**CS549:
Cryptography and Network Security (Summer 2013)**

**Description
and Goals**

The
course will start with a review of necessary background topics such as number
theory, basic conventional encryption methods, basic public key cryptosystems,
basic digital signature systems, and zero knowledge proof systems. We will then
discuss applications of cryptography in different fields, such as wireless
sensor networking, RFID, mesh networks, cloud computing and mobile social
networks. New and emerging topics in both theoretical research and applications
will be presented as well.

The
goal of the course is to provide students with the necessary foundations to
apply cryptography techniques in new and emerging fields. The focus of this
class is to discuss and understand the security challenges in emerging systems,
and wireless networks.

**Administrivia**

1) Classroom:
Stuart Building Room 106

__IIT calendars__ for holidays),

**links**
for the course schedule and lectures (See also old lectures http://www.cs.iit.edu/~cs549/cs549s07/lectures.htm)

__this
link__ for the list of papers to be presented, and the __term project group__
information.

**Prerequisites**

Undergraduate/graduate
courses in number theory, algorithms, networking, and programming are preferred
but not required. However, the course will provide a short review on the
necessary background material. Finally, it is assumed that the students are
familiar with some programming language, such as C.

**Books
and Suggested Readings**

There
are several good textbooks for this course. Recommended books are:

**Cryptography and
essentials (the first two books are strongly recommended textbooks; you should
get them)**

1.
*Modern
Cryptography: Theory and Practice*, by Wenbo Mao, Prentice
Hall PTR, 2003

2.
*Cryptography: Theory and Practice*, by Douglas R. Stinson, CRC press, hardcover.

3.
*Handbook
of Applied Cryptograp**hy*, by Alfred J. Menezes, Paul C. van Oorschot,
and Scott A. Vanstone. CRC Press, 1996.

4.
*Foundations
of Cryptograph**y*, vol. I (2001) and vol. II
(2004), by Oded Goldreich. Cambridge Press.

**Network Security (the first
book is strongly recommended; you should get it if possible)**

1.
__Cryptography and Network Security: Principles and Practice,____ __by William Stallings , Prentice Hall, Hardcover. Fifth Edition
is out also. See __http://williamstallings.com/Crypto3e/Crypto3e-student.html__
for student online help.

2.
__Network Security Essentials: Applications and Standards____, __by William Stallings. Prentice Hall, Hardcover,
Published November 1999, 366 pages, ISBN 0130160938

3.
__Secrets and Lies: Digital Security in a Networked World____ __by __Bruce Schneier__ John Wiley, Published August 2000,
412 pages, ISBN 0471253111.

**Introduction to number
theory**** **

1.
D. Angluin: *Lecture Notes on the Complexity of
Some Problems in Number Theory*.
Available for download from Tal Malkin's website at
Columbia. This is a short review of number theory and its computational
aspects. It is sufficient for the needs of our class.

2.
V. Shoup: *A Computational
Introduction to Number Theory and Algebra*. This is a very
comprehensive introduction to algorithmic number theory, with all the necessary
mathematical background self-contained. This is a BETA version, but in good
shape.

3.
*A Course in Number Theory and
Cryptography* (Graduate Texts
in Mathematics),(Hardcover) by Neal Koblitz

4.
*Number theory with computer applications*, by Ramanjuachary
Kumandari and Christina Romero (1998)

5.
*Fundamental Number Theory with
Applications*, 1998
edition, by Richard Mollin;

**Excellent Online Lecture
Notes **

1.
S. Goldwasser and M. Bellare: __Lecture Notes on Cryptography__. These are notes from
a summer cryptography class given by Profs. Shafi Goldwasser and Mihir Bellare at MIT. The treatment here is focused on the
theoretical foundations of cryptography.

2.
M. Bellare and P. Rogaway:
Lecture Notes for a * graduate cryptography course at UCSD*.
The approach here is still aimed towards precise definitions and provable
security, although more emphasis is given to practical considerations.

3.
J. Katz’ lecture Notes for the __Intro to Crypto__ class thought at University of Maryland.

There
are also some good links from my homepage: __http://www.cs.iit.edu/~xli/confref.html__

**Tasks
and Grading Policy**

This
is **tentative** grading policy for
non-India session, and the instructor reserved the right to do small changes.

a)
**Class attendance, reaction
paper (20%) **(Each
student is expected to read several papers from a chosen topic and be able to
lead the discussion about the papers in this topic.)

