**CS549: Cryptography and Network Security**

**Department of Computer Science, Illinois Institute of Technology**

**Description
and Goals**

The
course will start with a review of necessary background topics such as number theory,
basic conventional encryption methods, basic public key cryptosystems, basic
digital signature systems, and zero knowledge proof systems. We will then
discuss applications of cryptography in different fields, such as wireless
sensor networking, RFID, mesh networks, cloud computing, mobile computing, and
social networks. New and emerging topics in both theoretical research and
applications will be presented as well.

The
goal of the course is to provide students with the necessary foundations to apply
cryptography techniques in new and emerging fields. The focus of this class is
to discuss and understand the security challenges in emerging systems, and
wireless networks.

**Administrivia**

1) Classroom:
Stuart Building Room 204

__IIT calendars__ for holidays),

**links**
for the course schedule and lectures (See also old lectures http://www.cs.iit.edu/~cs549/cs549s07/lectures.htm)

__this
link__ for the list of papers to be presented, and the __term project group__
information.

**Prerequisites**

Undergraduate/graduate
courses in number theory, algorithms, networking, and programming are preferred
but not required. However, the course will provide a short review on the
necessary background material. Finally, it is assumed that the students are
familiar with some programming language, such as C.

**Books
and Suggested Readings**

There
are several good textbooks for this course. Recommended books are:

**Cryptography and
essentials (the first two books are strongly recommended textbooks; you should
get them)**

1.
*Modern
Cryptography: Theory and Practice*, by Wenbo Mao,
Prentice Hall PTR, 2003

2.
*Cryptography: Theory and Practice*, by Douglas R. Stinson, CRC press, hardcover.

3.
*Handbook
of Applied Cryptograp**hy*, by Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. CRC Press, 1996.

4.
*Foundations
of Cryptograph**y*, vol. I (2001) and vol. II (2004),
by Oded
Goldreich. Cambridge Press.

**Network Security (the
first book is strongly recommended; you should get it if possible)**

1.
__Cryptography and Network Security: Principles and Practice,____ __by William
Stallings ,
Prentice Hall, Hardcover. Fifth Edition is out also. See __http://williamstallings.com/Crypto3e/Crypto3e-student.html__
for student online help.

2.
__Network Security Essentials: Applications and Standards____, __by William Stallings. Prentice Hall, Hardcover,
Published November 1999, 366 pages, ISBN 0130160938

3.
__Secrets and Lies: Digital Security in a Networked World____ __by __Bruce Schneier__
John Wiley, Published August 2000, 412 pages, ISBN 0471253111.

**Introduction to number
theory**** **

1.
D.
Angluin: *Lecture Notes on the Complexity of Some Problems in Number Theory*. Available for download from Tal
Malkin's website at Columbia. This is a short review of number theory
and its computational aspects. It is sufficient for the needs of our class.

2.
V.
Shoup: *A Computational Introduction to Number
Theory and Algebra*. This is a very comprehensive introduction to
algorithmic number theory, with all the necessary mathematical background
self-contained. This is a BETA version, but in good shape.

3.
*A Course in Number Theory and
Cryptography* (Graduate
Texts in Mathematics),(Hardcover) by Neal Koblitz

4.
*Number theory with computer applications*, by Ramanjuachary Kumandari and
Christina Romero (1998)

5.
*Fundamental Number Theory with
Applications*, 1998
edition, by Richard Mollin;

**Excellent Online Lecture
Notes **

1.
S. Goldwasser and M. Bellare: __Lecture Notes on Cryptography__. These are notes from
a summer cryptography class given by Profs. Shafi Goldwasser and Mihir Bellare at MIT. The treatment here is focused on the
theoretical foundations of cryptography.

2.
M. Bellare and P. Rogaway: Lecture Notes for a * graduate cryptography course at UCSD*.
The approach here is still aimed towards precise definitions and provable
security, although more emphasis is given to practical considerations.

3.
J. Katz’ lecture Notes for the __Intro to Crypto__ class thought at University of Maryland.

There
are also some good links from my homepage: __http://www.cs.iit.edu/~xli/confref.html__

**Tasks
and Grading Policy**

This
is **tentative** grading policy for
session CS549-01, CS549-02, and the instructor reserved the right to do small
changes.

a)
**Class attendance (5%)**

a)
We
will do attendance monitoring. You can miss one class at most among all
monitored class attendances.

b)
The
attendance accounts for 5%.

b)
**One term paper (15%) **(Each
student is expected to read several papers from a chosen topic and be able to
lead the discussion about the papers in this topic.)

