University of South Carolina
Department of Computer Science and Engineering
Fall 2019
Lecture Notes
Week 1: Lectures:
Basic Security Concepts 1. (slides)
Aug. 22 Required reading:
·
Pfleeger et al.:, Chapter 1
Interesting reading:
1. Cyber Security Job Outlook
for 2018 and Beyond, Cyber Defense Magazine,
http://www.cyberdefensemagazine.com/cyber-security-job-outlook-for-2018-and-beyond/
, 1/10/2018
Week 2: Lectures: Basic Security Concepts
cont. (slides)
Aug. 27, 29 Cryptography 1. (slides)
Required reading:
·
Pfleeger et al.:, Chapter 2.3, 6.2, 12.1 – 12.5 (overview)
Interesting reading:
·
D. Winder, NASA Astronaut Accused Of Hacking Bank Account From Space,
Forbes, Aug. 25, 2019, https://www.forbes.com/sites/daveywinder/2019/08/25/nasa-astronaut-accused-of-hacking-bank-account-from-space/#43a78a5a54e9
·
C. Dupuis, A Short History of Cryptography, http://jproc.ca/crypto/crypto_hist.html
·
~ 1900 BC First documented written cryptography: use of non-standard
hieroglyphs in an inscription by and Egyptian scribe
·
50-60 BC Cesar Cipher – simple substitution
·
1861 Kasiski published the first general
solution of a polyalphabetic cipher
·
1933- 45 The Enigma Machine!
·
…
·
Navajo Code Talkers: World War II Fact Sheet, http://www.historynet.com/world-war-ii-navajo-code-talkers.htm
Week 3: Lectures: Cryptography 2. (slides)
Sept. 3, 5 Required
reading:
·
Pfleeger et al.:, Chapter 2.3, 6.2, 12.1 – 12.5 (overview)
·
Cryptographic support for security objectives (link)
Week 4: Lectures: Public Key Encryption (slides)
Sept. 10, 12 Diffie-Hellman Key Exchange (slides_1, slides_2)
Hash Functions and
Cryptographic Protocols Analysis (slides)
Required
reading:
·
Pfleeger et al.:, Chapter 2.3, 6.2, 12.1 – 12.5 (overview)
Week 6: Lectures:
Sept. 17 Guest
lecture: Emad Alsuwat, Ph.D. candidate
Identification and
Authentication (slides )
Sept. 19 Guest lecture: Dr. Duncan Buell
Cryptographic Protocols
Analysis (slides)
Required reading:
·
Pfleeger et al.:, Chapter 2.1,
Chapter 2.3, 6.2
Interesting
reading:
1. Thanasis Petsas,
Giorgos Tsirantonakis,
Elias Athanasopoulos, and Sotiris Ioannidis. 2015.
Two-factor authentication: is the world ready?:
quantifying 2FA adoption. In Proceedings of the Eighth European Workshop on
System Security (EuroSec '15). ACM, New York, NY,
USA, , Article 4 , 7 pages., http://dl.acm.org/citation.cfm?id=2751323.2751327&coll=DL&dl=ACM&CFID=722323573&CFTOKEN=51590717
2. Andreas Mayer, Marcus Niemietz, Vladislav Mladenov, and
Jörg Schwenk. 2014.
Guardians of the Clouds: When Identity Providers Fail. In Proceedings of the
6th edition of the ACM Workshop on Cloud Computing Security (CCSW '14). ACM,
New York, NY, USA, 105-116., http://dl.acm.org/citation.cfm?id=2664168.2664171&coll=DL&dl=ACM&CFID=722323573&CFTOKEN=51590717
3. Smart Card Alliance, http://www.smartcardalliance.org/
4. Entrust, authentication news
http://www.entrust.com/category/authentication-2/
Week 8: Lectures: Identification and
Authentication cont. (slides)
Sept. 24, 26 Protocol
exercises , sample test
Week 9: Lectures:
Access Control Models
October 1 Guest
lecture: Dr. Duncan Buell candidate
Joshua Mulliken,
Ellucian
Banner CVE-2019-8978 Vulnerability presentation, https://cse.sc.edu/news/student-finds-and-reports-software-vulnerability
October 3 Guest lecture: Hatim
Alsuwat, Ph.D.
