Transcript Course Overview

Introduction to
Information Security
J. H. Wang
Sep. 10, 2013
Instructor
• Instructor
–
–
–
–
–
–
–
Jenq-Haur Wang (王正豪)
Assistant Professor, CSIE, NTUT
Office: R1534, Technology Building
E-mail: [email protected]
Homepage: http://www.ntut.edu.tw/~jhwang/
Tel: ext. 4238
Office Hour: 9:10-12:00am every Tuesday and
Thursday
Course Overview
• Course: Information Security
• Time: 14:10-15:00pm on Tuesdays, 9:1011:00am on Wednesdays
• Classroom: R427, 6th Teaching Building
/R401, Dept. Electro-Optical Eng. (光華館)
• Prerequisite: Discrete Mathematics,
Computer Networks
• Course webpage:
http://www.ntut.edu.tw/~jhwang/IS/
• TA: 林佳志 (R1424, Technology Building)
Target Students
• For those who
– Major in Computer Science or Information
Technology, and
– Are familiar with basic computer networks
and discrete mathematics, and
– Are preparing to investigate more details in
selected topics and recent developments in
system, networks, and information security
Resources
• Textbook: Network Security Essentials: Applications and
Standards, 5th ed., by William Stallings, Pearson
Education, Inc., 2013. (imported by Kai-Fa Publishing)
– http://williamstallings.com/NetworkSecurity/
– (International Edition still not available by now, thus earlier
versions are also acceptable)
– Online chapters and appendices available
• References:
– Cryptography and Network Security: Principles and Practice, Sixth
Edition, by William Stallings, Prentice-Hall, 2013 (from which
our textbook is adapted)
– Slides, documents, and tools
Teaching
• Lectures
• Homework assignments
– Homework should be turned in within two
weeks
• Mid-term exam
• Term project: programming exercises or
topical surveys
– How do intruders attack our systems
– What kinds of security tools are available
– How do we protect against attacks
Grading Policy
• (Tentative) grading policy
– Homework assignments: 30%
– Midterm exam: 30%
– Term projects: 40%
• Programming exercises or topical surveys
Course Description
• Introduction to basic concepts in
information security and their
applications
– Cryptography
• Encryption, hash function, digital signature
– Network security applications
• HTTPS, wireless security, e-mail security, IP
security
– System security
• Intrusion, virus, firewall
What is Information Security?
• Example scenarios
– Receiving unsolicited messages, e-mail spam,
phishing, advertisements, …
– Computer system hijacked: popups, hanged, …
– Communication gets wiretapped or eavesdropped…
– Fake online transaction
– Your friend denied receipt of your message
– Disputes on the rights of an image
– Playing online audio without permission
– Natural disaster: fire, physical attacks (911), …
– …
More Security-Related Terms
• System security
–
–
–
–
User authentication, access control
Database security
OS security, infrastructure
Software security: browser, malicious software, virus
• Network security
– Networking protocol, applications
– E-commerce, …
• Information security
– Spam, phishing, …
– Multimedia security: watermarking, information hiding,
digital rights management
(DRM), …
Outline & Schedule
• Outline
– Introduction (Ch. 1)
– Cryptography (Ch. 2-3)
• Symmetric encryption and message confidentiality
• Public-key cryptography and message authentication
– Network security applications (Ch. 4-8) [Ch.4-9 in 5th ed.]
•
•
•
•
•
•
Key distribution and user authentication
Network access control and cloud security [new in 5th ed.]
Transport-level security
Wireless network security
Electronic mail security
IP security
– System security (Ch. 9-11) [Ch.10-12 in 5th ed.]
• Intruders
• Malicious software
• Firewalls
Outline & Schedule (Cont’)
– Online chapters (Ch.12-13) [Ch.13-15 in 5th ed.]
• Network management security
• Legal and ethical aspects
• SHA-3 [new in 5th ed.]
– Appendices
• Some aspects of number theory
• Projects for teaching network security
– Online appendices
•
•
•
•
•
•
•
•
Standards and organizations
TCP/IP and OSI
Pseudorandom number generation
Kerberos encryption techniques
Data compression using ZIP
PGP random number generation
The base-rate fallacy [new in 5th ed.]
Radix-64 conversion [new in 5th ed.]
Outline & Schedule (Cont’)
• (Tentative) Schedule
– Introduction: 1-2 wks
– Cryptography: 3-4 wks
– Network security applications: 7-8 wks
• TCP/IP
• Web, SSH, E-mail, IP security
– System security: 1-2 wks
• Password, virus, intrusion detection, firewall
• Due to the time limits, we will try to cover most of the
major topics above without going into too much detail
– E.g.: mathematical parts such as number theory (Appendix A)
– A broad overview, and then focus on selected topics in depth
Additional Resources
• Review on computer networking and
TCP/IP protocols
• More slides on network and information
security
• Useful tools for network and system
security
• Web resources and recommended reading
(at the end of each chapter)
More on Term Project
• Programming exercises using security libraries
– Implementation of security algorithms (AES, RSA, …)
– Implementation of a client-server application (e.g. secured
chat room, file exchange, transactions, …)
– …
• Topical surveys in information security-related topics,
e.g.:
– Demonstration on how to use a security tool to defend
against some attacks
– Comparison of security standards or algorithms
– Potential security weakness in systems, and possible
solutions or countermeasures
– The latest developments in information security
Thanks for Your Attention!