Faculty Contact Information:
|
jkeohane@faculty.ed.umuc.edu
|
|
Consultation:
|
Since this course is offered as DE, the only way to contact the instructor is by Email or within the WebTycho classroom.
|
|
Required Texts and Readings:
Schneier, Bruce. (1995). Applied Cryptography: Protocols, Algorithms, and Source Code in C (2nd ed). New York, NY: John Wiley & Sons, Inc. ISBN: 0471117099.
American Psychological Association. (2001). Publication manual of the American Psychological Association (5th ed.). Washington, D.C.: APA. ISBN: 1-55798-791-2
|
|
Supplementary Readings:
Students will be expected to read a number of online and offline papers and tutorials augmenting the text or presenting material not in the text.
All graduate students should be prepared to utilize theUMUC online library. The library contains a large number of full text academic journals that are free of charge and immediately available. The library homepage also contains a number of links related to improving students' research and writing skills.
|
|
Recommended Journals:
|
Publications of the various professional societies (such as ACM -- the Association for Computing Machinery, the IEEE Computing Society, and the various management professional societies) are strongly recommended. In addition, there are many trade journals (such as eWEEK) that IT professionals should become familiar with, many of these being published both weekly and on-line.
|
|
Course Description:
|
(Formerly CSMN 681.) Prerequisite: CSMN 611, CSMN 616, CSMN 636, ITEC 620, MSIT 620, MSIT 640, or TLMN 620. An overview of the theory of encryption using symmetric and asymmetric keys, current protocols for exchanging secure data (including the Data Encryption Standard and the Advanced Encryption Standard), and secure communication techniques. A review of the historical development of cryptographic methods and cryptanalysis tools is provided. Public Key Infrastructure and the use of digital signatures and certificates for protecting and validating data are examined. Strategies for the physical protection of information assets are explored.
|
|
Course Goals:
Upon successful completion of this course, the student should understand and be able to apply knowledge concerning:
- Assessment of information assets’ threats and vulnerabilities .
- Mathematical theories on which cryptographic algorithms are based.
- Commercially-available encryption techniques.
- Hardware and software supporting cryptology and data protection.
- Current and emerging issues and trends in cryptology and data protection.
|
|
Course Objectives:
At the end of the course, students should be able to:
- Assess the threats and vulnerabilities inherent in networked information systems, and the security impacts of technological advances in computing, networks, and telecommunications.
- Compare and contrast the basic mathematical characteristics of the more common commercial cryptographic algorithms and their relative strengths and weaknesses.
- Analyze various encryption techniques and their appropriate uses in the assurance of privacy, integrity, and authentication in information systems.
- Distinguish among applicable security protocols and other security countermeasures and assess tradeoffs of security, performance and cost.
- Evaluate the technical and non-technical issues involved with data protection in the burgeoning controversies surrounding security, privacy, electronic commerce, computer crime, information sharing, and cyberwar, and be able to relate these issues to their own environment wherever applicable.
|
|
Grading Information:
Final grades will be calculated as follows:
Homework assignments: 25%
Mid-term examination: 25%
Final examination: 25%
Research Paper: 25%
According to the Graduate School grading policy, the following symbols and scale are used:
A = excellent [90-100]
B = good [80-90)
C = passing [70-80)
F = failure (less than 70)
The grade of "B" represents the benchmark for the Graduate School. It indicates the student has demonstrated competency in the subject matter of the course, i.e., has fulfilled all course requirements on time, has a clear grasp of the full range of course materials and concepts, and is able to present and apply these materials and concepts in clear, reasoned, well-organized and grammatically correct responses, whether written or oral.
Only students who full meet this standard and, in addition, who demonstrate exceptional comprehension and application of the course subject matter, merit an "A."
Students who do not meet the benchmark standard of competency fall within the "C" range or lower. They, in effect, have not met graduate level standards. Where this failure is substantial, they earn an "F."
|
|
Course Requirements:
The course requirements are as follows:
Homework Exercises. Students are required to complete homework exercises designed to reinforce concepts examined in the readings.
Examinations. A midterm and final examination will be given.
Research Paper. A research paper of 20 - 25 pages is required. Topics will be selected by each student from a list of sample topics provided by the instructor or on any other topic relevant to the area of cryptology. Students will submit to the instructor a short (not to exceed a single-page) typewritten research proposal which identifies the selected topic and outlines the proposed research effort. This is due no later than the third class period.
Resubmission of Work from Previous Classes. The resubmission of work from previous classes will not be accepted.
|
|
Description of Course Requirements:
Successful graduate students in American universities dedicate approximately three hours of preparation/study time for every hour spent in the face-to-face classroom. Thus, the following course requirements were developed on the assumption that students would be prepared to spend approximately 150 hours of their own time working on them. In an 8-week term, that is the equivalent of a half-time job. Most 14-week graduate distance education courses require at least 10 hours per week of dedicated time, plus time spent in the virtual classroom.
