Computer Security lecture notes Copyright © 2004 Mark Dermot Ryan
The University of Birmingham
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License,

Computer Security
October-December 2004

This module comprises some lectures by me, some lecturers by some guest lecturers, and some student-led seminars. Assessment is by continuous assessment (the student-led seminars and the associated handouts) and by exam.  Student teams of 3-5 persons will prepare short presentations on topics of their choice. There should be a significant technical content to the presentation. Teams will meet with me or the TA, two-thirds of the way through their preparation, for guidance.

Lectures by the lecturer

  1. Introduction/overview: threats, risk, vulnerabilities and impact
  2. Symmetric key encryption
  3. Secure one-way hash functions
  4. Public key encryption
  5. Secure protocols
  6. Key certificates and PGP
  7. Trusted Computing and NGSCB

Lectures by Andy Brown (TA)

  1. Spyware and Trojan horses  [PDF Slides] [PDF Handouts]
  2. Network Perimeter Security [PDF Slides] [PDF Handouts]

Lectures by guest lecturers

  1. Harj Singh is a security consultant with SynetrixBiometrics.
  2. David Pearce is an expert in patent law. Software Patents.

Student-led seminars

Seminar
 Topic
 Supervisor
SS1
 Quantum cryptography Mark Ryan
SS1A
 Wireless communication
 Mark Ryan
SS2
 Smart cards Mark Ryan
SS3
 Signcryption (also these formats: doc ppt pdf)
 Andy Brown
SS4
 Security of open-source software Andy Brown
SS5
 Single sign-on and MS Passport Andy Brown
SS6
 Digital rights management Mark Ryan
SS7
 CSS
 Andy Brown
SS8
 Electronic voting Mark Ryan

Contacting your supervisor

For Andy Brown: please contact him in room 145 during his office hour (Thursday 1600), or send him an email, or see him after a lecture.
For Mark Ryan: please send him an email, or see him after a lecture.

Forms for recommending mark allocation within your group

Lecture schedule

Key: L=lecture by lecturer; TL = lectures by TA; GL=guest lecture; SS=student seminar; T=preparation tutorial. 

Week
 Monday 12:00
 Thursday 13:00
1
 27 Sep 2004
 No lecture
 30 Sep
 No lecture
2
 4 Oct
 L1 - Introduction/overview: threats, risk, vulnerabilities and impact 7 Oct
 L2 - Symmetric key encryption
3
 11 Oct
 L3 - Secure one-way hash functions 14 Oct L4 - Public key encryption
4
 18 Oct
 TL1 - Spyware and Trojan horses 21 Oct GL1 - Harj Singh, Synetrix Ltd.
5
 25 Oct L5 - Secure protocols 28 Oct L6 - Key certificates and PGP
6
 1 Nov
 L7 - Trusted Computing and NGSCB 4 Nov GL2 - David Pearce: Software patents
7
 8 Nov
 TL2 - Intrusion detection 11 Nov SS1 - Arran Hartgroves, Micheal Tucker, James Harvey, Thomas Prosser, Kiran Parmar
8
 15 Nov
 SS1A - Andrew Hinton, Nikesh Patel, Anish Patel, Michael Spence, Derek Bartram, Dan Leyden
 18 Nov SS2 - Xiaoxia(Mary) Wang, Wei Cui, Hung Yu-Cheng, Benjamin K. Dotto
9
 22 Nov
 SS3 - Anirvan Chkraborty, Vishnu Vardhan, Sulaiman Binmalik, Sam Renji 25 Nov
 SS4 - Daohong Mu, Hao Wu, Dan Chen, Yi Fan, Mu Li,  Han Hu
10
 29 Nov
 SS5 - Lichao Min, Conglun Yao, Xinzhe Chen, Yunlong Xu 2 Dec
 SS6 - Jaspreet Singh, Eakbal Singh, Ajay Sailopla, Chis Andrews, Tim Ellis, Dafyd Jenking
11
 6 Dec
 SS7 - Bo Zhou, Peixian Yan, Gang Liu, Zongpeng Liu, Matthew Black
 9 Dec
 SS8 - Carl Rostron, Mark Wright, Burcu Ozveli, Oriana Miotti, Daniel Hawke, Nathalie Mohr.

Suggested reading

  1. S. Garfinkel and G. Spafford, Web Security, Privacy & Commerce, O'Reilly, Second edition, 2002.
    I think this book is excellent. Although its title looks quite applied, it also has a sound covering of theoretical issues. Consider buying it.
  2. Bruce Schneier, Applied Cryptography. Second Edition, J. Wiley and Sons, 1996. In its day, an incredibly complete and authoritive source. This book has 1653 references in it! Now to old to be relied on for current standards and practices, but a very valuable reference.
  3. William Stallings, Cryptography and Network Security, Principles and Practice,  Prentice Hall, 1999. Third Edition, 2003. This book thoroughly covers the theory. It is not as broad as Applied Cryptography, but often deeper. It also has some good practical topics, although it's drier than Web Security, Privacy & Commerce.
  4. Michael Huth, Secure Communicating Systems: Design, Analysis and Implementation.  Cambridge University Press, 2001. This book is decidedly more mathematical than the others. However, it manages to explain the mathematics quite accessibly.

Useful websites about practical security

  1. The CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, established in 1988. "We alert users to potential threats to the security of their systems and provide information about how to avoid, minimize, or recover from the damage."
  2. SecurityFocus claims to be the most comprehensive and trusted source of security information on the Internet. Although more commercial than CERT, it claims to be a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
  3. SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization.

Useful websites about cryptography and other technical security issues

Helger Lipmaa's crypto links. More than 4000 links on cryptology (i.e., cryptography and cryptanalysis) and chosen areas of data security plus links to information on more than 600 cryptologists. This link collection has received more than 500,000 hits!

Some links related to the management of the module

End