Computer Security lecture notes Copyright © 2004 Mark Dermot Ryan
The University of Birmingham
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License,

Computer Security
January--April 2004

This module comprises some lectures by me, some lecturers by two guest lecturers, and some student-led seminars. Assessment is by continuous assessment (the student-led seminars and the associated handouts) and by exam.  Student teams of 3 persons will prepare short presentations on topics of their choice. There should be a significant technical content to the presentation. Teams will meet with me or the TA Stefano Cattani, two-thirds of the way through their preparation, for guidance.

Lectures by the lecturer

  1. Introduction/overview: threats, risk, vulnerabilities and impact
  2. Symmetric key encryption
  3. Secure one-way hash functions
  4. Public key encryption
  5. Secure protocols
  6. Key certificates and PGP
  7. Trusted Computing and NGSCB

Lectures by guest lecturers

  1. Harj Singh is a security consultant with SynetrixEffective security. Slides:  html  ppt
  2. Steve Kremer is a visitor to the department. Fair Exchange protocols. Slides:  1/page  4/page

Student-led seminars

  1. Andrew Brown, Tim Cocks, Kumutha Swampillai. Spyware and Trojan horseshandout  slides(ppt) slides(html)
  2. Andrew Ferris, Chris Maguire, Nicholas Wilkins.  Zero knowledge protocols. handout  presentation
  3. Robert Markworth, Mamta Kothavale, Parmajit Sandhu. Biometric authentication.  handout  presentation
  4. Amit Kotecha, Hiren Patel, Kevin Lam, Kai Zhou. Digital cash.  handout (html, pdf, doc) presentation
  5. Patrick Diskin, Samuel Lau, Robert Parlett, Jonathan Cummins. Steganography and digital watermarking. handout (html, doc, pdf) presentation
  6. Adam Butcher, Peter Buchlovsky. Buffer overflow vulnerabilities: Exploits and defensive techniques. handout slides src
  7. André Verhaeg, Tom Preston, Alex Whelan. Wifi and bluetooth security. handout
  8. Till Meyer. SSL and attacks. presentation
  9. Mark Schuchter. Distributed denial of service attacks.  presentation(pdf)  presentation(ppt)

Lecture schedule

Key: L=lecture by lecturer; GL=guest lecture; SS=student seminar; T=preparation tutorial. 

Week
 Monday 14:00, UG07 Lrn.Ctr.
 Thursday 13:00, G35 Chem.Eng.
1
 12 Jan
 L1 - Introduction/overview: threats, risk, vulnerabilities and impact 15 Jan
 L2 - Symmetric key encryption
2
 19 Jan L3 - Secure one-way hash functions 22 Jan
 L4 - Public key encryption
3
 26 Jan
 L5 - Secure protocols 29 Jan
 L6 - Key certificates and PGP
4
 2 Feb
 L7 - Trusted Computing and NGSCB 5 Feb
 No lecture
5
 9 Feb
 GL1 - Harj Singh, Synetrix Ltd
Effective security.
 		12 Feb
 SS1 - Spyware and Trojan horses
Tim, Kumutha, Andy
Supervisor: Mark Ryan
6
 16 Feb
 SS2 -  Zero knowledge protocols
Chris, Andrew, Nicholas
Supervisor: Stefano Cattani
 19 Feb
 GL2 - Steve Kremer, Brussels University.
7
 23 Feb
 SS3 - Biometrics
Robert, Mamta, Parmajit
Supervisor: Mark Ryan
 26 Feb
 SS4 - Digital Cash
Amit, Hiren, Kevin, Kai
Supervisor: Stefano Cattani
8
 1 Mar
 No lecture
 4 Mar
 SS5 Steganography and digital watermarking
Patrick, Samuel, Robert,  Jonathan
Supervisor: Stefano Cattani
9
 8 Mar
 SS6 - Language security
Adam, Peter
Supervisor: Mark Ryan 		11 Mar
 SS7 - Wifi and bluetooth security
André, Tom, Alex
Supervisor: Mark Ryan
10
 15 Mar
 SS8a -  SSL
Till
SS8b - DDOS
Mark
Supervisor: Stefano Cattani 		18 Mar
 Wrap-up and feedback

Suggested reading

  1. S. Garfinkel and G. Spafford, Web Security, Privacy & Commerce, O'Reilly, Second edition, 2002.
    I think this book is excellent. Although its title looks quite applied, it also has a sound covering of theoretical issues. Consider buying it.
  2. Bruce Schneier, Applied Cryptography. Second Edition, J. Wiley and Sons, 1996. In its day, an incredibly complete and authoritive source. This book has 1653 references in it! Now to old to be relied on for current standards and practices, but a very valuable reference.
  3. William Stallings, Cryptography and Network Security, Principles and Practice,  Prentice Hall, 1999. Third Edition, 2003. This book thoroughly covers the theory. It is not as broad as Applied Cryptography, but often deeper. It also has some good practical topics, although it's drier than Web Security, Privacy & Commerce.
  4. Michael Huth, Secure Communicating Systems: Design, Analysis and ImplementationCambridge University Press, 2001. This book is decidedly more mathematical than the others. However, it manages to explain the mathematics quite accessibly.

Useful websites about practical security

  1. The CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, established in 1988. "We alert users to potential threats to the security of their systems and provide information about how to avoid, minimize, or recover from the damage."
  2. SecurityFocus claims to be the most comprehensive and trusted source of security information on the Internet. Although more commercial than CERT, it claims to be a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
  3. SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization.

Useful websites about cryptography and other technical security issues

Helger Lipmaa's crypto links. More than 4000 links on cryptology (i.e., cryptography and cryptanalysis) and chosen areas of data security plus links to information on more than 600 cryptologists. This link collection has received more than 500,000 hits!

Feedback from students


End