Information System Security

Summer Term 2006 - 3 Credits
Arab Academy for Banking and Financial Sciences (AABFS)

http://www.just.edu.jo/~tawalbeh/aabfs/iss.html


Announcements

  • Schedule and Classroom:  Sat: 3:15-6:15 PM, Tue 4:00-5:40 PM. Class Room: Lab 9.
  • In order to view or print the PDF files, you need Adobe Acrobat Reader. Make sure that you install the most recent version of Acrobat Reader in your computer, otherwise, you may not be able to view or print the documents found on this site.
  • Project Details will be posted on the web
  • Why should you care about this class? Read this article. (Published in IEEE Computer.)
  • My office hours: Mon, Wed 10:15-11:15 AM, or by appointment. My office: E1 Level 3
  • Alice and Bob: Security's inseparable couple.

  • Overview and Chapter 1 slides are now posted.
  • Link to Cryptography Books-- Handbook for Applied Cryptography
  • HW 2 is now posted.
  • Sample Midterm Exam.
  • The Final Exam material includes what was in the Midterm, in addition to:
    • Message Authentication and Hash Functions, Authentication Functions and Digital Signatures. See week 6 presentation please.
    • IPSec, Sections 16.1, 16.2. See the presentation at week 7.
    • Denial of Service. See week 9 presentation please.
    • Water Marking. See week 9 presentation please.
  • IMPORTANT: Please print and fill the Evaluation form  and bring it with you to the final exam. Don't write your name. Thanks.
  • The deadline for submitting the term paper is Monday 4/9/2006 at 6:00 PM

 


Grades

  • Grades will be posted here.

Project

  • You are supposed to choose a topic related to information security in general. After collecting and reading enough references, you are asked to prepare a presentation and a term paper for your project. You are required to present your work in front of the class.

 Exams

  • Midterm Exam: Sat 12/8/2006 from 3:30-4:30 PM, in the class room
  • Final Exam: Sat 2/9/2006 from 4:00-6:00 PM, in the class room

Homework Assignments

  • HW1 - DUE  Sat 22/7/2005 by 11:30 PM : Search the web and find 6 major computer and/or network security companies and identify a product from each company. Provide the following:

        1. URL of the company website,

         2. URL of the product website, 

        3. A brief description of the product (one paragraph in your own words).  

  • HW2 - DUE Sat  29/7/2006 by 11:30 PM : Please solve the following problems from Chapter 2:
    • Review Problems: 2.1, 2.2, 2.5, 2.13, 2.14
    • Problems: 2.1, 2.5, 2.7

All homework assignments are submitted by email to : tawalbeh@just.edu.jo Please name your file as your last name followed by homework number, for example, tawalbeh-hw1.pdf.
Also make sure that your name is printed within the homework file. Late HWs are not accepted


Course Plan

Week 1: Overview and Basic Concepts: Introduction

Week 2 : Introduction to Security Chapter 1,  Classical Encryption Techniques Chapter 2

Week 3 : Block Ciphers and The Data Encryption Standard Chapter 3,

Week 4: Confidentiality Using Symmetric Encryption Chapter 7,  Public-key Cryptography and RSA.Chapter 9,

Week 5: Key Management and Other Public-key Techniques Chapter 10

Week 6: Message Authentication and Hash Functions, Authentication Functions and Digital Signatures, Chapter 11, 12, 13

Week 7: Kerberos Authentication Protocol Chapter 14 , Electronic Mail Security Chapter 15, IP Security Chapter 16

Week 8: Web Security-Secure Socket Layer Chapter 17, Intruders-Password Management Chapter 18,                Firewalls Chapter 20

Week 9: Extra Material: Mobile Code Security,   Chinese Wall Model,   Denial of Service-DoS,   Water Marking ,   Computer Forensics


Objectives

In this course, we study the theoretical and practical aspects of network security. We start with a threat model, and describe vulnerabilities of computer networks to attacks by adversaries and hackers using a variety of techniques. We then study methods and techniques to circumvent or defend against these attacks and to minimize their damage. In this context, we study cryptographic techniques and protocols, network security protocols, digital signatures and authentication protocols, network security practice, and wireless network security.

Catalog Description

Security attacks, mechanisms, and services. Network security and access security models. Overview of secret-key and public-key cryptography. Authentication protocols and key management. Network security practice. Email security. IP security and web security. Intrusion detection and prevention systems. Firewalls and virtual private networks. Wireless network security.

Topics

  • Introduction: Security attacks to information systems. Threat model. Security services. Mechanisms for providing confidentiality, authentication, integrity, nonrepudiation, and access control. Cryptography in data and communication security.
  • Secret-Key and Public-Key Cryptography: Cryptosystems and cryptanalysis. Block ciphers and stream ciphers. DES, AES, and RC4. Modes of operation. Confidentiality using encryption. Key distribution. Random number generation. Hashes and message digests. One-way functions. Trapdoor one-way functions. Public-key cryptosystems. RSA, Diffie-Hellman, ElGamal, and elliptic curve cryptosystems.
  • Authentication: Overview of authentication systems. Authentication of people. Security handshake pitfalls. Strong password protocols. Digital signatures. One-way and mutual authentication protocols.
  • Network Security Standards and Practice: Kerberos V4 and V5. PKI (Public Key Infrastructure). Real-time communication security. IPsec:  SSL/TLS. Electronic mail security. S/MIME, and PGP (Pretty Good Privacy). Firewalls,  Web security.

The Book

W. Stallings. Cryptography & Network Security, Fourth Edition, Prentice Hall, 2005.

More Information about the Book

Grading Plan

  • Assignments and Presentation: 20 %  
  • Term Paper: 20 %
  • Midterm: 20 %
  • Final: 40 %

Prerequisites

This class is open to undergraduate students in the last year.

Dr. Lo'ai A. Tawalbeh


                                                                         29 Aug 2006