ISE 328 -  Communication and E-Commerce Security
Semester 2 5770

Topics     Reading     Projects     Grading     Lectures     Policies

Time: Tuesday 9:00 - 11:00 in Room 13
Targil: Tuesday 11:00 - 12:00 in Room 207

Instructor:

    Michael J. May
      e-mail: mjmay (AT) kinneret,ac,il
      office hours: Wednesday. 11:00-12:00 (and by appointment)

The full detailed syllabus for the course is available here.

Reminder: Final A grades on Telem.

Topics:

The topics for the course include some or all of the following:

Threats and Security Requirements Foundations of Modern Cryptography
Encryption and Randomness
 Hash Functions
Authentication Public/Private Key Pairs
Shared Secrets
 Decentralized Cryptography
Key Management
 Certi cates
Network Security Internet Security
Trust Management Electronic Banking
Secure Payments
 Credit Card Transactions
Telephone and Cellular Payments Micropayments
Money Transfers Privacy Protection
Digital Cash Content Protection
Trusted Third Party Services: Digital Safes, Notaries, Agents

Reading

The following books contains useful course material, and much of the lecture content is derived from them (and other sources). Copies of these books are on reserve in the Kinneret Library or available freely online:

  • Security Engineering: A Guide for Building Dependendable Systems. (2nd edition) by Ross Anderson. link
  • Secure Electronic Commerce. (2nd Edition). by Warwick Ford and Michael S. Baum
  • The Foundations of Cryptography, volume 1 (Basic Tools). (1st edition) by Oded Goldreich
  • Handbook of Applied Cryptography. by Alfred J. Menzes, Paul C van Oorschot, and Scott A. Vanstone. link
Other materials and readings will be introduced during the course of the semester as necessary.

Assignments

Assignment 1: Cryptography - SDES. Code (as ZIP). SDES Specification. Due 13 April 2010.
                      Answers.  11 May 2010: Answers posted, so no further submissions will be accepted.

Assignment 2: Hash, DES, Diffie-Hellman. (גרסא בעברית).  Modular Exponentiation Code.
                      encrypted-testing-file.txt encrypted-testing-file.pdf
                      Designer Code. Due 23 May 2010.

Assignment 3: Secure Bank Protocols. Due 13 June 2010.

Assignment 4: Student Research.  Due 31 July 2010.

New: Submission instructions: You may submit work using Telem, in person, or by sending email to the address ise328 at gmail.  If you send email to the ise328 address, you will receive an auto-answer response acknowledging that a message has been received.

Grading Criteria

  •   4%   Quizzes
  • 16%   Programming Projects / Assignments
  • 80%   Final Exam

Lecture Slides and Notes

Schedule
Date
 Topic
 Notes
2 March E-Commerce, Internet Security, Requirements
 [pdf][targil]
9 March
 Cryptographic Foundations, History
 [pdf][targil] [xl]
16 March
 Stream and Block Cipher Functions
 [pdf][targil][sdes]
23 March
 Triple-DES, AES, CBC, Hashes
 [pdf][targil, DESTests, DESForm]
13 April
 Hashes, Diffie-Hellman, Public/Private
 [pdf][targil, DESTests, DESForm]
27 April
 Public/Private Key Pairs, RSA
 [pdf][hash, hashcode]
4 May Authentication
 [pdf][rsa]
11 May
 Authentication Defenses
 [pdf][rsa, rsacode]
25 May
 Digital Signatures, Key Exchange
 [pdf][targil, signingcode, hashingcode, apps]
1 June
 Certi cates, PKI
 [pdf][targil, signingcode, apps]
8 June
 Kerberos, One Time Passwords
 [pdf][targil, pwdCalcDesigner, clientServerExe]
15 June
 Passwords and Authentication
 [pdf][targil, clientServerDesigner]
22 June
 SSL, SSH, Access Control [pdf]
30 June
 Review Session
 [pdf]
TBA
 Final Exam Moed A
TBA
 Final Exam Moed B

Academic Integrity

Since Kinneret College does not have a unified code of academic integrity, this course will abide by the University of Pennsylvania's Code of Academic Integrity. In particular, for individual projects and group projects, the following guidelines should be followed:
  • For individual projects, you must type in and edit your own code, documentation, and any other materials submitted for grading.
    • Copying someone else's file is not allowed.
    • Allowing someone else to copy a file of yours, either explicitly or implicitly by leaving your code unprotected, is not allowed.
    • Editing each other's files is not allowed
  • Regarding the ethics of what you may or may not discuss with others:
    • "High level" discussions are fine.
      For example, discussions about the problem statement.
    • "Low level" discussions are fine.
      For example, discussions about C syntax or using gdb, understanding compiler error messages, understanding the mechanics of the tools and libraries used for the projects.
    • "Mid level" discussions require discretion. In this CIS course, discussions at this level must be limited.  Unless explicitly stated otherwise, you may not collaborate significantly with classmates (except group project members) at this level.  If you have minor discussions with others at this level or get help from outside resources (tutors, web sites, etc), you must cite at the top of the submitted projects the names of the people or websites who helped you and how they did. For example: 
            /**
             * Chris Brown
             * Project 1
             * 5/6/2008
             * I received tips from Jo Johnson on the i/o and example.com/mem.htm on memory
             */
  • If there is any doubt about the use of external sources or collabortation, please ask for clarification by the course staff.