CS549: Cryptography and Network Security (Summer 2013)
Description and Goals
The course will start with a review of necessary background topics such as number theory, basic conventional encryption methods, basic public key cryptosystems, basic digital signature systems, and zero knowledge proof systems. We will then discuss applications of cryptography in different fields, such as wireless sensor networking, RFID, mesh networks, cloud computing and mobile social networks. New and emerging topics in both theoretical research and applications will be presented as well.
The goal of the course is to provide students with the necessary foundations to apply cryptography techniques in new and emerging fields. The focus of this class is to discuss and understand the security challenges in emerging systems, and wireless networks.
1) Classroom: Stuart Building Room 106
2) Date/Time: M,W 1:00pm-4:10pm (see IIT calendars for holidays),
3) Class Dates: May 20th to June 29, 2013.
4) Instructor: XiangYang Li; Electronic contact: xli at cs dot iit dot edu; Office: SB 229C; Office hours: M, W: 12-1pm
5) Teaching Assistant: ???, Office: SB 019B, Office Hours: Monday, Friday 1PM to 3PM.
6) Course Lectures: See the following links for the course schedule and lectures (See also old lectures http://www.cs.iit.edu/~cs549/cs549s07/lectures.htm)
Undergraduate/graduate courses in number theory, algorithms, networking, and programming are preferred but not required. However, the course will provide a short review on the necessary background material. Finally, it is assumed that the students are familiar with some programming language, such as C.
Books and Suggested Readings
There are several good textbooks for this course. Recommended books are:
Cryptography and essentials (the first two books are strongly recommended textbooks; you should get them)
1. Modern Cryptography: Theory and Practice, by Wenbo Mao
2. Cryptography: Theory and Practice, by Douglas R. Stinson, CRC press, hardcover.
3. Handbook of Applied Cryptography, by Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. CRC Press, 1996.
4. Foundations of Cryptography, vol. I (2001) and vol. II (2004), by Oded Goldreich. Cambridge Press.
Network Security (the first book is strongly recommended; you should get it if possible)
1. Cryptography and Network Security: Principles and Practice, by William Stallings , Prentice Hall, Hardcover. Fifth Edition is out also. See http://williamstallings.com/Crypto3e/Crypto3e-student.html for student online help.
2. Network Security Essentials: Applications and Standards, by William Stallings. Prentice Hall, Hardcover, Published November 1999, 366 pages, ISBN 0130160938
3. Secrets and Lies: Digital Security in a Networked World by Bruce Schneier John Wiley, Published August 2000, 412 pages, ISBN 0471253111.
Introduction to number theory
1. D. Angluin: Lecture Notes on the Complexity of Some Problems in Number Theory. Available for download from Tal Malkin's website at Columbia. This is a short review of number theory and its computational aspects. It is sufficient for the needs of our class.
2. V. Shoup: A Computational Introduction to Number Theory and Algebra. This is a very comprehensive introduction to algorithmic number theory, with all the necessary mathematical background self-contained. This is a BETA version, but in good shape.
3. A Course in Number Theory and Cryptography (Graduate Texts in Mathematics),(Hardcover) by Neal Koblitz
4. Number theory with computer applications, by Ramanjuachary Kumandari and Christina Romero (1998)
5. Fundamental Number Theory with Applications, 1998 edition, by Richard Mollin;
Excellent Online Lecture Notes
1. S. Goldwasser and M. Bellare: Lecture Notes on Cryptography. These are notes from a summer cryptography class given by Profs. Shafi Goldwasser and Mihir Bellare at MIT. The treatment here is focused on the theoretical foundations of cryptography.
2. M. Bellare and P. Rogaway: Lecture Notes for a graduate cryptography course at UCSD. The approach here is still aimed towards precise definitions and provable security, although more emphasis is given to practical considerations.
3. J. Katzí lecture Notes for the Intro to Crypto class thought at University of Maryland.
There are also some good links from my homepage: http://www.cs.iit.edu/~xli/confref.html
Tasks and Grading Policy
This is tentative grading policy for non-India session, and the instructor reserved the right to do small changes.
a) Class attendance, reaction paper (20%) (Each student is expected to read several papers from a chosen topic and be able to lead the discussion about the papers in this topic.)
