CIS4360 - Computer Security Fundamentals - Spring 2025 - Schedule | ||||
| Date | Topic | Resources | Homework | |
| Week 1 | 1/07 | Logistics. Introduction. | Logistics Slide 0 | |
| 1/09 | Network Security: Sniffing & Spoofing, DoS: direct and reflection, fragmentation and Ping of Death and TearDrop | Slide 1 | ||
| Week 2 | 1/14 | Network Security, continued: TCP issues, TCP SYN Flood, TCP Hijacking | Slide 1 | Lab 1 |
| 1/16 | Network Security, continued: DNS and Kaminsky's attack. | Slide 1 | ||
| Week 3 | 1/21 | Campus closed | ||
| 1/23 | Campus closed | |||
| Week 4 | 1/28 | Software Security: Access control, MAC and Bell-LaPadula model, Access Control List with examples in Unix, setuid. | Slide 2 | |
| 1/30 | Software Security, continued: attacks on setuid programs via capability leaking, race condition, and environment variables. | Slide 2 | Lab 1 due (1/31) | |
| Week 5 | 2/04 | Web Security: overview, SQL Injection, CRSF attack | Slide 3 | Lab 2 |
| 2/06 | Web Security, continued: XSS attac. Intro to Crypto: classical ciphers, perfect secrecy and one-time pad | Slide 3, Slide 4 | ||
| Week 6 | 2/11 | Intro to Crypto, continued: limitation of one-time pad, principles of modern crypto. Blockcipher: syntax, PRF security. | Slide 4, Slide 5 | Lab 2 due (2/10) Lab 3 |
| 2/13 | Blockcipher, continued: Birthday paradox and birthday attack. Encryption: ECB, CBC, CTR. | Slide 5 Slide 6 | ||
| Week 7 | 2/18 | Encryption, continued: Formalization security (real-or-random). Practice of breaking bad encryption. | Slide 6 | |
| 2/20 | Message authentication code (MAC): security notion, CBC-MAC | Slide 7 | Lab 3 due (2/21) | |
| Week 8 | 2/25 | MAC, continued: examples of bad MAC, Encrypted-CBC-MAC | Slide 7 | Lab 4 |
| 2/27 | Authenticated encryption: definition, examples of bad AE schemes | Slide 8 | Lab 4 due (3/3) | |
| Week 9 | 3/04 | AE, continued: WEP and Chop-Chop attack, generic composition (EtM, E&M, MtE). | Slide 8 | Hw1 |
| 3/06 | No class (Tung's out of town) | |||
| Week 10 | 3/11 | Springbreak | ||
| 3/13 | Springbreak | |||
| Week 11 | 3/18 | Hash function: motivation, collision resistance, random-oracle model, Merkle-Damgard, HMAC | Slide 9 | Hw1 due (3/17) |
| 3/20 | Review of Hw1. Hash function, continued: password hashing. | Slide 9 | ||
| Week 12 | 3/25 | Asymmetric crypto: Diffie-Hellman key exchange, number theory basics, Diffie-Hellman assumption. | Slide 10 | Lab 5 |
| 3/27 | Review of asymmetric crypto. Public-key encryption: definition, CPA security, | Slide 10 | Lab 5 due (3/31) | |
| Week 13 | 4/01 | Review of Lab 5. Public-key encryption, continued: RSA encryption and attacks, Hashed RSA, PKCS#1 and padding-oracle attack. | Slide 11 | Hw2 |
| 4/03 | ||||
| Week 14 | 4/08 | |||
| 4/10 | ||||
| Week 15 | 4/15 | Hw2 due (4/14) | ||
| 4/17 | ||||
| Week 16 | 4/22 | |||
| 4/24 | ||||