COMP 524 – Security – Summer 2017

Course Syllabus

  • Course URL: http://soltys.cs.csuci.edu/blog/?page_id=2054
  • Lectures: Mondays, 6-9pm, in DEL NORTE 1530. First lecture on Monday June 5th; last lecture on Monday August 7.
  • CI Calendar Information
  • Instructor: Michael Soltys <michael.soltys@csuci.edu>
  • Twitter: @MichaelMSoltys
  • Reading material and lecture notes: password to be given first day of class.
  • Course Outline: This course is an introduction to Cybersecurity. The course will start with an overview of security. The material will be wide in scope: from Defensive Programming in Software Engineering, to Best Practices (e.g., password discipline, social media privacy issues) and defenses against Phishing and Ransomware, to security issues in Networking (such as SSL), and Cryptographic Protocols. We are going to read a number of current articles in the field of security, and we are going to examine standard tools such as Wireshark, tcpdump, GPGTools, OpenSSL, and others. Upon completion of the course, you will be able to:
    1. Describe modern security protocols
    2. Design security protocols
    3. Assess vulnerabilities of a computer system and corresponding threats
    4. Explain impediments to security
    5. Assess the comparative strengths of cryptographic systems
    6. Synthesize and articulate ideas clearly and convincingly in oral and written form
  • Textbook: No textbook; the course will be taught using current articles and the notes of the instructor.
  • Grading: Three assignments worth 10% each, and two presentations worth 15% each. A final exam worth 40%. The assignments have to be completed in groups of at least two, and no more than three. It would be best if you formed a group at the beginning of the course, and worked on all the assignments with the same group. There is tremendous value in working on problems with your group; it amplifies the learning experience, and teaches teamwork. The final exam will be written individually.
  • How to avoid plagiarism: As mentioned above, the assignments will be written in groups. Each group has to work independently of the other groups; verbal discussions of problems among groups are allowed, but you should not show written notes, and you should not leave such discussions with written notes. Each group will submit a single assignment. Once a group is formed, it is expected to remain working together throughout the term; difference in a group are normal, and it is part of the learning experience for the members to resolve them.
  • Attendance: Students are encouraged but not required to attend the lectures. The assignments will be posted online. The final exam will be written in class. Each student will be required to present in class three times; each presentation will take about 20min. Briefing your colleagues on technical issues is a fundamental skill for Computer Science professionals, and so the presentation will be taken very seriously.
  • Students with disabilities: Cal State Channel Islands is committed to equal educational opportunities for qualified students with disabilities in compliance with Section 504 of the Federal Rehabilitation Act of 1973 and the Americans with Disabilities Act (ADA) of 1990. The mission of Disability Accommodation Services is to assist students with disabilities to realize their academic and personal potential. Students with physical, learning, or other disabilities are encouraged to contact the Disability Accommodation Services office at (805) 437-8510 for personal assistance and accommodations. Please discuss your arrangements with the instructor as soon as possible.
  • Check this web page regularly for announcements.

Announcements

  • July 6: Assignment 3: Given the interest in the final assignment, and the work that has to be done to make Prototype 1.0 work, let’s make Assignment 3 about this project as well. For Assignment 3, every group will submit a write up of their contribution to the Final Assignment. In particular, we want:
    – A list of contributions
    – Background and literature review
    – Technical Information
    – Lessons learned
    5 pages per group, to be submitted in PDF on July 31.
  • July 6: The solution to Assignment 2 is of course a variant of the command hashcat -m 1500 hash.txt wordlist where the wordlist can be downloaded from the web, and 1500 is the code for crypt.
  • June 26: Final Assignment.
  • June 20: Assignment 2, due July3, 2017: break the password for the Apache Web Service .htaccess. Here are the contents of the .htpasswd file:
    login:Hllb55pZ5/GfA
    which has been obtained with the command htpasswd -nbd login <password> where of course the password is for you to find. Note that this hash could also be obtained with a Perl script perl -e 'print crypt("<password>","Hl")'. Note that the "Hl" is the salt, which is randomly generated each time the htpasswd command is run.
  • June 6: Blackboard page for the course has been opened, with Assignment 1 available for submission. Please “self-enroll” in your group.
  • June 5: On July 31, Neal Fisch will talk about Phishing Attacks.
  • June 5: Assignment 1, due June 19, 2017: decrypt the following four documents. To submit the assignment, write a two page PDF report, which explains, with code snippets, how you managed to decrypt the documents, and what the documents were.
    1. assignment-1-a.txt: Caesar cipher Base64 encoded text (40%)
    2. assignment-1-b.txt: MAC cipher Base64 encoded text (30%)
    3. assignment-1-c.txt: Caesar cipher Base64 encoded jpeg (20%)
    4. assignment-1-d.txt: MAC cipher Base64 encoded jpeg (10%)
  • May 4: Part of the course requirements is to give 2 presentation on chosen security topics; each student should pick 2 time slots (including date and time) using this Doodle poll:
    https://doodle.com/poll/vk4veiicyyeepi6q
  • March 27: Current Events reading related to the course will be posted under the tag COMP524Summer2017
  • March 27: First class on June 5th, at 6pm.
Share