Faculty Contact Information:
| Phone number will be provided within the WEbTycho classroom. | |
Consultation:
The lecturer is available for consultation using Tyco or email.
Your questions will be answered within 48 hours. | |
Required Texts and Readings:
Kaufman, Perlman & Speciner. (2002). Network Security: Private Communication in a Public World (2nd ed). Upper Saddle River, NJ: Prentice Hall. ISBN: 0-13-046019-2.
Pfleeger, C. P. (2003). Security in Computing (3rd ed). Upper Saddle River, NJ: Prentice Hall. ISBN: 0-13-035548-8.
American Psychological Association. (2001). Publication manual of the American Psychological Association (5th ed.). Washington, D.C.: APA. ISBN: 1-55798-791-2
ADDITONAL READINGS:
Selections from the Proceedings of the 22nd National Information Systems Security Conference (NISSC 99), Crystal City, VA, October 18-21, 1999.
Selections from the Proceedings of the 23rd National Information Systems Security Conference (NISSC 00), Baltimore, MD, October 16-19, 2000. (* Available on-line at: http://csrc.nist.gov/nissc Click on appropriate year, then link to "toc.pdf".)
| |
Supplementary Readings:
Ford, W. (1994). Computer Communications Security - Principles, Standard Protocols, and Techniques. Englewood Cliffs, NJ: Prentice Hall.
Schneier, B. (1996). Applied Cryptography (2nd ed.). New York, NY: John Wiley & Sons, Inc. ISBN: 0-47-111709-9.
Schneier, B. (2000). Secrets and Lies: Digital Security in a Networked World. New York, NY: John Wiley & Sons, Inc. ISBN: 0-47-125311-1. | |
Recommended Journals:
| Publications of the various professional societies (such as ACM -- the Association for Computing Machinery, the IEEE Computing Society, and the various management professional societies) are strongly recommended. In addition, there are many trade journals (such as eWEEK) that IT professionals should become familiar with, many of these being published both weekly and on-line. | |
Course Description:
| This course traces the historical development of cryptographic methods and cryptanalysis tools. The theory of encryption using symmetric and asymmetric keys is presented. Current protocols for exchanging secure data, including the Data Encryption Standard and the Advanced Encryption Standard, are discussed. Secure communications techniques are also reviewed. Public Key Infrastructure and the use of digital signatures and certificates for protecting and validating data are examined. The course also explores strategies for the physical protection of information assets. | |
Course Goals:
Upon successful completion of this course, the student should understand and be able to apply knowledge concerning:
- Assessment of information assets’ threats and vulnerabilities .
- Mathematical theories on which cryptographic algorithms are based.
- Commercially-available encryption techniques.
- Hardware and software supporting cryptology and data protection.
- Current and emerging issues and trends in cryptology and data protection.
| |
Course Objectives:
At the end of the course, students should be able to:
- Assess the threats and vulnerabilities inherent in networked information systems, and the security impacts of technological advances in computing, networks, and telecommunications.
- Compare and contrast the basic mathematical characteristics of the more common commercial cryptographic algorithms and their relative strengths and weaknesses.
- Analyze various encryption techniques and their appropriate uses in the assurance of privacy, integrity, and authentication in information systems.
- Distinguish among applicable security protocols and other security countermeasures and assess tradeoffs of security, performance and cost.
- Evaluate the technical and non-technical issues involved with data protection in the burgeoning controversies surrounding security, privacy, electronic commerce, computer crime, information sharing, and cyberwar, and be able to relate these issues to their own environment wherever applicable.
| |
Grading Information:
Final grades will be calculated as follows:
Mid-term examination: 30%
Final examination: 40%
Research Paper: 30%
According to the Graduate School grading policy, the following symbols and scale are used:
A = excellent (92-100)
B = good (80-91)
C = passing (70-79)
F = failure (less than 70)
The grade of "B" represents the benchmark for the Graduate School. It indicates the student has demonstrated competency in the subject matter of the course, i.e., has fulfilled all course requirements on time, has a clear grasp of the full range of course materials and concepts, and is able to present and apply these materials and concepts in clear, reasoned, well-organized and grammatically correct responses, whether written or oral.
