12.
    

  • Homework #3 - Due 11:30 PM, Friday February 4
    Section 6.9 (Pages 182-183): Problems 1, 2, 3, 4, 6, 8, 9.
    

  • Homework #4 - Due 11:30 PM, Friday February 18
    Solve and submit all 16 midterm problems.
    The midterm is posted here. Requires the same login name and password as the homework solutions webpage.
  • Homework #5 - Due 11:30 PM, Friday March 4
    Download and install PGP in your personal computer, create public and private keys for yourself, upload your public key to a server, obtain the public key of another person and send him/her a confidential and signed message, and receive one, and decrypt and verify your received message. Finally: Document these actions by copying and pasting the messages, commands, public keys, etc. Here is the MIT PGP Distribution Center Website: http://web.mit.edu/network/pgp.html
    Section 9.10 (Page 236): Problem 3.
    Section 11.9 (Pages 288-290): Problems 3, 5, 6, 10.
    

  All homework assignments are submitted using The Engineering Accounts and Classes Homepage. A homework is to be submitted by 11:30 PM in its due day. Make sure that you write your name and student number inside the file. Login to the TEACH using your ENGR login and password in order to submit your homework.

  ---

  Course Plan

  1. Week: Introduction and Basic Concepts
     Chapter 1
     Security 101
     Terminology notes: 01 and 02
  2. Week: Introduction to Cryptography
     Chapter 2
  3. Week: Secret Key Cryptographic Algorithms
     Chapter 3 (DES, IDEA, AES, RC4)
     Chapter 4 (Modes of Operation)
     FIPS 46-3 and FIPS 197
  4. Week: Hashes and Message Digest
     Chapter 5 (MD5, SHA-1, SHA-256, SHA-384, SHA-512, HMAC)
     FIPS 180-2
  5. Week: Public Key Algorithms
     Chapters 6 and 7
  6. Week: Authentication
     Chapter 9
  7. Week: Authentication
     Chapter 10
  8. Week: Authentication
     Chapters 11, 12
  9. Week: Security Practice
     
  10. Week: Security Practice
      

  ---

  Objectives

  In this course, we study the theoretical and practical aspects of network security. We start with a threat model, and describe vulnerabilities of computer networks to attacks by adversaries and hackers using a variety of techniques. We then study methods and techniques to circumvent or defend against these attacks and to minimize their damage. In this context, we study cryptographic techniques and protocols, network security protocols, digital signatures and authentication protocols, network security practice, and wireless network security.

  Catalog Description

  Security attacks, mechanisms, and services. Network security and access security models. Overview of secret-key and public-key cryptography. Authentication protocols and key management. Network security practice. Email security. IP security and web security. Intrusion detection and prevention systems. Firewalls and virtual private networks. Wireless network security.

  Topics

• Introduction: Security attacks to information systems. Threat model. Security services. Mechanisms for providing confidentiality, authentication, integrity, nonrepudiation, and access control. Cryptography in data and communication security.
• Secret-Key and Public-Key Cryptography: Cryptosystems and cryptanalysis. Block ciphers and stream ciphers. DES, AES, and RC4. Modes of operation. Confidentiality using encryption. Key distribution. Random number generation. Hashes and message digests. One-way functions. Trapdoor one-way functions. Public-key cryptosystems. RSA, Diffie-Hellman, ElGamal, and elliptic curve cryptosystems.
• Authentication: Overview of authentication systems. Authentication of people. Security handshake pitfalls. Strong password protocols. Digital signatures. One-way and mutual authentication protocols.
• Network Security Standards and Practice: Kerberos V4 and V5. PKI (Public Key Infrastructure). Real-time communication security. IPsec: AH, ESP, IKE. SSL/TLS. Electronic mail security. PEM, S/MIME, and PGP (Pretty Good Privacy). Firewalls, VPN, Web security.
• Wireless Network Security: Wireless networking protocols and security issues. 802.11 protocols, attacks, and countermeasures

The Book

More Information about the Book

• Errata
• Prentice Hall Webpage for the Book

Grading Plan

• 5 HW Assignments: 40 %   (8 % each)
• Midterm: 30 %
• Take-Home Final or Project: 30 %
• HW Assignments, Midterm, and Final grading are not curved
• Project grading is curved

Prerequisites

Dr. Çetin Kaya Koç

• http://islab.oregonstate.edu/koc
• E-Mail: koc@ece.orst.edu
• Tel: (541) 737 4853
• Office: Owen Hall 304