BBM 463 - Information Security Fall 2024 Instructor: Ahmet Burak Can Class Time: Tuesday, 13:00-16:00 Room: Computer Engineering Building, Seminer Hall Textbooks Network Security: Private Communication in a Public World, 2nd Edition. C. Kaufman, R. Perlman, and M. Speciner, Prentice-Hall Security in Computing, C. P. Pfleeger and S. L. Pfleeger, Prentice Hall Supplementary books Applied Cryptography: Protocols, Algorithms, and Source Code in C, B. Schneier, John Wiley & Sons. Handbook of Applied Cryptography. A. Menezes, P. van Oorschot and S. Vanstone. CRC Press Security Engineering: A Guide to Building Dependable Distributed Systems, Ross J. Anderson, John Wiley & Sons Grading Midterm exam - 40% (Nov 26, 2024) Final exam - 55% Attendance - 5% Communication All class communication will be done via Piazza BBM463 communication group. Please register to this group on Piazza.com For the laboratory class of this course, please register to Piazza BBM465 communication group Syllabus Resources Introduction     1x1     4x1 Basic ciphers     1x1     4x1 Wikipedia: Steganography Another Page on Steganography Wikipedia: Basic Ciphers Wikipedia: Substitution Ciphers Wikipedia: Enigma Machine A Nice Page on Some Basic Ciphers Another Page on Some Basic Ciphers A YouTube video on Enigma Block ciphers, Encryption modes and Stream ciphers     1x1     4x1 Wikipedia: Block Ciphers Wikipedia: Feistel Networks Wikipedia: Data Encryption Standard (DES) Wikipedia: Block Cipher Modes of Operation Hash functions, message digests, HMAC     1x1     4x1 Wikipedia: Hash Functions Wikipedia: Message Authentication Codes Number Theory, Public Key Cryptography, RSA     1x1     4x1 Wikipedia: RSA Digital signatures, Public key certificates, X509     1x1     4x1 Wikipedia: Digital Signatures Wikipedia: Digital Certificates Wikipedia: Certificate Authority Wikipedia: Public Key Infrastructure Auhentication: Two-Three factor authentication, Biometrics, Smart Cards     1x1     4x1 Wikipedia: Fingerprint Recognition Wikipedia: Iris Recognition Wikipedia: Various Types of Card Readers Wikipedia: Smart cards Wikipedia: One Time Password Protocols Security Handshake     1x1     4x1 Real-time Communication Security, SSL/TLS, IPSEC     1x1     4x1 A Video Seminar on SSL A Video Seminar on IPSEC Kerberos     1x1     4x1 Kerberos Tutorial Secret Sharing (Threshold) Schemes     1x1     4x1 Wikipedia: Shamir's Secret Sharing System Network Security     1x1     4x1 A Tutorial on Firewalls A Tutorial on IDS/IPS A Video Seminar on SIEM Operating System Security     1x1     4x1 Windows Access Control Lists Another Page on Windows Access Control Lists UNIX File Permissions Wikipedia: UNIX setuid Bits Wikipedia: UNIX chmod command Another Page on Linux File Permissions Malicious Software    1x1     4x1 Wikipedia: Malware types Wikipedia: Compute Viruses Wikipedia: Rootkits Wikipedia: Ransomware Wikipedia: Internet Worms Various Malware Examples: Morris Worm   Code Red Worm   Carna Botnet   Acknowledgements I thank to Prof. Cristina Nita-Rotaru at Noartheastern University, Prof. Ninghui Li at Purdue University and Prof. Ali Aydın Selçuk at TOBB ETU who shared their course slides with me. Slides of this course are mostly adapted from their slides. References US National Vulnerability Database