Computer Security

and Privacy



This is a Sophomore Seminar course, meeting Thursdays 1:15-2:30 in Gates 498. Enrollment is limited to sophomores, according to the policy and procedures of the Introductory Seminars program.

The course will be based on a series of readings, with discussion of current issues in computer security. Part of the course will be devoted to current events in computer security, drawn from comp.risks and security advisories that are issued during the term. We will cover some basic issues in cryptography, including a brief summary of relevant mathematics, and computer system risks and vulnerabilities. Part of the course will also be devoted to legal and policy issues, such as censorship, rights of ownership, and rights to privacy. In this connection, we will look a computer security policies on Campus and discuss the Stanford Computer Use Policy. Students will be expected to read before class and prepare for discussion. Each student will be required to write a term paper or present an oral report in class.

Evolving Course Syllabus

Tuesdays: come prepared to discuss assigned topics.

Thursdays: I will prepare a lecture on course material.


January 4

Introduction. Seminar topics and goals.

Why did you sign up for this seminar? Class pictures.

Recent topics: DVD encryption, MP3 media, NSA key in Windows, …


Assignment 1: How do we make our pictures page visible to us and not other people? Write one page or send email or write code explaining how. Due Jan 11.

January 6

Introduction to cryptography

January 11


DVD encryption

Web server protection

News articles: searching for keys using scripts; blackmail by credit card thief

Assignment 1: How do we limit access to a site?


Assignment 2: Read New Yorker article on NSA, find out about Echelon on web (e.g., echelonwatch), skim short article on First Amendment rights, and come prepared to discuss these at next Tuesday meeting.

January 13


Begin reading Takedown.

Assignment 3: Install 128-bit encryption on your browser and look at your bank’s policy for online banking.

January 18

Export control :

Summary of US Government policy (slides)

January 12 Commerce Dept Press Release

Takedown (Chap 1-2): cast of characters (Tsutomu, Julia, John Gilmore, …)

January 20

Class cancelled. Attend Landau lecture Feb 1 instead.

January 25

Takedown Chapters 3-4, Thompson Turing Award paper.

Discuss Assignment 1: how to secure a web page

News: MP3 suit, Mitnick release, …

Background for Landau lecture – Shamir secrecy order.

January 27

Cryptography: simple number theory and RSA

February 1

Takedown Chapters 5-6.

Any questions about cryptography?

Special Lecture: Cryptology, Technology, and Policy, Susan Landau, Sun Microsystems, Gates 498, 4:15 PM. This talk will discuss recent developments in encryption export controls and their historical context.

February 3

No class. I will be away at the Network and Distributed System Security conference in San Diego. We will discuss talks from the conference on Feb 8.

February 8

Discuss attacks, break-ins, etc

February 10

Firewalls and intrusion detection mechanisms.

February 15

Network fundamentals

February 17

Mobile code security.

February 22

No class. I will be at Financial Crypto in Anguilla. One interesting link related to a talk at the conference is Pam Samuelson’s page with link to papers on legal issues.

Since there is no class meeting, please attend the Feb 23 EE380 lecture on recent denial of service attacks or view the recorded lecture online afterward by following link from EE380 page.

February 24

Projects: John - Secure web site, Adam - Ken Thompson Turing Award lecture, Dave - ICQ pgp or xor encryption, packet sniffing.

February 29

Projects: Max – Simulate/implement RSA, Galen – hacker culture, Yuping - RSA, Ruwen and Gustav – simple chat program with encryptions

March 2

Projects: Matt and Andrew – firewalls, Margaret – recent privacy legislation

March 7


March 9



Source Books

Synopsis (from
A gripping drama illuminating the good, bad and ugly of the computer world, here is the thrilling story of the ingenious capture of the Internet's most notorious cyberthief, Kevin Mitnick. Shimomura also offers clear and insightful explanations of how cyberspace works and the problems and controversies it has introduced.

We will read and discuss this book incrementally throughout the quarter. The book is easy reading, with enough comments on computer systems and risks to provide an introduction to some aspects of computer security. The book is approximately 500 pages long, so we should plan to read about 50 pages per week.

Mostly concerned with the US government policy on encryption, this book also has a short overview of cryptography. The authors are primarily scientists, not people with careers in government employees or public policy.

This book, written by two lawyers, contains a large number of interesting cases. Many are shocking invasions of privacy by the government. The topics range from police search and seizure to abortion and death to workplace issues and electronic information gathering.

Resources on Line

Course newsgroup

Possible topics for term projects

John C. Mitchell
Department of Computer Science
Stanford University
Stanford CA 94305-9045

Phone: (415) 723-8634
Fax: (415) 725-4671