1) EACH student needs to read several papers and write a reaction paper to summarize the papers and propose improvement. Each student needs to first select a topic from the list of topics listed in our class webpage. Each student then needs to write a comprehensive summary of papers from the chosen topic. The selection of the topic from the list is first-come-first-service. No TWO students are allowed to select the SAME topic. The paper is selected from the list of papers provided by me (you can also suggest some really good papers to present, but this needs to be approved by the instructor before you can present this paper). You cannot COPY any material from any segment of results written by others (online material or published books, papers, reports), unless you need to cite some results or statements and clearly indicate in your report.
2) The reaction paper should be due at the end of the semester. The paper should be of 8-15 pages and in IEEE conference format. The paper is due on June 24th, 2013. Upload your paper in PDF format to blackboard and naming the file using your name and additional info so that your file name will be unique.
3) We will do attendance monitoring. You can miss one class at most among all monitored class attendances.
4) The attendance accounts for 5%. Reaction paper counts for 15%
b) One term project and presentation (30%) (term project is formed by a team of students, but the team should have TWO students. We will NOT allow group with 3 or more than 3 members). This project is about programming and implementation.
1) The term project is proposed by students, i.e., yourself (or you can choose from the list of programming assignments given by me). You need to carefully think about this project. You have to really implement the project and show that it works. See programming assignments for details.
2) Each group needs to discuss the term project with the instructor before May 27th, 2013. Each group needs to submit a 2 page project proposal by the end of the 2nd week (May 31st, 2013). Upload this to blackboard for your group.
3) Each student in the group will be graded equally unless it was reported to me and confirmed that some student did not do sufficient work for the project.
4) Each group needs to do a 20 min presentation at the end of the semester to demo the final results of your project (part of June 24th, and June 26th, 2013). For presentation, each group will need to reserve a timeslot (numbered 1 to 10) for presentation at specific days.
a. Presentation Final: covers the following material: Explain your design. Discuss design alternatives, cryptography and network security aspects of your project, such as algorithms, data to show the performance of your systems, system architecture. The challenges faced by your group in implementing the project and how you address these challenges; Lessons learned from the project, and future plan for the project. Management aspects such as your project plan, critical paths, means of team communication (e-mail, chat room, meetings, version control system).
b. Bring your own laptop to present slides and to demo your application. The presentation should demo your implementations of some real systems. Your group needs to run your application or demo your system. Demonstrate what it does for its users. Show that your system functions properly. You also need to submit the programming codes that work properly.
c) One final exam for this course (30%). The exam will be held before the final exam week. It will cover all materials covered in the lectures.
d) Two homework problem-sets (each 10%, total 20%).
1) Homework problem sets will also be posted at the blackboard. Download the PDF files of the homeworks from the class webpage or from the blackboard. You need to upload your written solution to blackboard.
The tentative grading policy for India session:
Homework 20%, final exam 40%, individual term programming project 25%, individual term paper 15%. Notice that, all programming projects and paper writing projects are individual effort (not group project). You have to propose your own programming project (by sending email to TA). You also need to send TA an email about the topics you will work on and write a technical paper (it could be a well thought survey paper on a given topic, or a research paper on an open question, or some nice protocol design and analysis on some interesting topics).
b. No late assignments handed in after the extended deadline will be accepted. Requests for an additional extension will almost always be denied.
c. In this course you are allowed to discuss the problems with your classmates, and to work together. If you choose to do so, please indicate the name(s) of the people with whom you have worked. Otherwise, it will be treated as cheating! Keep in mind that you may discuss assignment problems, general proof strategies, or general algorithms with other students in the course, but you may not collaborate in the detail development or actual writing of problem sets. You need to upload your solution to the blackboard. For convenience, you can also submit additional hard-copy to TA. Please help us by stapling all written pages, labeling them with your name, and clearly labeling each problem. You don't want us to lose part of your assignment or not see your answers, do you?
d. All students are required to do team project (exceptions will only be made for remote students who cannot form a team). All members in each team will be graded equally for the team project unless it has been verified that some students contribute significantly less.