1)
EACH
student needs to read several papers and write a reaction paper to summarize
the papers and propose improvement. Each student needs to first select a topic
from __the list of topics
listed in our class webpage__. Each student then needs to write a comprehensive
summary of papers from the chosen topic. The selection of the topic from the
list is first-come-first-service. No TWO students are allowed to select the
SAME topic. The paper is selected from the list of papers
provided by me (you can also suggest some really good papers to present, but
this needs to be approved by the instructor before you can present this paper).
You cannot COPY any material from any segment of results written by others
(online material or published books, papers, reports), unless you need to cite
some results or statements and clearly indicate in your report.

2)
The
reaction paper should be due at the end of the semester. The paper should be of
**8-15 pages
and in IEEE conference format**. The paper is due on **June 24 ^{th},
2013**. Upload your paper in PDF format to blackboard and naming the
file using your name and additional info so that your file name will be unique.

3)
We
will do attendance monitoring. You can miss one class at most among all
monitored class attendances.

4)
The
attendance accounts for 5%. Reaction paper counts for 15%

b)
**One term project and
presentation (30%)** (term project is formed by a team of students, but the team
should have TWO students. We will NOT allow group with 3 or more than 3
members). This project is about programming and implementation.

1)
The
term project is proposed by students, i.e., yourself (or you can choose from
the list of programming assignments given by me). You need to carefully think
about this project. You have to really implement the project and show that it
works. See programming assignments for details.

2)
Each
group needs to discuss the term project with the instructor before **May 27th, 2013**.
Each group needs to submit **a 2 page project proposal** by the end of the **2nd week (May
31st, 2013)**. Upload this to blackboard for your group.

3)
Each
student in the group will be graded equally unless it was reported to me and
confirmed that some student did not do sufficient work for the project.

4)
Each
group needs to do a **20 min presentation** at the end of the semester
to demo the final results of your project (part of **June 24 ^{th}**, and

a.
**Presentation Final**: covers the following material: Explain
your design. Discuss design alternatives, cryptography and network security
aspects of your project, such as algorithms, data to show the performance of
your systems, system architecture. The challenges faced by your group in
implementing the project and how you address these challenges; Lessons learned
from the project, and future plan for the project. Management aspects such as
your project plan, critical paths, means of team communication (e-mail, chat
room, meetings, version control system).

b.
Bring
your own laptop to present slides and to demo your application. The
presentation should demo your implementations of some real systems. Your group
needs to run your application or demo your system. Demonstrate what it does for
its users. Show that your system functions properly. You also need to submit
the programming codes that work properly.

c)
**One final exam for this
course (30%).** The exam
will be held before the final exam week. It will cover all materials covered in
the lectures.

**d) ****Two homework problem-sets (each 10%, total 20%).**

1)
Homework
problem sets will also be posted at the blackboard. Download the PDF files of
the homeworks from the class webpage or from the
blackboard. You need to upload your written solution to blackboard.

2)
__Homework 1, PDF file__,
__homework 2 PDF file__.

**The
tentative grading policy for India session:**

**Homework 20%, final exam 40%, individual term programming
project 25%, individual term paper 15%**. Notice that, all programming projects
and paper writing projects are individual effort (not group project). You have
to propose your own programming project (by sending email to TA). You also need
to send TA an email about the topics you will work on and write a technical
paper (it could be a well thought survey paper on a given topic, or a research
paper on an open question, or some nice protocol design and analysis on some
interesting topics).

**Other
policies**:

a. You may take an automatic
extension by handing in the homework assignment on the specified extended due
date (one week) and time but with **10% deduction** on this homework grade.

b. No late assignments handed in after the
extended deadline will be accepted. Requests for an additional extension will
almost always be denied.

c. In this course you are allowed to discuss
the problems with your classmates, and to work together. If you choose to do
so, please indicate the name(s) of the people with whom you have worked.
Otherwise, it will be treated as cheating! Keep in mind that you may discuss * assignment
problems, general proof strategies, or general algorithms* with other students in the course, but
you may not collaborate in

d. **All** students are required to do team
project (exceptions will only be made for remote students who cannot form a
team). All members in each team will be graded equally for the team project
unless it has been verified that some students contribute significantly less.

e. The term **paper** must be an **individual**
effort, and thus written and submitted **individually**. Notice that it should be the result
of individual effort. Examples of individual term paper include, but are not
limited to, 1) survey on some research topics, 2) successful addressing of some
challenging research questions. It is encouraged that you discuss with your
classmates on the research topics. The term paper should be written in
conference format.

f.
If
you are remote students who cannot form a team with other students, term
project and term paper will be individual effort. Note that you still need to
term project and term paper. If
you are remote student and cannot do your presentation in the classroom, you
can prepare PPT, video-tape your presentation, and send me your files. We can
then play your presentation of the paper in classroom.