1)
EACH
student needs to read several papers and write a reaction paper to summarize
the papers and propose improvement. Each student needs to first select a topic
from __the list of topics
listed in our class webpage__. Each student then needs to write a
comprehensive summary of papers from the chosen topic. The selection of the
topic from the list is first-come-first-service. No TWO students are allowed to
select the SAME topic. The paper is selected from the list of papers
provided by me (you can also suggest some really good papers to present, but
this needs to be approved by the instructor before you can present this paper).
You cannot COPY any material from any segment of results written by others
(online material or published books, papers, reports), unless you need to cite
some results or statements and clearly indicate in your report.

2)
The
term reaction paper should be due at the end of the semester. The paper should
be at least of **8-15 pages
and in IEEE conference format**. The paper is due on **December 1 ^{st},
2014**. Upload your paper in PDF format to blackboard and naming the
file using your name and additional info so that your file name will be unique.

3)
Reaction
paper counts for 15%

c)
**One term project and
presentation (30%)** (the
term project is formed by a team of students, but the team should have TWO
students. We will NOT allow group with 3 or more than 3 members). This project
is about programming and implementation.

1)
The
term project is proposed by students, i.e., yourself (or you can choose from
the list of programming assignments given by me). You need to carefully think
about this project. You have to really implement the project and show that it
works. See programming assignments for details.

2)
Each
group needs to discuss the term project with the instructor before **September 5th,
2014**. Each group needs to submit **a 2 page project proposal** by the
end of the **3rd
week (September 12th, 2014)**. Upload this to blackboard for your
group.

3)
Each
student in the group will be graded equally unless it was reported to me and
confirmed that some student did not do sufficient work for the project.

4)
Each
group needs to do a **20 min presentation** at the end of the semester
to demo the final results of your project (part of **November 24 ^{th}**, and

a.
**Presentation Final**: covers the following material: Explain
your design. Discuss design alternatives, cryptography and network security
aspects of your project, such as algorithms, data to show the performance of
your systems, system architecture. The challenges faced by your group in
implementing the project and how you address these challenges; Lessons learned
from the project, and future plan for the project. Management aspects such as
your project plan, critical paths, means of team communication (e-mail, chat
room, meetings, version control system).

b.
Bring
your own laptop to present slides and to demo your application. The
presentation should demo your implementations of some real systems. Your group
needs to run your application or demo your system. Demonstrate what it does for
its users. Show that your system functions properly. You also need to submit
the programming codes that work properly.

d)
**One final exam for this
course (30%).** The exam
will be held before or during the final exam week. It will cover all materials
studied in the lectures.

e)
**Two homework problem-sets
(each 10%, total 20%).**

1)
Homework
problem sets will also be posted at the blackboard. Download the PDF files of
the homeworks from the class webpage or from the blackboard. You need to upload
your written solution to blackboard.

2)
__Homework 1, PDF file__,
__homework 2 PDF file__.

**The
tentative grading policy for India session CS549-03:**

**For students from India
session (cs549-03), you will be graded based on the following 4 tasks: **

**Individual term paper 15%, individual term programming project
30%, final exam 35%, and homework 20%. **

Notice
that, all programming projects and paper writing projects are individual effort
(not group project). You have to propose your own programming project (by
sending email to TA). You also need to send TA an email about the topics you
will work on and write a technical paper (it could be a well thought survey
paper on a given topic, or a research paper on an open question, or some nice
protocol design and analysis on some interesting topics). For term project, you
need to do online presentation using Skype with TA.

**Other
policies**:

a. You may take an automatic
extension by handing in the homework assignment on the specified extended due
date (one week) and time but with **10% deduction** on this homework grade.

b. No late assignments handed in after the
extended deadline will be accepted. Requests for an additional extension will
almost always be denied.

c. In this course you are allowed to
discuss the problems with your classmates, and to work together. If you choose
to do so, please indicate the name(s) of the people with whom you have worked.
Otherwise, it will be treated as cheating! Keep in mind that you may discuss * assignment
problems, general proof strategies, or general algorithms* with other students in the course, but
you may not collaborate in

d. **All** students are required to do team
project (exceptions will only be made for remote students who cannot form a
team). All members in each team will be graded equally for the team project
unless it has been verified that some students contribute significantly less.

e. The term **paper** must be an **individual**
effort, and thus written and submitted **individually**. Notice that it should be the result
of individual effort. Examples of individual term paper include, but are not
limited to, 1) survey on some research topics, 2) successful addressing of some
challenging research questions. It is encouraged that you discuss with your
classmates on the research topics. The term paper should be written in conference
format.

f.
If
you are remote students who cannot form a team with other students, term
project and term paper will be individual effort. Note that you still need to
term project and term paper. If you
are remote student and cannot do your presentation in the classroom, you can
prepare PPT, video-tape your presentation, and send me your files. We can then
play your presentation of the paper in classroom.

