handout1

CMU 15-827 Security and Cryptography Fall 1999

Course Information

Wing Handout 1 13 September 1999

Administrative Staff

Professor Jeannette Wing, x8-3068, WeH 8219, wing@cs.cmu.edu

Terese Fiedler (secretary), x8-2568, WeH 8120, terese@cs.cmu.edu

Terese will keep extra copies of handouts.

Schedule

Date Lecture Topic Homework, Project

9/13 1 Cryptography: introduction, symmetric-key cryptography HW 1 out

9/17 (F) 2 Public-key cryptography, digital signatures, applications of PKC

9/20 No Class

9/27 3 Authentication: introduction, protocols, design principles HW 2 out, HW 1 due

10/4 4 Logics and models for reasoning about authentication

10/11 No Class (mid-semester break), hand in homework to my office HW 3 out, HW 2 due

10/15 (F) 5 Electronic commerce: introduction, protocols

10/18 6 Electronic voting, electronic auctions Project proposal due

10/25 No Class, hand in homework to my office HW 3 due

11/1 7 Hardware

11/8 8 Network and system technologies: SSL, SET, Mobile IPv6, HW 4 out

firewalls, intrusion detection. Guest lecturer: Shawn Butler

11/15 9 Programming language technologies: sandboxing, SFI, PCC, Java

11/22 10 Usability issues, key management. Guest lecturer: Alma Whitten Project written reports due

11/29 11 Project orals and demos HW 4 due

TBA Final Exam

The class meets 1:00-3:00 p.m. on Mondays in WeH 5409. There are few irregularities in the schedule:

There is a class on Friday, September 17, 1:00-3:00, in WeH4615a.
There is no class on Monday, September 20.
There is a class on Friday, October 15, 1:00-3:00 in WeH4615a.
There is no class Monday, October 25.

Textbooks

The required textbook for the course is

Handbook of Applied Cryptography, Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, CRC Press, Boca Raton, FL, 1997.

Other textbooks which you may find useful for background or supplementary information are

Applied Cryptography, 2^nd Edition, Bruce Schneier, John Wiley, New York, 1996.

Cryptography: Theory and Practice, Douglas R. Stinson, CRC Press, Boca Raton, FL, 1995.

Cryptography and Data Security, Dorothy Denning, Addison-Wesley, Reading, MA, 1982.

Network Security, Charlie Kaufman, Radia Perlman, and Mike Speciner, Prentice-Hall, Upper Saddle River, NJ, 1995.

Course Communication

URL http://www.cs.cmu.edu/afs/cs/academic/class/15827-f99/www/index.html

E-mail cs-827@cs.cmu.edu (reaches all students, Terese Fiedler, and me)

Bboard cmu.cs.class.cs827

Please feel free to send me e-mail, call me, or stop by my office at any time. I welcome questions, comments, and criticism of all kinds.

Grading

Students taking this class for credit are responsible for attending and participating in class (10%), doing all four ungraded homeworks (10%), doing a term project (40%) that has written, oral, and (possible) demonstration components, and taking the final exam (40%).

Students auditing this class are responsible for attending and participating in class and doing the ungraded homeworks. They do not have to do the project or take the final.

Attendance is mandatory for all, especially since we meet only once a week. You must make up any missed classes by doing some additional work; please see me if such a situation arises.

Homeworks

I will hand out four homeworks and you will have two or three weeks to do each. Answering some questions will require your doing some reading and research on your own; it may also require your filling in or refreshening prerequisite material you may have forgotten or never learned. Since this is a graduate course, I expect you to use hours outside of class to study and learn on your own.

I will record that you have handed something in, but for lack of a TA, homeworks will not be graded! Thus, I recommend working on them on your own and then discussing your solutions with others in the class. Questions asked on the final exam may be similar to those on the homeworks.

Project

You may choose to work on the term project by yourself or in a group. My preference is that you work in groups of at least two and no more than four. (I can also imagine two groups teaming up to create a larger demonstration system—that would be fine too but I leave all coordination and organization to you.) The larger the group the more ambitious the project I expect. The project grade will depend on the nature of the project, how well it is done, and how large your group is. Here are some examples of the kinds of projects you may choose to do:

Design and build an electronic storefront that sells some service or product of your choosing. Demonstrate its use with "real" customers and merchants.
Design and build a secure electronic voting system for an election scheme and organization of your choosing. Demonstrate its use by holding a "real" election.
Learn how to use a generic formal reasoning tool like PVS or a specific one like the NRL Protocol Analyzer and demonstrate its use by applying it to two or more protocols we studied in class (but not one on which the tool has been applied already).
Comb the literature for an advanced set of research papers on a topic we covered in class (like elliptic curve cryptography, differential cryptanalysis, key escrow, some aspect of digital watermarking, or trust management) but did not go into great depth. Write a critique or survey paper based on the work reported in the papers.
Identify a previously unknown security bug in a protocol published in the literature or proposed by a standards committee. Prove that it is a bug and explain what needs to be done to correct it. Prove that your fix is correct.

Projects from last year’s class were on executable cash, electronic proxy voting, a stock market game, steganography, cryptanalysis, smartcards, and secure digital paging.

You or your group should feel free to come up with your own ideas for a project. You (or your group) must submit a project proposal that gets my final approval. The project has two, possibly three, components: written, oral, and demonstration. You should aim to have your written document meet the standards of a workshop or conference submission. I plan to bundle all documents into a technical report for the course. Only well-written documents will be included in this technical report. The oral component will be short. The last day of class will be devoted to short oral presentations. If your project has a demonstration component (e.g., running a secure election or explaining the application of a tool), you should plan to include it in your oral presentation or arrange to give me a demo during the last week of classes. In anticipation of needing more class time, I have reserved a classroom for 12:00-3:30 for our last day of class. (If there are more projects than can be presented in 3.5 hours, then I will schedule additional time during the last week of the term.)

Here are dates relevant to the project:

October 18 Project proposals due.

October 22 Project proposal feedback, with possible iteration.

October 25 Final project proposal approval.

November 22 Project write up due.

November 29 Oral and demo (if applicable) of project in class.

You may choose to do your project proposal and get final approval from me much October 18—as early as you wish—in case you want to get a head start on your project and not leave it for the end of the term.