Only students who full meet this standard and, in addition, who demonstrate exceptional comprehension and application of the course subject matter, merit an "A."
Students who do not meet the benchmark standard of competency fall within the "C" range or lower. They, in effect, have not met graduate level standards. Where this failure is substantial, they earn an "F." | |
Course Requirements:
The course requirements are as follows:
Homework Exercises. Students are required to complete six homework exercises designed to reinforce concepts examined in the lectures and readings.
Examinations. A midterm and final examination will be given.
Research Paper. A research paper of 20 - 25 pages is required. Topics will be selected by each student from a list of sample topics provided by the instructor or on any other topic relevant to the area of cryptology. Students will submit to the instructor a short (not to exceed a single-page) typewritten research proposal which identifies the selected topic and outlines the proposed research effort. This is due no later than the third class period.
Oral Presentation. Each student will give a brief oral presentation describing the results of his/her research to the rest of the class. (Online students will post their presentations, including graphics and notes, in a Conference topic area to be designated by the instructor). | |
Description of Course Requirements:
Successful graduate students in American universities dedicate approximately three hours of preparation/study time for every hour spent in the face-to-face classroom. Thus, the following course requirements were developed on the assumption that students would be prepared to spend approximately 150 hours of their own time working on them. In an 8-week term, that is the equivalent of a half-time job. Most 14-week graduate distance education courses require at least 10 hours per week of dedicated time, plus time spent in the virtual classroom.
STATEMENT ON WRITING REQUIREMENTS:
Effective managers and leaders are also effective communicators. Written communication is an important element of the total communication process. The Graduate School recognizes and expects exemplary writing to be the norm for course work. To this end, all analyses and papers must demonstrate graduate level writing ability and comply with the format requirements of the Publications Manual of the American Psychological Association. All writing assignments will be graded on the basis of content, logic, analysis, mechanics, organization, and research. Careful attention should be given to source citations, proper listing of references, the use of footnotes, and the presentation of tables and graphs. Work submitted online should follow standard procedures for formatting and citation.
POLICY ON ACADEMIC INTEGRITY:
Academic integrity is central to the learning and teaching process. Students are expected to conduct themselves in a manner that will contribute to the maintenance of academic integrity by making all reasonable efforts to prevent the occurrence of academic dishonesty. Academic dishonesty includes (but is not limited to) obtaining or giving aid on an examination, having unauthorized prior knowledge of an examination, doing work for another student, and plagiarism of all types.
PLAGIARISM:
Plagiarism is the intentional or unintentional presentation of another person's idea or product as one's own. Plagiarism includes, but is not limited to the following: copying verbatim all or part of another's written work; using phrases, charts, figures, illustrations, or mathematical or scientific solutions without citing the source; paraphrasing ideas, conclusions, or research without citing the source; and using all or part of a literary plot, poem, film, musical score, or other artistic product without attributing the work to its creator. Students can avoid unintentional plagiarism by following carefully accepted scholarly practices. Notes taken for papers and research projects should accurately record sources of material to be cited, quoted, paraphrased, or summarized, and papers should acknowledge these sources in footnotes. The penalties for plagiarism include a zero or a grade of F on the work in question, a grade of F in the course, suspension with a file letter, suspension with a transcript notation, or expulsion. Resubmission of course work from previous classes (whether or not taken at UMUC, UMUC-Europe or BSU), partially or in its entirety, is not acceptable in this course and will result in an automatic failure on the assignment.
DISABLED STUDENTS:
Students with disabilities who need to register or request services should contact the Staff Support Team four to six weeks in advance of registration to request and register for services.
COURSE EVALUATIONS:
Feedback on each graduate course and instructor is important to the university, your professor, and to all UMUC students. UMUC has the responsibility to assess the effectiveness of classroom instruction, and each student has the responsibility to provide accurate and timely feedback through completion of the course evaluation form. This is a shared obligation for us all. It is therefore important that you complete the evaluation form for each course you attend. This should be viewed as an additional course and program requirement. | |
Course Schedule:
SESSION 1; 04 - 10 Sept: Introduction to Information Security
- Course Overview
- Information Security Overview
- Threat awareness
- Terminology
- Principles
- Vulnerabilities
- Threats
- Defense mechanisms
Readings: Kaufman, Chapter 1 & 2.1-2.2
fleeger, Chapter 1 & 2.1-2.2
Learning objectives: Students establish a framework for defining potential threats to an information system.
