Information Security Curriculum Proposal 15 January · PDF file Information Security...
Embed Size (px)
Transcript of Information Security Curriculum Proposal 15 January · PDF file Information Security...
Information Security Curriculum Proposal
Richard E. Newman
Joseph N. Wilson
15 January 2014
Given the increasing importance of the information security as an area, the emphasis on it at the state and federal level, as well as within the corporate world, and the fact that several of the proposed courses have been taught as special topics one or more times, we propose that the courses in the information security area be restructured to reflect a more complete offering, and include a certificate program.
Our current permanent course listing in the cybersecurity area includes only the venerable CNT 5410 Computer and Network Security, although a proposed course, Penetration Testing -- Ethical Hacking, has passed College of Engineering approval. Aside from these, we have offered several special topics courses, including versions of all of the proposed courses below as well as more esoteric topics that will not be proposed as regular courses (e.g., anonymity and information hiding, computer security theory, secure coding, cryptographic protocols, etc.).
Originally positioned as the single security course offering, the current CNT 5410 Computer and Network Security course covers material from traditional computer security, cryptography, and network security. There is simply too much material to give reasonable coverage in the time available, and the three parts, while related, each have a significant amount of material distinct from the other parts.
To remedy this problem and give students a solid understanding of each of these areas, the Computer and Network Security course will be obsoleted and replaced by three courses that address the content it attempted to cover, only in more depth. This arrangement not only allows for greater depth in a very large area, but also allows for students in other courses who need specific background (e.g., in cryptography) to obtain it more thoroughly without having to spend significant time on less relevant areas for their needs.
To address the needs of both undergraduate and graduate students, these three courses will be offered at both level, perhaps sharing a common lecture and text, but requiring graduate students to read original papers, derive theoretical results, and produce more sophisticated projects.
The undergraduate Cybersecurity course is proposed in response to the warm response the special topics class in that area received in fall 2012. A large number of beginning computer majors and a fair number of non-computer majors took the course. Hence the courses is proposed as to introduce the area for those with minimal background (it does not have prerequisites), to raise awareness and knowlege of the pervasiveness of computing and communication security concerns in the modern world, and to attract new students to the security and computing curriculum.
Proposed Permanent Courses
1. Undergrad cybersecurity
2. Grad and undergrad computer security
3. Grad and undergrad cryptology
4. Grad and undergrad network security
5. Penetration Testing -- Ethical Hacking
6. Malware Reverse Engineering
The Computer and Network Security class would be obsoleted. All courses are stand-alone courses, relative to each other. Cryptographic components are largely taken as black boxes in the other courses, while their algorithms and implementations are revealed in detail in the cryptology course. Overlap between the courses is pretty minimal (1-2 weeks typically), and the last two courses emphasis laboratory work, while the first four emphasize theory, case studies, and projects.
UCC1: New Course Transmittal Form Department Name and Number
Recommended SCNS Course Identi�cation
Transcript Title (please limit to 21 characters)
Pre�x Level Course Number Lab Code
Amount of Credit
Contact Hour: Base or Headcount
Course Description (50 words or less)
Degree Type (mark all that apply) Baccalaureate Graduate Other
Introductory Intermediate Advanced
Rationale and place in curriculum
Category of Instruction
E�ective Term and Year Rotating Topic yes no
S/U Only yes no
yes no If yes, total repeatable credit allowed
Variable Credit yes no If yes, minimum and maximum credits per semester
Full Course Title
Standardized Syllabus for the College of Engineering
COT 5xxx Introduction to Cryptology 1. Catalog Description - Credits: 3;
This course introduces classical and modern cryptography and cryptanalysis, including symmetric and asymmetric (public key) ciphers. It covers cryptographic hash functions, block and stream ciphers, as well as differential and linear cryptanalysis. It reviews BAN logic, applications of cryptography, cryptographic standards and protocols, and analyzes case studies of failed implementations.
2. Pre-requisites and Co-requisites: COT 3100 Applications of Discrete Structures or equivalent is required, COT 5405 Analysis of Algorithms is corequisite.
