Information Security

George Eleftherakis
Information Security Group Software Engineering Group Computer Science Department CITY College Thessaloniki

Information Security: Lecture 0: 1

George Eleftherakis

c 2006

Hmenqlzshnm Rdbtqhsx (CSD3470)

Instructor: Dr. Eleftherakis George e-mail: eleftherakis@city.academic.gr Ofce: Tsimiski building / 5th oor Ofce Hours: Tue 11:30-14:00 Visit weekly the website of this course in the Intranet.

Information Security: Lecture 0: 2

George Eleftherakis

c 2006

Info about the module

Textbook: . . . Notes Suggested Books: [1] Niels Ferguson and Bruce Schneier. Practical Cryptography. John Wiley and Sons Ltd, 2003. [2] Ross Anderson. Security Engineering. John Wiley and Sons, 2001. [3] Bruce Schneier. Applied Cryptography: Protocols, Algorthms, and Source Code in C . John Wiley and Sons, Inc., 2nd edition, 1996.

Information Security: Lecture 0: 3

George Eleftherakis

c 2006

Info about the module

Teaching Method: 2h formal lectures and 1h tutorial presentation lecture Assessment: Coursework 30% (2 Practicals) Final Exams 70%

Information Security: Lecture 0: 4

George Eleftherakis

c 2006

This modules aim is to provide. . .

an understanding of the theoretical underpinnings for information and computer security a presentation of the basic elements of cryptography the basic knowledge on cryptosystems as building blocks an understanding on security protocols an appreciation of the strengths, weaknesses, and limitations of the protocols, and an understanding of the application of computer security theory to real-world systems.
Information Security: Lecture 0: 5 George Eleftherakis c 2006

Course Outline

Information Security: Lecture 0: 6

George Eleftherakis

c 2006

PART I: Computer Security Foundations

Introduction What is security Threat modelling Traditional Security Requirements Identication authentication authorization (access control and authorization) condentiality integrity availability
Information Security: Lecture 0: 7 George Eleftherakis c 2006

 Security Policies Access control lists Role based access control Capabilities

Information Security: Lecture 0: 8

George Eleftherakis

c 2006

PART II: Applied Cryptography (a)

Introduction to Applied Cryptography Encryption / decryption Kerchoffs principle Classic ciphers substitution polyalphabetical OTK One Time Key Transpositional

Strengths of cryptosystems Cryptographic building blocks

Information Security: Lecture 0: 9 George Eleftherakis c 2006

PART II: Applied Cryptography (b)

Cryptographic building blocks Symmetric key Cryptosystems DES AES Implementation in Java (intro to API) Message Digest (Hash, one-way) Functions, eg MD5 Integrity Authentication Identication Key Agreement
Information Security: Lecture 0: 10 George Eleftherakis c 2006

 Dife-Hellman Asymmetric Cryptosystems Public Key Cryptography Public Key Authentication Hybrid Schemes RSA Elliptic curve cryptography Key Management X.509 / PKI Implementation in Java

Information Security: Lecture 0: 11

George Eleftherakis

c 2006

PART III: Cryptographic Protocols

Protocols and attacks on Protocols Authenticated DH Needham - Scroeder public key protocol Denning-Sacco protocol Secrecy principles (optional) Implementation of a protocol in Java (optional) Real Systems Authentication systems Kerberos TLS/SSL
Information Security: Lecture 0: 12 George Eleftherakis c 2006

 IPsec PGP S/MIME Authorization systems KeyNote SPKI/SDSI AETHER

Information Security: Lecture 0: 13

George Eleftherakis

c 2006