e. The term paper must be an individual effort, and thus written and submitted individually. Notice that it should be the result of individual effort. Examples of individual term paper include, but are not limited to, 1) survey on some research topics, 2) successful addressing of some challenging research questions. It is encouraged that you discuss with your classmates on the research topics. The term paper should be written in conference format.
f. If you are remote students who cannot form a team with other students, term project and term paper will be individual effort. Note that you still need to term project and term paper. If you are remote student and cannot do your presentation in the classroom, you can prepare PPT, video-tape your presentation, and send me your files. We can then play your presentation of the paper in classroom.
Tentative Grading Policy
To get A, you need perform well in all aspects of the class. Generally, (this is tentative, so the instructor reserves the right to change the scale here.),
1) For all students, you get grade A, if your score is at least 87 (out of maximum 100). You get B, if your score is [75, 86], and C if your score is [60,74].
2) For undergraduate students, you will get D if your score is [50,59] and you will get E if your score is [0,49].
3) For graduate students, you will get E if your score is [0,59].
Term Paper Ideas:
1) Reading papers on some related topics, and then writing a comprehensive survey on some topics. Examples of topics: trustworthy computing, security issues in cloud computing, security issues in wireless sensor networking, security issues in CPS.
2) Comprehensive and well organized literature review on some interesting topics and papers from ACM CCS conferences or other related conferences.
3) Work on some specific challenging research topics and write a paper about your research results. This could be a theoretical problem which could lead to publication in some research oriented conferences or journals.
The term paper must be formed like a conference paper that summarizes the results from term project, including, technical challenging questions that are successfully addressed, and NEW algorithms or protocols that are presented and implemented, and new experiment results collected from the project.
Term Project ideas (you are encouraged to propose your own team projects, and discuss with me the feasibility of your projects.):
1) Modeling/Simulation/Verification/Synthesis/Implementation of some network security systems
2) Something related to your own research. You implement the protocols you designed and then evaluate the performances of your protocols in real systems or testbeds.
3) Real network security systems, such as security protocols for CPS
Term Project grading: In particular, the following four aspects of a term project were considered in project grading:
1) Project has a clear goal
2) Goal has a clear value if achieved
3) There are novel ideas involved in achieving the goal
4) These ideas and your implementation work
In summary, the project grade is based on answers to these questions: Clear goal? Has value? New ideas? Ideas work?
If you would like to get detailed written feedback on your project report please let me know and I will give you a marked hard copy. If you disagree with my assessment of any of the above regarding your project, please see me. I would be happy to discuss the final project grade with you and fix it if appropriate.
How to do a good presentation:
Wear professional attire; Clear and concise manner of speaking; Professional-looking audio/visual material such as slides; Split the presentation time about evenly among the members of your team and rehearse the hand-off when the presentation is done by a team. Rehearse your presentation and demo, and time the duration of each part.
One or more group members may deliver the presentation, but all group members are expected to be present and available to answer questions about the project. During the presentation all group members should join together with the presenter at the front of the room. Please put any electronic materials on a memory stick or post to the web in a readily available location.
Tentative Course Topics to be covered
This course provides an introduction to the theory and the practice of cryptography and network security. Particular topics to be covered include:
Basic concepts, number theory
I. CONVENTIONAL ENCRYPTION.
Conventional Encryption: Classical Techniques.
Conventional Encryption: Modern Techniques.
Conventional Encryption: Algorithms.
Confidentiality Using Conventional Encryption.
II. PUBLIC-KEY ENCRYPTION AND HASH FUNCTIONS.
Message Authentication and Hash Functions.
Hash and MAC Algorithms.
Digital Signatures and Authentication Protocols.
III. Other Issues: Privacy, Verifiable Computing, Proof of Possession.
Privacy research topics in mobile social networking, cloud computing, and others.
Other Course Policies
A copy of the full University Academic Honor Code (code of academic honesty) can be found in the current Student Handbook.
Code of Academic Honesty: firstname.lastname@example.org, page 243 of UG Bulletin http://retention.iit.edu/resources/bulletin_2008_2010.pdf