Computer
Security
and
Privacy
CS99J
|
|
Description
This is a Sophomore Seminar course, meeting Thursdays 1:15-2:30 in Gates 498. Enrollment is limited to sophomores, according to the policy and procedures of the Introductory Seminars program.
The course will be based on a series of readings, with discussion of current issues in computer security. Part of the course will be devoted to current events in computer security, drawn from comp.risks and security advisories that are issued during the term. We will cover some basic issues in cryptography, including a brief summary of relevant mathematics, and computer system risks and vulnerabilities. Part of the course will also be devoted to legal and policy issues, such as censorship, rights of ownership, and rights to privacy. In this connection, we will look a computer security policies on Campus and discuss the Stanford Computer Use Policy. Students will be expected to read before class and prepare for discussion. Each student will be required to write a term paper or present an oral report in class.
Evolving Course Syllabus
Tuesdays: come prepared to discuss assigned topics.
Thursdays: I will prepare a lecture on course material.
|
January 4 |
Introduction. Seminar topics and goals. Why did you sign up for this seminar? Class pictures. Recent topics: DVD encryption, MP3 media, NSA key in Windows, … Assignment 1: How do we make our pictures page visible to us and not other people? Write one page or send email or write code explaining how. Due Jan 11. |
|
January 6 |
|
|
January 11 |
Comp.risksDVD encryptionWeb server protection News
articles: searching for keys using scripts; blackmail by credit card thief Assignment
1: How do we limit access to a site? Assignment 2: Read New Yorker article on
NSA, find out about Echelon on web (e.g., echelonwatch), skim
short article on First
Amendment rights, and come prepared to discuss these at next Tuesday
meeting. |
|
January 13 |
AuthenticationBegin reading Takedown. Assignment 3: Install 128-bit encryption on your
browser and look at your bank’s policy for online banking. |
|
January 18 |
Export control : Summary of US Government policy (slides) January 12 Commerce Dept Press Release Takedown (Chap 1-2): cast of characters (Tsutomu, Julia,
John Gilmore, …) |
|
January 20 |
Class cancelled. Attend Landau lecture Feb 1 instead. |
|
January 25 |
Takedown Chapters 3-4, Thompson Turing Award paper. Discuss Assignment 1: how to secure a web page News: MP3 suit, Mitnick release, … Background for Landau lecture – Shamir secrecy order. |
|
January 27 |
Cryptography: simple number theory and RSA |
|
February 1 |
Takedown Chapters 5-6. Any questions about cryptography? Special Lecture: Cryptology, Technology, and Policy, Susan Landau, Sun Microsystems, Gates 498, 4:15 PM. This talk will discuss recent developments in encryption export controls and their historical context. |
|
February 3 |
No class. I will be away at the Network and Distributed System Security conference in San Diego. We will discuss talks from the conference on Feb 8. |
|
February 8 |
Discuss attacks, break-ins, etc |
|
February 10 |
Firewalls and intrusion detection mechanisms. |
|
February 15 |
Network fundamentals |
|
February 17 |
Mobile code security. |
|
February 22 |
No class. I will be at Financial Crypto in Anguilla. One interesting link related to a talk at the conference is Pam Samuelson’s page with link to papers on legal issues. Since there is no class meeting, please attend the Feb 23 EE380 lecture on recent denial of service attacks or view the recorded lecture online afterward by following link from EE380 page. |
|
February 24 |
Projects: John - Secure web site, Adam - Ken Thompson Turing Award lecture, Dave - ICQ pgp or xor encryption, packet sniffing. |
|
February 29 |
Projects: Max – Simulate/implement RSA, Galen – hacker culture, Yuping - RSA, Ruwen and Gustav – simple chat program with encryptions |
|
March 2 |
Projects: Matt and Andrew – firewalls, Margaret – recent privacy legislation |
|
March 7 |
|
|
March 9 |
|
Source Books
- Takedown : The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It by Tsutomu Shimomura and John Markoff.
Synopsis (from
Amazon.com)
A gripping drama illuminating the good,
bad and ugly of the computer world, here is the thrilling story of the
ingenious capture of the Internet's most notorious cyberthief, Kevin Mitnick.
Shimomura also offers clear and insightful explanations of how cyberspace works
and the problems and controversies it has introduced.
We will read and
discuss this book incrementally throughout the quarter. The book is easy reading, with enough comments on
computer systems and risks to provide an introduction to some aspects of
computer security. The book is approximately 500 pages long, so we should plan
to read about 50 pages per week.
- Privacy on the Line: The Politics of Wiretapping and Encryption by Whitfield Diffie and Susan Landau.
Mostly concerned with
the US government policy on encryption, this book also has a short overview of
cryptography. The authors are primarily scientists, not people with careers in
government employees or public policy.
- The Right to Privacy by Ellen Alderman and Caroline Kennedy.
This book, written by
two lawyers, contains a large number of interesting cases. Many are shocking
invasions of privacy by the government. The topics range from police search and
seizure to abortion and death to workplace issues and electronic information
gathering.
Resources on Line
- History of the Internet and WorldWideWeb: Cerf's History of the Internet , InternetValley history.
- Organizations concerned with free speech and other rights: Electronic Frontier Foundation, American Civil Liberties Union.
- Reingold's Virtual Community (book on line).
- Newsgroup about security and privacy risks: comp.risks
- Pages from course by Kathleen Hartford (Univ Mass, Boston): background information on Takedown, readings on First Amendment and Communications Decency Act, page of links on Security and Encryption.
- Colgate class web page on related issues.
- Internet worm: brief overview, more detailed site, Spafford's The Internet Worm Program: An Analysis
- ACM Professional Knowledge Program pages on Data and Network Security. If you click on the magnifying glass, you can get a PDF copy of the paper that is summarized in the html page (most of the time).
Course newsgroup
Possible topics for term projects
|
John C. Mitchell |
Phone: (415) 723-8634 |
|