SESSION 2; 11 - 17 Sep: Encryption Basics
- Introduction to Cryptography
- Historical context
- Encryption terms and basic concepts
- Classes of encryption
Readings: Kaufman, 2.3-2.6, 3.1-3.2, 6.1-6.2
Pfleeger, 2.3-2.11
Learning objectives (sessions 2 through 4): Students evaluate and practice basic cryptographic and cryptanalysis techniques.
SESSION 3; 18 - 24 Sep: Encryption Algorithms (1)
- Secret Key Algorithms
- Overview
- Data Encryption Standard (DES)
- Advanced Encryption Algorithm (AES)
- Others
Readings: Kaufman, 3.1-3.6, 4.1-4.4, 8.1, 8.5-8.6
Pfleeger, 3.8-3.9
Assignments:Research paper proposal due.
Homework #1 due (substitution/permutation exercise)
SESSION 4: 25 Sep - 1 Oct: Encryption Algorithms (2)
- Public Key Algorithms
- Rivest-Shamir-Adelman encryption (RSA)
- Digital Signature Standard (DSS)
- Others
- Elliptic Curve overview
- Quantum Cryptography
Readings: Kaufman, 6.3-6.8
Pfleeger, 3. (Intro), 3.1-3.6
SESSION 5; 2 - 8 Oct: Hash Functions, Encryption Controversy, and Key Escrow
- Hash function overview
- Hash algorithms
- Key escrow and Clipper algorithm
- The encryption controversy
- Cryptographer's toolbox
Readings: Kaufman, 5.1-5.8, 24.9
Pfleeger, 3.7.1-3.7.2, 3.10
Assignments:Homework #2 due (symmetric/asymmetric key exercise)
Learning objective: Students analyze fundamental issues dealing with keys and key control.
SESSION 6; 9 - 15 Oct: Security Protocols, Authentication, and Program Threats
- Authentication overview
- Security protocols overview
- Program threats
- Program flaws
- Malicious code
- Program threat controls
Readings: Kaufman, 9.1-9.5, 10.1-10.10, 11.1-11.8
Pfleeger, 4.1-4.5, 5.1-5.6, 6.5
Alves-Foss, J., Provably insecure mutual authentication protocols: The two-party symmetric-encryption case. NISSC 99.
Chakravarthi, M., Security of high-performance messaging layers on programmable network interface architectures. NISSC 99.
Learning objectives:Students learn basic practices in information authentication.
Midterm Examination (covers sessions 1 through 6)
Break; 16 - 22 Oct
SESSION 7; 23 -29 Oct: Software Security and Trust
- General Operating System Security
- Trusted system overview
- Trusted software
- Trusted models
- "Rainbow Series"
- Common Criteria
- Database Security
Readings: Pfleeger, 5.1-5.6, 6.1-6.4, 6.6-6.8, 7.1-7.6, 7.7-7.9, 8.1-8.7
Arsenault, A. & Housley, R., Protection profiles for certificate issuing & management systems. NISSC 99.
Brunnstein, K., From antivirus to antimalware software and beyond: Another approach to the protection of customers from dysfunctional systems. NISSC 99.
Caplan, K., Common criteria in the U.S.: What a developer should know. NISSC 99.
Sobel, A. & Alvez-Foss, J., A trace-based model of the Chinese Wall security policy. NISSC 99.
Williams, J. & Ferraiolo, K., P3I - Protection profile process improvement. NISSC 99.
Nachenberg, C., The evolving virus threat. NISSC 00.
Olthoff, K., Thoughts and questions on common criteria evaluations. NISSC 00.
Assignments: Homework #3 due (white paper on virus threat evaluation web sites)
Learning objectives: Students outline the major elements of trusted systems concepts.
