COMP 232, Cybersecurity COMP 232, Cybersecurity Details Full syllabus for COMP232 (TBA) Lecturer: Alexei Lisitsa Demonstrators: Faisal Alotaibi: Group 3 Samuel Fish: Group 2 Emmanouil Pitsikalis: Group 4 Musah Shaibu: Group 1 Lectures Monday, 15:00, ASHT-LR (Ashton Building, Lecture Theatre Tuesday,14:00, CHAD-BARKLA (Chadwick Building, Barkla Lecture Teathre) Thursday, 9:00, NICH-LT (Nicholson Building, Nicholson Lecture Theatre) Practical Sessions Group 1: Tue 10.00, Lab 5 & Fri, 14.00, Lab 1 Group 2: Mon 12.00, Lab 5 & Fri, 16.00, Lab 5 Group 3: Mon 16.00, Lab 5 & Fri, 11.00, Lab 1 Group 4: Tue 11.00, Lab 5 & Fri, 9.00, Lab 5 Textbooks Richard R. Brooks, Introduction to Computer and Network Security, Navigating Shades of Grey, CRC Press, 2014 William Stallings, Network Security Essentials: Applications and Standards, Prentice Hall, 2000 (and later editions ) Useful and Interesting Links related to Cybersecurity Get Safe Online. Free Expert Advice. Cyber Security Challenge UK Schneier on Security. A blog covering security and security technology. A blog about cryptography and security by David Wong, the author of Real World Cryptography Book Krebs on Security. A blog on in-depth security news and investigation. Steptoe Cyberblog. The cryptopals Crypto Challenges. Additional Books A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC Pres, 1996 Applied Advanced Crypto Accessible and Scalable Secure Multi-Party Computations Lecture notes (slides) PDF Introduction Basic Concepts in Security Identification and Authentication Additional reading RFID repeater used to steal a car Vulnerabilities in Biometric Systems Elements of cryptography. Symmetric encryption Elements of cryptography. Symmetric encryption, 2 Public Key Encryption RSA algorithm Diffie-Hellman key exchange Message authentication and hash functions Additional reading: Cryptographic Hash Function SHA-1 is a Shambles Quantum Cryptography and Computations Additional links/reading: IBM Q Experience (online platform for quantum computing Quantum in the Cloud (online access to real quantum processor) Quantum Access Network D-Wave. The Quantum Computing Company Computing over Encrypted Data: homomorphic encryption and CryptDB Steganography Additional reading: Embedding Covert Channels into TCP/IP, by Steven J. Murdoch and Stephen Lewis Security Protocols and their Analysis Techniques for Anonymity Further protocols: Electronic voting Monitoring and intrusion detection Techniques for intrusion detection Firewalls Malicious software. Attacks and countermeasures Additional reading: Chapters 7 and 9 of Richard R. Brooks, Introduction to Computer and Network Security, Navigating Shades of Grey, CRC Press, 2014 DeterLab Session: SQL injection Exercise Advanced crypto: zero-knowledge proofs and multi-party secure computations Additional links/reading: A curated list of multi party computation resources and links Accessible and Scalable Secure Multi-Party Computations Interactive zero knowledge 3-colorability demonstration Zero Knowledge Proofs Primer Zero Knowledge Proofs and Secure Multi Party Computations Revision Notes Practical sessions Lab 1 (Session A, week starting 03.02): Practical attacks on passwords Lab 2 (Session B, week starting 03.02): Symmetric Encryption in Java Lab 3 (Session A, week starting 10.02): How fast is DES encryption? Labs 4-5 (Sessions B and A, weeks starting 10.02 and 17.02, resp.): Message Authentication and Digital Signatures Labs 6-7 (Sessions B and A, week starting 17.02 and 24.02, resp.): Diffie-Hellman Key Exchange Lab 8 (Session B, week starting 24.02): HMAC-SHA256: Message Authentication Lab 9 (Session A, week starting 02.03): Work on Assignment 2 Lab 10 (Session B, week starting 02.03):Formal Verification of Security Protocols. Introduction to ProVerif ProVerif: Cryptographic protocol verifier in the formal model User Manual for ProVerif Online Demo for ProVerif Examples from ProVerif User Manual: hello.pv hello_ext.pv ex_handshake.pv Lab 11 (Session A, week starting 09.03): Work on Assignment 2 Lab 12 (Session B, week starting 09.03): Work on Assignment 2 Online Labs, week starting 23.03: Introduction to DeterLab DeterLab: Cyber-Defense Technology Experimental Research Laboratory Online Labs: Securing Legacy Systems with Snort Securing Legacy Systems, by Jeff Mates PacketTotal (online PCAP analysis) Additional DeterLab Session: SQL injection Exercise Practical assignments Assignment 1 (Deadline for submission is 28th of February 2020, Friday, 17.00) Assignment 2 (Deadline for submission is 24th of March 2020, Tuesday, 17.00) Assignment 3 (Deadline for submission is 12th of May 2020, Tuesday, 17.00, extended) EXAM paper (Deadline for submission is 22th of May 2020, Friday, 10.00) Programming with JCA JCA/JCE Reference manual DES encryption in Java with JCA DES encryption in ECB mode DES encryption in CBC mode with an inline IV DES encryption in CBC mode; IV generated by Cipher object Password-based encryption Utility class implementing array of bytes to hex strings conversion AES encryption in Java with JCA Password-based encryption only with AES (128 bits key size only) Password-based encryption and decryption with AES (128 bits key size only) Utility class implementing array of bytes to hex strings conversion RSA encryption and message digest computing with JCA RSA encryption/decryption with random keys Message Digest Example with SHA-1 Diffie-Hellman Key Exchange with JCA Diffie-Hellman Key Exchange between Two parties Diffie-Hellman Key Exchange between Three parties Message Authentication HMAC-SHA256 Message Authentication Last updated 04.05.2020