STATEMENT ON WRITING REQUIREMENTS:
Effective managers and leaders are also effective communicators. Written communication is an important element of the total communication process. The Graduate School recognizes and expects exemplary writing to be the norm for course work. To this end, all analyses and papers must demonstrate graduate level writing ability and comply with the format requirements of the Publications Manual of the American Psychological Association. All writing assignments will be graded on the basis of content, logic, analysis, mechanics, organization, and research. Careful attention should be given to source citations, proper listing of references, the use of footnotes, and the presentation of tables and graphs. Work submitted online should follow standard procedures for formatting and citation.
POLICY ON ACADEMIC INTEGRITY:
Academic integrity is central to the learning and teaching process. Students are expected to conduct themselves in a manner that will contribute to the maintenance of academic integrity by making all reasonable efforts to prevent the occurrence of academic dishonesty. Academic dishonesty includes (but is not limited to) obtaining or giving aid on an examination, having unauthorized prior knowledge of an examination, doing work for another student, and plagiarism of all types.
PLAGIARISM:
Plagiarism is the intentional or unintentional presentation of another person's idea or product as one's own. Plagiarism includes, but is not limited to the following: copying verbatim all or part of another's written work; using phrases, charts, figures, illustrations, or mathematical or scientific solutions without citing the source; paraphrasing ideas, conclusions, or research without citing the source; and using all or part of a literary plot, poem, film, musical score, or other artistic product without attributing the work to its creator. Students can avoid unintentional plagiarism by following carefully accepted scholarly practices. Notes taken for papers and research projects should accurately record sources of material to be cited, quoted, paraphrased, or summarized, and papers should acknowledge these sources in footnotes. The penalties for plagiarism include a zero or a grade of F on the work in question, a grade of F in the course, suspension with a file letter, suspension with a transcript notation, or expulsion. Resubmission of course work from previous classes (whether or not taken at UMUC, UMUC-Europe or BSU), partially or in its entirety, is not acceptable in this course and will result in an automatic failure on the assignment.
DISABLED STUDENTS:
Students with disabilities who need to register or request services should contact the Staff Support Team four to six weeks in advance of registration to request and register for services.
COURSE EVALUATIONS:
Feedback on each graduate course and instructor is important to the university, your professor, and to all UMUC students. UMUC has the responsibility to assess the effectiveness of classroom instruction, and each student has the responsibility to provide accurate and timely feedback through completion of the course evaluation form. This is a shared obligation for us all. It is therefore important that you complete the evaluation form for each course you attend. This should be viewed as an additional course and program requirement.
|
|
Course Schedule:
Session 1 - Introduction (Sep 3-8)
- Introduction to the Course
- Introduction to Cryptology
- Introduction to PGP
- Review of Relevant Mathematical Concepts
Session 2 - Basic Cryptography and Cryptanalysis (Sep 9-15)
- Terminology and Concepts
- Historical Context
- Steganography
- Substitution and Transposition Ciphers
- Enigma, Purple, Hagelin Machines, and Cipher Wheels
- Exclusive-OR
- Classifications of attacks
- Security of Algorithms
- Cryptographic Protocols
- Symmetric Cryptology
READ: Schneier, Preface, Sections 1.1 - 1.7, 2.1-2.2
DUE: PGP Part 1
Session 3 - Modern Symmetric Cryptographic Algorithms (Sep 16-22)
READ: Schneier, Sections 12.1-12.3, 12.5, 9.1-9.4, 9.6, 15.1-15.2
READ: Rijndael Tutorial (http://www.progressive-coding.com/tutorial.php?id=0)
DUE: PGP Part 2
DUE: Paper Topic
Session 4 - Hash Functions (Sep 23-29)
- Hash Function Overview
- Cryptographic Hash Algorithms
- Recent Developments in the field of Cryptographic Hash Algorithms
- Pseudo Random Number Generators
- Random Numbers
READ: Schneier, Sections 2.3-2.4, 2.8, 7.4, 18.1-18.2, 18.4-18.11
READ: SHA Standard (http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf)
Session 5 - Public-Key Algorithms (Sep 30-Oct 6)
- RSA
- Pohlig-Hellman
- Rabin
- ElGamal
READ: Schneir, Sections 2.5, relevant parts of 11.3, 19.1-19.6
Midterm Examination (Oct 6-7)
Session 6 - Digital Signatures (Oct 7-13)
- RSA Digital Signatures
