COMP 524 – Cybersecurity – Fall 2018

Course Information

  • Course URL (this page):
  • Canvas:
  • Course Syllabus (Updated on September 26, 2018)
  • CI Catalogue URL: link
  • Previous version of this course: Summer 2017
  • Lectures: Wednesdays, 6-9pm, Bell Tower 2424
  • CI Calendar Information (TBD): 
  • Instructor: Michael Soltys <>
  • Twitter: @MichaelMSoltys
  • Reading material and lecture notes: password to be given first day of class.
  • Course Outline: This course is an introduction to Cybersecurity at a graduate level, and while the intention is to keep the material self-contained, sophisticated ideas and tools will be examined. The material will be wide in scope: from Defensive Programming in Software Engineering, to Best Practices (e.g., password discipline, social media privacy issues) and defenses against Phishing and Ransomware, to security issues in Networking (such as SSL), and Cryptographic Protocols. We are going to read a number of current articles in the field of security, and we are going to examine standard tools such as  OpenSSL, GPGTools & OpenPGP, Palo Alto Firewalls, Wireshark, tcpdump, and others. Upon completion of the course, you will be able to:
    1. Describe modern security protocols
    1. Design security protocols
    1. Assess vulnerabilities of a computer system and corresponding threats
    1. Explain impediments to security
    1. Assess the comparative strengths of cryptographic systems
    1. Synthesize and articulate ideas clearly and convincingly in oral and written form
  • Textbook: No textbook; the course will be taught using current articles and the notes of the instructor.
  • Grading: Two assignments worth 20% each, a presentation worth 20%, a midterm worth 20%, and a final exam worth 20%.
  • How to avoid plagiarism: As mentioned above, the assignments will be written in groups. Each group has to work independently of the other groups; verbal discussions of problems among groups are allowed, but you should not show written notes, and you should not leave such discussions with written notes. Each group will submit a single assignment. Once a group is formed, it is expected to remain working together throughout the term; difference in a group are normal, and it is part of the learning experience for the members to resolve them.
  • Attendance: Students are encouraged but not required to attend the lectures. The assignments will be posted online. The final exam will be written in class. Each student will be required to present in class three times; each presentation will take about 20min. Briefing your colleagues on technical issues is a fundamental skill for Computer Science professionals, and so the presentation will be taken very seriously.
  • Students with disabilities: Cal State Channel Islands is committed to equal educational opportunities for qualified students with disabilities in compliance with Section 504 of the Federal Rehabilitation Act of 1973 and the Americans with Disabilities Act (ADA) of 1990. The mission of Disability Accommodation Services is to assist students with disabilities to realize their academic and personal potential. Students with physical, learning, or other disabilities are encouraged to contact the Disability Accommodation Services office at (805) 437-8510 for personal assistance and accommodations. Please discuss your arrangements with the instructor as soon as possible.
  • Check this web page regularly for announcements.

Class diary and assignments

  • October 17, 2018: We discussed the midterm, and covered Authentication, KDCs, CAs, Needham-Schroeder and the Kerberos protocol.
  • October 10, 2018: Talk by Bruce Miller, and the midterm (see reading materials section).
  • October 3, 2018: We covered Public Key Cryptography (slides posted with other reading material). We had quiz 5 to review Cypher Block Chaining, and most importantly, Zane Gittins showed how to break WEP using an old router (still with deprecated WEP), a USB network card in promiscuous mode, and Kali Linux.
  • September 26, 2018: We covered chapter 3, block ciphers and hashes; we had quiz 4, and we spoke rsync and other applications of hashing, as well as hashing itself (one-way and collision-free).
  • September 19, 2018: We finished chapter 2: Apache htpasswd utility, the crypt function, IDEA and AES ciphers (just quick observations) and RC4 and WEP WiFi (broken and deprecated) security. We also did quiz 3.
  • September 12, 2018: From 6 to 7pm we had a presentation on how to do research. Chapter 2: Symmetric ciphers, given in terms of substitutions, permutations and the XOR function. We started presenting the example of the DES function.
  • September 5, 2018: From 6 to 7pm we had a presentation of possible research directions for MSCS students (in Sage 2030). We then moved to our classroom, and we presented Chapter 1: Cryptography. We still have to talk about Assignment 1, so the due date has been postponed to September 19. At the beginning of class we had a short quiz to review the material from the first lecture. We will have such quizzes in order to help you absorb the material.
  • August 29, 2018: Covered chapter 0: an introduction to Cybersecurity, and slides on Basic Best Practices.
  • Assignment 1, due September 19, 2018: decrypt the following four documents. To submit the assignment, write a two page PDF report, which explains, with code snippets, how you managed to decrypt the documents, and what the documents were.
    assignment-1-a.txt: Caesar cipher Base64 encoded text (40%)
    assignment-1-b.txt: MAC cipher Base64 encoded text (30%)
    assignment-1-c.txt: Caesar cipher Base64 encoded jpeg (20%)
    assignment-1-d.txt: MAC cipher Base64 encoded jpeg (10%)
    Solutions to Assignment 1
  • Assignment 2, due November 7, 2018: Problem 6.1 in the lecture notes. You may import the following packages from Python libraries:
    import sys
    from Crypto.Cipher import DES
    from Crypto import Random

    Here is an example output; note that I initialized iv="00000000":

    $ more test.txt 
    Hello, World!
    $ python 12345678 test.txt | xxd -b
    00000000: 11100000 01011001 00110010 11110100 00101101 10100110  .Y2.-.
    00000006: 11111011 01101011 00001000 00100001 10011100 01011100  .k.!.\
    0000000c: 11000111 10110010 11001000 01001010 00001010           ...J.