3. Course Objectives Students will study the history, design, implementation, and analysis of cryptographic ciphers. Graduate students are expected to prove results in cryptography and analyze protocols using BAN logic. Successful students will be able to distinguish public key from private key cryptosystems, know where and how to use these in larger systems, and analyze a given cipher for security. They will be able to apply their knowledge of data structures, algorithms, performance analysis, and protocols to real-life problems in cryptographic systems.
4. Contribution of course to meeting the professional component (ABET only – undergraduate courses)
N/A 5. Relationship of course to program outcomes: Skills student will develop in this
course (ABET only undergraduate courses) N/A 6. Instructor: R. Newman
a. Office location: CSE-E346 b. Telephone: 352-505-1579 c. E-mail address: nemo-at-cise-dot-ufl-dot-edu d. Class Web sites: http://www.cise.ufl.edu/~nemo/crypto/ e. Office hours: MWF 10:30-11:30 and 1:00-2:00
7. Teaching Assistants: TBD a. Office location: CSE-E309 b. Telephone: TBD c. E-mail address: TBD d. Office hours: TBD
8. Meeting Times: TBD 9. Class/laboratory schedule, i.e., number of sessions each week and duration of each
session: 3 50-minute lectures 10. Meeting Location: TBD 11. Material and Supply Fees: N/A 12. Textbooks and Software Required
a. Title: "Cryptography and Network Security," b. Author: Stallings c. Publication date and edition: Prentice Hall, Upper Saddle River, NY,2011, 5/e d. ISBN: 0-13-609704-9
13. Recommended Reading: N/A 14. Course Outline (provide topics covered by week or by class period)
a. Introduction and Historical Ciphers – 3 wks i. Codes, ciphers, and information hiding ii. Monoalphabetic ciphers iii. Polyalphabetic ciphers iv. Block ciphers v. Rotor machines vi. Information theory in cryptography
b. Modern Block Ciphers – 4 wks i. DES and the Feistel structure ii. Triple-DES iii. AES iv. Block Cipher modes: ECB, CBC, modes for disk storage
c. Modern Stream Ciphers – 2 wks i. RC4 ii. Block Cipher stream modes: OFB, CFB, CTR
d. Pubic Key Cryptosystems – 3 wks i. RSA ii. Diffie-Hellman iii. ECC iv. Digital Signatures
e. Cryptographic Hashes – 2 wks i. One-way functions ii. Uses for cryptographic hashes iii. Birthday attack iv. Early hash functions v. MD4 vi. MD5 vii. SHA-1 viii. SHA-2 ix. SHA-3
f. Cryptographic Protocols – 2 wks i. Key distribution and authentication ii. BAN logic iii. Standards – SSL, TSL, RSNA
15. Attendance and Expectations (is attendance required, penalties for absence, tardiness, cell phone policy, etc.)
Requirements for class attendance and make-up exams, assignments, and other work are consistent with university policies that can be found at http://catalog.ufl.edu/ugrad/current/regulations/info/attendance.aspx. Pop quizzes may be given on assigned reading and on material covered in classes. Cell phones and pagers must be silent during class. Reading emails, facebook, etc. is appropriate at some other time and place. Questions are encouraged - raise your hand to be recognized. Try to formulate the question before asking it, and wait to see if it is answered in a few minutes so we can maintain flow. Lengthy discussions will be deferred to office hours. Students are required to check the class web pages at least three times a week (MWF) for announcements/updates. You are responsible for all assignments posted on the web page or announced in class.
16. Grading – methods of evaluation: a. Quizzes and Homeworks: 20% b. Exams: 40% (midterm and final)
c. Projects: 40% Project grades include scoring for documentation and good programming practice in addition to correct functionality. Projects shall focus on cryoptology. Examples include cryptographic functions, cryptanalysis, cryptographic protocols, applications of cryptography to authentication, etc.
17. Grading Scale: A >= 90%, 90% > A- >= 87%, 87 %> B+ >= 85%, 85% > B >= 80%, 80% > B- >= 7