- Digital Signature Standard/Digital Signature Algorithms
- Other Digital Signature Algorithms
- Digital Signatures and Encryption
READ: Schneier, Sections 2.6-2.7, 4.3-4.7, 20.1-20.8
DUE: PGP Part 3
Session 7 - Key Management and Authentication (Oct 14-20)
- Key Exchange
- Certificate Authorities
- Diffie-Helman
- Authentication
- Kerberos
READ: Schneier, Sections 3.1-3.3, 22.1-22.7, 24.5
DUE: First Part of Paper
Session 8 - Using Algorithms (Oct 21-27)
- Choosing and Using Cryptographic Algorithms
- IP Sec
- Digital Notary Public
- Certified Time Stamping
READ: Schneier, Sections 10.1-10.9, 4.1
DUE: PGP Part 4
Session 9 - Database, Wireless, Email and Web Security (Oct 28-Nov 3)
- Database Concepts
- Database Security
- Multilevel secure databases
- Identification and Authentication
- Access Control
- Integrity Control
- Concurrency Control
- Authorization Models
- Inference
- Wireless Network Security
- Electronic Mail Security
- "Pretty Good Privacy" (PGP)
- Privacy Enhanced Mail (PEM)
- S/MIME
- Web Security
- Secure Socket Layers (SSL)
- Secure Shell (SSH) and Secure FTP (SFTP)
READ: Schneier, Sections 3.8, 24.10, 24.12
READ: Overview of Database Security
(http://www.governmentsecurity.org/articles/DatabaseSecurityCommon-sensePrinciples.php)
READ: Database Security
(http://www.governmentsecurity.org/articles/DatabaseSecurityPart1.php)
READ: Wireless Network Security
(http://www.wi-fi.org/files/wp_9_WPA-WPA2%20Implementation_2-27-05.pdf)
READ: Why WAP over WEP
(http://searchsecurity.techtarget.com/columnItem/0,294698,sid14_gci1250687,00.html)
READ: SSL and TLS
(http://www2.rad.com/networks/2001/ssl/index.htm)
Session 10 - Policy, Law, and Emerging Issues (Nov 4-11)
- The Encryption Controversy
- Export Control of Cryptography
- Access to Enciphered Traffic
- Key Escrow
- Skipjack and the Clipper Chip
- CALEA
- The President's Commission on Critical Infrastructure Protection
- Presidential Decision Directive 63
- Cyber Defense Initiative
- Folklore
- Quantum Cryptography
- Emerging and Current Issues
READ: Schneier, Sections 23.16, 25.1-25.16, Afterword (byt Matt Blaze)
READ: Paper - Cryptography and Physical Locks (Attachment within conference)
READ: Paper - Cryptology and Computer Virii (Attachment within conference)
READ: Paper - Chaffing and Winnowing (Attachment within conference)
DUE: Final Paper
Final Examination (Nov 11-12)
|
|
Academic Policies:
|
The University has a license agreement with Turnitin.com, a service that helps prevent plagiarism from internet resources. I may be using this service in this class by either requiring students to submit their papers electronically to Turnitin.com or by submitting questionable text on behalf of a student. If you or I submit part or all of your paper, it will be stored by Turnitin.com in their database throughout the term of the University's contract with Turnitin.com. If you object to this temporary storage of your paper, you must let me know no later than two weeks after the start of this class. Please Note: If you object to the storage of your paper on Turnitin.com, I may utilize other services to check your work for plagiarism
The official university policy on Plagiarism and Academic Dishonesty can be found at http://www.umuc.edu/policy/aa15025.shtml. Section I.C. states: "Faculty may determine if the resubmission of course work from previous classes (whether or not taken at UMUC), partially or in its entirety, is acceptable when assigning a grade on that piece of course work. Faculty must provide this information in their written syllabi. If the resubmission of course work is deemed to be unacceptable, a charge may not be brought under this Policy and will be handled as indicated in the written syllabi."
Please refer to Description of Course Requirements for specific information on how resubmissions will be treated in this course.
Students with disabilities should contact the appropriate support office at UMUC-Europe.
Jan Keller, Director of Student Services
UMUC-Europe, Heidelberg
Phone: +49-6221-378299
Email: edstudent_svc@ed.umuc.edu
Mailing Address: Unit 29216, APO AE 09102 OR Im Bosseldorn 30, D-69126 Heidelberg, Germany
Please refer to the UMUC-Europe Graduate Catalog for information on the following:
Academic Integrity
Course Load
Exception to Policy
Grade Appeal Process
Make-up Examinations
Nondiscrimination
Code of Civility
Hard copies of the catalog are available at your local Education Center.
|
|
Faculty Bio:
|
John Keohane earned his BA in Mathematics from Bowdoin College and his MS and PhD in Computer Science from Stony Brook University (SUNY Stony Brook). He has been teaching at the college/university level for about 30 years, more than 12 of which have been with the European Division of UMUC, where he currently holds the rank of full professor.
|
|