Introduction to Information Security J. H. Wang Sep. 18, 2012

Introduction to Information Security

J. H. WangSep. 18, 2012

Instructor

• Instructor– Jenq-Haur Wang (王正豪 )– Assistant Professor, CSIE, NTUT– Office: R1534, Technology Building– E-mail: jhwang@csie.ntut.edu.tw– Homepage: http://www.ntut.edu.tw/~jhwang/ – Tel: ext. 4238– Office Hour: 9:10-12:00am every Tuesday and

Wednesday

Course Overview

• Course: Information Security• Time: 13:10-14:00pm on Tuesdays,

13:10-15:00pm on Wednesdays• Classroom: R527/R427, 6th Teaching

Building• Prerequisite: Discrete Mathematics,

Computer Networks• Course webpage:

http://www.ntut.edu.tw/~jhwang/IS/• TA: H.Y.Wang (R1424, Technology

Building)

Target Students

• For those who– Major in Computer Science or

Information Technology, and– Are familiar with basic computer

networks and discrete mathematics, and– Are preparing to investigate more

details in selected topics and recent developments in information security

Resources

• Textbook: Network Security Essentials: Applications and Standards, 4th ed., by William Stallings, Pearson Education, Inc., 2011. (International Edition, imported by Kai-Fa Publishing)– http://williamstallings.com/NetworkSecurity/ – Online chapters and appendices available

• References: – Cryptography and Network Security: Principles and

Practice, Fifth Edition, by William Stallings, Prentice-Hall, 2011 (from which our textbook is adapted)

– Slides, documents, and tools

Teaching

• Lectures• Homework assignments

– Homework should be turned in within two weeks

• Mid-term exam• Term project: programming exercises

or topical surveys– How do intruders attack our systems– What kinds of security tools are available– How do we protect against attacks

Grading Policy

• (Tentative) grading policy– Homework assignments: 30%– Midterm exam: 30%– Term projects: 40%

• Programming exercises or topical surveys

Course Description

• Introduction to basic concepts in information security and their applications – Cryptography

• Encryption, hash function, digital signature

– Network security applications• HTTPS, wireless security, e-mail security, IP

security

– System security• Intrusion, virus, firewall

Outline & Schedule• Outline

– Introduction– Cryptography (Ch. 2-3)

• Symmetric encryption and message confidentiality• Public-key cryptography and message authentication

– Network security applications (Ch. 4-8)• Key distribution and user authentication• Transport-level security• Wireless network security• Electronic mail security• IP security

– System security (Ch. 9-11)• Intruders• Malicious software• Firewalls

Outline & Schedule (Cont’)

– Online chapters (Ch.12-13)• Network management security• Legal and ethical aspects

Outline & Schedule (Cont’)

• (Tentative) Schedule– Introduction: 1-2 wks– Cryptography: 3-4 wks – Network security applications: 7-8 wks

• TCP/IP• Web, SSH, E-mail, IP security

– System security: 1-2 wks• Intrusion detection, password, virus, firewall

• Due to the time limits, we will try to cover most of the major topics above without going too much into details– E.g.: mathematical parts such as number theory (Appendix

A)– A broad overview, and then focus on selected topics in

depth

Additional Resources

• Review on computer networking and TCP/IP protocols

• Slides on network and information security

• Useful tools for network and system security

• Web resources and recommended reading (at the end of each chapter)

More on Term Project

• Programming exercises using security libraries– Implementation of security algorithms– Implementation of a client-server application for

secured chat room– …

• Topical surveys in information security-related topics, e.g.:– Demonstration on how to use a security tool to

defend against attacks– Comparison of security standards or algorithms– Potential security weakness in systems, and

possible solutions or countermeasures– …

Thanks for Your Attention!