Access Control – DAC + RBAC
(slides)
Required reading:
·
Pfleeger et al.:, Chapter 2.2 and
5.2
·
S. De Capitani di Vimercati,
P. Samarati, S. Jajodia: Policies, Models, and Languages
for Access Control, in Databases in Networked Information Systems, Volume 3433
of the series Lecture Notes in Computer Science pp 225-237, http://spdp.di.unimi.it/papers/2005-DNIS.pdf
Interesting
reading:
1. Jun Zhu, Bill Chu, Heather Lipford, and Tyler Thomas. 2015. Mitigating Access Control
Vulnerabilities through Interactive Static Analysis. In Proceedings of the 20th
ACM Symposium on Access Control Models and Technologies (SACMAT '15). ACM, New
York, NY, USA, 199-209., http://dl.acm.org/citation.cfm?id=2752952.2752976&coll=DL&dl=ACM&CFID=722323573&CFTOKEN=51590717
2. Achim D. Brucker and Helmut
Petritsch. 2009. Extending access control models with break-glass. In
Proceedings of the 14th ACM symposium on Access control models and technologies
(SACMAT '09). ACM, New York, NY, USA, 197-206., http://dl.acm.org/citation.cfm?id=1542207.1542239&coll=DL&dl=ACM&CFID=722323573&CFTOKEN=51590717
Week 10: Lectures:
Midterm Review
Oct. 8 Sample midterm 1 (solution)
Quiz 4: Research Group forming
Answer the followings:
-
Your name
-
Top 2 IoT security areas of your interest
-
Group members (if any)
-
Your strength (pick the most important one)
-
Your weakness (pick the most important one)
-
Sample midterm 2 (solution)
Oct. 10 October 10 – Fall Break, no classes
Week 11: Lectures:
Oct. 15
Oct. 17 MIDTERM
EXAM (Oct. 17)
Week 12: Lectures: Access Control –
Oct. 22, 24 Access control exercises (Optional)
Required reading:
·
Pfleeger et al.:, Chapter 2.2 and
5.2
·
S. De Capitani di Vimercati,
P. Samarati, S. Jajodia: Policies, Models, and
Languages for Access Control, in Databases in Networked Information Systems,
Volume 3433 of the series Lecture Notes in Computer Science pp 225-237, http://spdp.di.unimi.it/papers/2005-DNIS.pdf
Week 13: Lectures: Database Security (slides)
Oct. 29, 31 Inference Problem & Privacy
Preserving Data Mining (slides)
Required reading:
·
Pfleeger et al.: Chapter 7
Week 14: Lectures: Secure Software Development: Best Practices (slides)
Nov. 5, 7, 12
Required reading:
·
Pfleeger et al.: Chapter 3
·
G. McGraw, Software [In]security: Software Security Zombies,
07/2011, http://www.informit.com/articles/article.aspx?p=1739924
Interesting reading:
1. OWASP, Source Code Analysis
Tools, https://www.owasp.org/index.php/Source_Code_Analysis_Tools
Week 15: Lectures: Blockchain – Guest lecture
Dr. S. Fenner
Nov. 14
Week 16-17: Lectures: Network security (slides)
Nov. 19 - 26 Firewalls (slides)
Intrusion Detection (slides)
Required reading:
·
Pfleeger et al.: 6
·
Pfleeger et al.: 10.4, 11 (understand main issues and
concerns)
Nov. 28 November 28 Thanksgiving Recess – No Classes
Week 18: Student
Presentations
Dec. 3 All groups are presenting. See the presentation guidelines.
Each group
will have 4 mins presentation time followed by 3 mins Q&A
Upload your slides to dropbox by midnight December 2nd.
Project evaluation form. (Hard copies of the form will be given to the
student in class.)
Presentation
schedule:
1. (slides) Data Security & Privacy In the IoT-eHealth -- Joseph Basile, Wade Lewis, Julia Coleman, Marin O’Brien, Nicole Dorney, Kevin Tracy, Savannah Anderson
2. (slides) Privacy for Smart Devices -- Brett Noltkamper, Everett Bishop, William Simmons, Victor Botteicher, Wade Morgan, Miguel Zambrano, Chase O’Connor
3. (slides) Mirai and Botnets in IoT Devices -- Colby Hill, Caleb Conner, Matt Venter, Nate Ellsworth, Michael Miranda, Samuel Nichols, Jon Ramit
4. (slides) Analysis of IoT Attack Models: The Mirai Botnet -- Ryder Henderson, Noah Shaw, Jack Stemper, Jahred Danker, Edward Perreyclear, Joseph O’Neill, Luke Whittle
5. (slides) The Difficulty in Testing IOT Security -- Joshua Mulliken, Nicholas Leonhardt, Pranav Minasandram, Hardik Anand, Jake Bukuts, Jeremy Duncan, Talin Arya
6. (slides) A User-Centric Router for IoT Devices to Increase Security -- Sarah Darley, John Lee, Steven Maxwell, Graham McDonald, Shash Ravi, Andrew Sauer, Reed Segars
7. (slides) Protecting Privacy in the Age of Smart Devices Through User Authentication -- Kristina Matthews, Chaz Servance, Matt Zaleski, James Milton, Halee Aiken, Jack Primiani, Nicholas Gause
8. (slides) Improving Privacy in Smart Home Device Networks with Privacy Education and Awareness -- Zari Case, Garrett Erven, Kevin Hagan, Geniese James, Olivia Monty, Sierra Stewart, Donyelle Wallace
9. (slides) IoT Malware Detection Addressing Resource Optimization -- Nathan Pavlovsky, Connor Babin, Brandon Ryder, Steven Edwards, Luke Imholz
Dec. 5
· Discussion and selection of the top 3 projects: based on the ranking of the projects and in-class debate. Award ceremony.
·
Review
for Final exam
Final
Exam: December 10, 12:30 – 3:00 pm