SESSION 8; 30 Oct - 4 Nov: Network, Email, and Distributed Security (1)
- Network security introduction
- Concepts
- Threats
- Attacks
- Network security concerns
- Network security controls
Readings:
Kaufman, 11.6-11.10, 20.1-20.16, 23.1-23.7
Pfleeger, 9.1-9.10
Assignments: Homework #4 due (white paper on international cryptographic standards)
Learning objectives (sessions 9 & 10): Students compare costs and benefits of various security protocols and data protection standards.
SESSION 9; 5 - 11 Nov: Network, Email, and Distributed Security (2)
- Electronic Mail security
- Security services and controls
- Encryption/protocol tradeoffs
- Privacy Enhanced Mail (PEM)
- S/MIME
- "Pretty Good Protection" (PGP) protocol
- The President's Commission on Critical Infrastructure Protection
- Presidential Decision Directive 63
- Cyber Defense Intitative
Readings:
Kaufman, 21.1-21.18, 22.1-22.9, 22.10.2
Kates, J. & Whited, P., Are organizations ready for the electronic renaissance in communication? Email monitoring & privacy issues. NISSC 99.
Shake, T. et al., Assessing network infrastructure vulnerabilities to physical layer attacks. NISSC 99.
Shankaran, R. & Hitchens, M., Active networks and security. NISSC 99.
Cannady, J., Next generation intrusion detection: Autonomous reinforcement learning of network attacks. NISSC 00.
Assignments: Homework #5 due (white paper on pros and cons of PGP)
SESSION 10; 12 - 18 Nov: Security Standards, Web Security, and Vendor Solutions (1)
- Standards
- Public Key Infrastructure (PKI)
- Communications Security
Readings: Kaufman, 13.1-13.12, 14.1-14.14, 15.1-15.8, 16.1-16.12, 17.1-17.2, 18.1-18.4, 19.1-19.8, 24.1-24.3, 24.5-24.7, 25.1-25.3, 25.5
Assignments: Homework #6 due (white paper on physical protection of data, e.g. archiving and escrow accounts) Learning objectives (sessions 11 & 12): Students evaluate specific approaches to data protection, their technical strengths and weaknesses, and their potential social impact.
SESSION 11; 19 - 25 Nov: Security Standards, Web Security, and Vendor Solutions (2)
- Vendor Security Overview
- Specific Solutions
Assignments: Research Paper due
SESSION 12; 26 Nov - 3 Dec: Student Research Presentations
Final Examination (covers sessions 8 through 12) | |
Academic Policies:
The University has a license agreement with Turnitin.com, a service that helps prevent plagiarism from internet resources. I may be using this service in this class by either requiring students to submit their papers electronically to Turnitin.com or by submitting questionable text on behalf of a student. If you or I submit part or all of your paper, it will be stored by Turnitin.com in their database throughout the term of the University's contract with Turnitin.com. If you object to this temporary storage of your paper, you must let me know no later than two weeks after the start of this class. Please Note: If you object to the storage of your paper on Turnitin.com, I may utilize other services to check your work for plagiarism
The official university policy on Plagiarism and Academic Dishonesty can be found at http://www.umuc.edu/policy/aa15025.shtml. Section I.C. states: "Faculty may determine if the resubmission of course work from previous classes (whether or not taken at UMUC), partially or in its entirety, is acceptable when assigning a grade on that piece of course work. Faculty must provide this information in their written syllabi. If the resubmission of course work is deemed to be unacceptable, a charge may not be brought under this Policy and will be handled as indicated in the written syllabi."
Please refer to Description of Course Requirements for specific information on how resubmissions will be treated in this course and to the UMUC-Europe Graduate Catalog for information on the following:
Academic Integrity
Course Load
Exception to Policy
Grade Appeal Process
Make-up Examinations
Nondiscrimination
Students with Disabilities
Code of Civility
Hard copies of the catalog are available at your local Education Center. | |
Faculty Bio:
|
Manfred Trostmann
earned his Diploma in Electrical Communication from the Rhenish-Westphalian Technical University and in Electrical Engineering from the University of Applied Sciences at Cologne.
After working for DIGITAL EQUIPMENT CORPORATION (DEC) and Mobil Oil he managed the computer center of the University of Frankfurt and built the network for the university.
He has been teaching for University of Maryland for some 20 years and belongs to the graduate faculty where he teaches several classes in the MIS and MSIT programs in Germany.
| |