**Tentative Grading Policy**

To
get A, you need perform well in all aspects of the class. Generally, (this is
tentative, so the instructor reserves the right to change the scale here.),

1)
For
all students, you get grade A, if your score is at least 87 (out of maximum
100). You get B, if your score is [75, 86], and C if your score is [60,74].

2)
For
undergraduate students, you will get D if your score is [50,59]
and you will get E if your score is [0,49].

3)
For
graduate students, you will get E if your score is [0,59].

**Term Paper Ideas:**

1)
Reading
papers on some related topics, and then writing a comprehensive survey on some
topics. Examples of topics: trustworthy computing, security issues in cloud
computing, security issues in wireless sensor networking, security issues in
CPS.

2)
Comprehensive
and well organized literature review on some interesting topics and papers from
ACM CCS conferences or other related conferences.

3)
Work
on some specific challenging research topics and write a paper about your
research results. This could be a theoretical problem which could lead to
publication in some research oriented conferences or journals.

The term paper must be formed like a
conference paper that summarizes the results from term project, including,
technical challenging questions that are successfully addressed, and NEW
algorithms or protocols that are presented and implemented, and new experiment
results collected from the project.

**Term Project ideas** (you are encouraged to propose your own
team projects, and discuss with me the feasibility of your projects.):

1)
Modeling/Simulation/Verification/Synthesis/Implementation
of some network security systems

2)
Something
related to your own research. You implement the protocols you designed and then
evaluate the performances of your protocols in real systems or testbeds.

3)
Real
network security systems, such as security protocols for CPS

**Term Project grading**: In particular, the following four
aspects of a term project were considered in project grading:

1)
Project
has a clear goal

2)
Goal
has a clear value if achieved

3)
There
are novel ideas involved in achieving the goal

4)
These
ideas and your implementation work

In
summary, the project grade is based on answers to these questions: Clear goal?
Has value? New ideas? Ideas work?

If
you would like to get detailed written feedback on your project report please
let me know and I will give you a marked hard copy. If you disagree with my
assessment of any of the above regarding your project, please see me. I would
be happy to discuss the final project grade with you and fix it if appropriate.

**How to do a good
presentation: **

Wear professional attire; Clear and
concise manner of speaking; Professional-looking audio/visual material such as
slides; Split the presentation time about evenly among the members of your team
and rehearse the hand-off when the presentation is done by a team. Rehearse
your presentation and demo, and time the duration of each part.

One
or more group members may deliver the presentation, but all group members are
expected to be present and available to answer questions about the project.
During the presentation all group members should join together with the
presenter at the front of the room. Please put any electronic materials on a
memory stick or post to the web in a readily available location.

**Tentative
Course Topics to be covered**

This
course provides an introduction to the theory and the practice of cryptography
and network security. Particular topics to be covered include:

Introduction

Basic concepts, number theory

I.
CONVENTIONAL ENCRYPTION.

Conventional Encryption: Classical Techniques.

Conventional Encryption: Modern Techniques.

Conventional Encryption: Algorithms.

Confidentiality Using Conventional Encryption.

II.
PUBLIC-KEY ENCRYPTION AND HASH FUNCTIONS.

Public key crypto-systems

Message Authentication and Hash Functions.

Hash and MAC Algorithms.

Digital Signatures and Authentication Protocols.

Key Management

Secret Sharing

Interactive proof

III.
Other Issues: Privacy, Verifiable Computing, Proof of Possession.

Privacy research topics in mobile social networking, cloud computing, and others.

**Other
Course Policies**

I expect students to arrive on-time for the class.
Classroom participation **constitutes 5%** of the grade in this class. You will be expected to have
previously read the reading assignment before the class, and to be able to
participate in classroom discussions. __
__The students are also required to
abide the University's Honor Code. Basically, do not represent other persons'
work as your own, properly cite sources, and do not intentionally seek to
undermine the efforts of your classmates.

A copy of the full University Academic
Honor Code (code of academic honesty) can be found in the current Student Handbook.

Code of Academic Honesty: __academichonesty@iit.edu____,__ page 243 of UG Bulletin __http://retention.iit.edu/resources/bulletin_2008_2010.pdf__

Reasonable accommodations will be made for students with
documented disabilities. In order to receive accommodations, students must
obtain a letter of accommodation from the Center for Disability Resources and
make an appointment to speak with me [the instructor] as soon as possible. The
Center for Disability Resources (CDR) is located in Life Sciences Room 218,
telephone 312-567-5744 or disabilities@iit.edu.