**Tentative Grading Policy**

To
get A, you need perform well in all aspects of the class. Generally, (this is
tentative, so the instructor reserves the right to change the scale here.),

1)
For
all students, you get grade A, if your score is at least 87 (out of maximum
100). You get B, if your score is [75, 86], and C if your score is [60,74].

2)
For
undergraduate students, you will get D if your score is [50,59] and you will
get E if your score is [0,49].

3)
For
graduate students, you will get E if your score is [0,59].

**Term Paper Ideas:**

1)
Reading
papers on some related topics, and then writing a comprehensive survey on some
topics. Examples of topics: trustworthy computing, security issues in cloud
computing, security issues in wireless sensor networking, security issues in
CPS.

2)
Comprehensive
and well organized literature review on some interesting topics and papers from
ACM CCS conferences or other related conferences.

3)
Work
on some specific challenging research topics and write a paper about your
research results. This could be a theoretical problem which could lead to
publication in some research oriented conferences or journals.

The term paper must be formed like a
conference paper that summarizes the results from term project, including,
technical challenging questions that are successfully addressed, and NEW algorithms
or protocols that are presented and implemented, and new experiment results
collected from the project.

**Term Project ideas** (you are encouraged to propose your own
team projects, and discuss with me the feasibility of your projects.):

1)
Modeling/Simulation/Verification/Synthesis/Implementation
of some network security systems

2)
Something
related to your own research. You implement the protocols you designed and then
evaluate the performances of your protocols in real systems or testbeds.

3)
Real
network security systems, such as security protocols for CPS

**Term Project grading**: In particular, the following four
aspects of a term project were considered in project grading:

1)
Project
has a clear goal

2)
Goal
has a clear value if achieved

3)
There
are novel ideas involved in achieving the goal

4)
These
ideas and your implementation work

In
summary, the project grade is based on answers to these questions: Clear goal?
Has value? New ideas? Ideas work?

If
you would like to get detailed written feedback on your project report please
let me know and I will give you a marked hard copy. If you disagree with my
assessment of any of the above regarding your project, please see me. I would
be happy to discuss the final project grade with you and fix it if appropriate.

**How to do a good
presentation: **

Wear professional attire; Clear and
concise manner of speaking; Professional-looking audio/visual material such as
slides; Split the presentation time about evenly among the members of your team
and rehearse the hand-off when the presentation is done by a team. Rehearse
your presentation and demo, and time the duration of each part.

One
or more group members may deliver the presentation, but all group members are
expected to be present and available to answer questions about the project.
During the presentation all group members should join together with the
presenter at the front of the room. Please put any electronic materials on a
memory stick or post to the web in a readily available location.

**Tentative
Course Topics to be covered**

This
course provides an introduction to the theory and the practice of cryptography
and network security. Particular topics to be covered include:

Introduction

Basic concepts, number theory

I.
CONVENTIONAL ENCRYPTION.

Conventional Encryption: Classical Techniques.

Conventional Encryption: Modern Techniques.

Conventional Encryption: Algorithms.

Confidentiality Using Conventional Encryption.

II.
PUBLIC-KEY ENCRYPTION AND HASH FUNCTIONS.

Public key crypto-systems

Message Authentication and Hash Functions.

Hash and MAC Algorithms.

Digital Signatures and Authentication Protocols.

Key Management

Secret Sharing

Interactive proof

III.
Other Issues: Privacy, Verifiable Computing, Proof of Possession.

Privacy research topics in mobile social networking, cloud computing, mobile computing, and others.

**Other
Course Policies**

I expect students to arrive on-time for the class.
Classroom participation **constitutes 5%** of the grade in this class. You will be expected to have
previously read the reading assignment before the class, and to be able to
participate in classroom discussions. __
__The students are also required to
abide the University's Honor Code. Basically, do not represent other persons'
work as your own, properly cite sources, and do not intentionally seek to
undermine the efforts of your classmates.

A copy of the full University Academic
Honor Code (code of academic honesty) can be found in the current Student Handbook.

Code of Academic Honesty: __academichonesty@iit.edu____,__ page 243 of UG Bulletin __http://retention.iit.edu/resources/bulletin_2008_2010.pdf__

Reasonable accommodations will be made for students with
documented disabilities. In order to receive accommodations, students must
obtain a letter of accommodation from the Center for Disability Resources and
make an appointment to speak with me [the instructor] as soon as possible. The
Center for Disability Resources (CDR) is located in Life Sciences Room 218,
telephone 312-567-5744 or disabilities@iit.edu.