A printable PDF is available.

CSC 580 Class Information and Syllabus

**Instructor:**
Stephen R. Tate (Steve) **Lectures:** Tues/Thurs 9:30-10:45, Petty 227 **Office:** Petty 166 **Office Hours:** Tues/Thurs 11:00-12:30, or by appointment**Phone:** 336-256-xxxx [old number] **E-mail:**
**Class Web Page:**
`http://www.uncg.edu/cmp/faculty/srtate/580/`

**Catalog Description (from the current catalog - being
rewritten, and included here just for reference):** Modern
development of cryptography and secure encryption protocols. Program
security and viruses. Operating system protection. Network and
distributed system security. Database security. Administering
security.

**Prerequisites:**
Grades of at least C (2.0) in CSC 330 and CSC 350.

**Student Learning Outcomes:**
Upon successful completion, students will be able to

- describe basic cryptographic functionality, including symmetric ciphers, public key encryption, digital signatures, hash functions, and related concepts;
- describe how basic cryptographic building blocks are combined to meet high-level security goals in protocols like SSL and IPsec;
- identify specific security technologies that can improve aspects of a system design;
- justify the use of particular technologies, settings, and parameters to meet specified security goals;
- evaluate the security of systems that use cryptography and secure communication techniques;
- discuss how security and privacy issues can impact system design;
- (Graduate students) explain and critique current basic research in computer security and cryptography.

**Textbook:** William Stallings. *Cryptography and Network
Security: Principles and Practice (7th Edition)*. Pearson/Prentice Hall, Upper Saddle River,
NJ, 2017.

**Other Reading:**

- Required readings: Some topics will involve reading supplemental materials, including instructor-written handouts and published materials. These materials will be handed out as printed material, or will be available electronically from the class web page.
- Graduate students will be given copies of current research papers to read and critique -- these will also be available on the class web page when possible.

**Class Structure and Assignments:** The primary method of
instruction will be two 75-minute meetings per week that will consist
of regular quizzes, lecture, discussion, and problem-solving sessions.
The class structure is nontraditional, as described below.

*Written Homework Problems:* On most weeks, students will be
given approximately 3 written (non-programming) homework problems on
Thursday. These problems will be representative of the kinds of
written problems you would traditionally see on an exam -- the first
time you see the problem it might take some time and effort to figure
out how to solve the problem, but once you have mastered the material
and practiced you should be able to solve similar problems in around
10 minutes. These should be solved before the following Tuesday, when
solutions will be reviewed and discussed. These problems are not
graded, but are not optional! If you do not *work out* solutions
yourself (and study and practice), then it is unlikely that you will
be able to solve the quiz problems, which *do* count for a
significant part of your grade.

*Quizzes:* One week after each set of written problems are
assigned, class will begin with a quiz in which students will be given
one problem similar to the ones assigned the previous week as homework
problems. A typical problem will be designed to be solvable in 10
minutes, and students will be given 15 minutes, so time should not be
an issue. While these problems are based on the homework problems,
they will not be identical. If you *understand* the solutions to
the homework problems and have *practice* solving similar
problems, then you shouldn't have any problems with the
quizzes. However, if you do not work out solutions to the homework on
your own, thinking you can rely on the in-class solution discussion
(or other solutions you locate when studying), then you
probably will not do well. Since there will be a large number of these
quizzes (12-14), your two lowest grades will be dropped. There
will be no quizzes given at other times for any reason (make-up or
in-advance), and if you miss class on a particular day that will need
to be one of your dropped scores.

*Semester-long Project:* The class includes an ongoing project
that will culminate in the production of a secure chat system, using
cryptography to meet the security goals. The project will be
implemented in Java, using the Java Cryptography Architecture
(JCA), which is standardized and available in both desktop Java
environments and in Android. We will focus on the information
management and communication components (and not the user-interface),
but ambitious students may want to experiment with user-interfaces on
different platforms. The project will be broken up into pieces that
will be assigned every 2-3 weeks, and the pieces may
include design and analysis of different components, general testing
of JCA features for possible inclusion, and implementation of
different features. After each design and analysis phase, we will
discuss various options in class and standardize a design that
everyone will use moving forward. Students may work together on the
project, in groups of up to three students, but *must* turn in
*independently-written* work, and must name the students they
collaborated with. If groups do not function well, the instructor
reserves the right to break up groups or disallow certain collaborations.

*Final Exam:* There will be a traditional final exam, oriented
around all of the homework problems that are assigned throughout the
semester. The final exam will be held at the university-scheduled day
and time: ** Tuesday, May 9, 12:00pm - 3:00pm**.

*Graduate Students:* In addition to the work described above,
graduate students will be given three research papers
during the semester to read and report on with a 1-2 page written
summary and critique. During the last 4-6 weeks of the semester,
graduate students will complete a project based on current research in
a security-related topic of their own choosing. The result could be
either a pure research focus, with a 10-15 page survey paper
summarizing research related to that topic, or it could be
implementation-based (including adding research-based advanced
capabilities to the class secure chat program) with a shorter (5-6
page) report.

**Evaluation and Grading:** Final grades will be calculated
based on the following weighting.

UndergraduatesProject 25% Quizzes 50% Final Exam 25%

Graduate studentsProject 20% Quizzes 45% Final Exam 25% Research Readings/Project 10%

**Attendance Policy and In-class Behavior:** Be a grown-up,
respect other students, and be responsible for your own
actions. That's it. If further interpretation or enforcement of these
principles is needed, the instructor has the final word.

**University Closings:** If university facilities are closed due to flu
outbreak or other emergencies, it does not mean that classes are
canceled. In such an event, please check the class web page and
Canvas site for information about if and how the class will
proceed.

**Academic Integrity:** Students are expected to be familiar
with and abide by the UNCG Academic Integrity Policy, which is online
at
`http://academicintegrity.uncg.edu/`

Remember that while collaboration is allowed on project assignments,
submitted work should be independently written by each student. It is
also important that you clearly cite *any* source of material
other than the textbook or in-class discussions that influences your
solution. This includes any online videos, tutorials, or other sources
of information -- if it didn't come from your own head and your own
creativity, you need to give credit for where the ideas came from.

List of topicsNumbers after topics indicate approximate time, in class days

(Detailed and updated schedule on class web page)

TopicReadingIntroduction and security overview (2) Chapter 1 Math basics for cryptography (1) Sect 2.1-2.3 Encryption basics (1) Sect 3.1, 3.2, and 3.5 Traditional block ciphers - ideas/properties (1) 4.1, 4.2, 4.4 Java Cryptography Architecture (1) Online Docs Advanced Encryption Standard -AES (1) Handouts Symmetric ciphers - block cipher modes (2) 7.1-7.7 Random and pseudorandom numbers (2) 8.1-8.4, 8.6 Security models and reasoning about security (2) Handouts Public key ideas, math, and RSA (2) 9.1, 2.4-2.6, 9.2 Discrete logs and DL-based crypto (1) 2.8, 10.1-10.2 Cryptographic hash functions (2) Chapter 11 Message Authentication Codes (MACs) (1) Sections 12.1-12.5 Authenticated encryption and hash-based PRNG (1) 12.7, 12.9 Digital Signatures (1) 13.1, 13.2, 13.4, 13.6 Key Management and Certificates (2) 14.2-14.5 Transport layer security (2) Chapter 17

**ADA Statement:** UNCG seeks to comply fully with the Americans
with Disabilities Act (ADA). Students requesting accommodations based
on a disability must be registered with the Office of Accessibility
Resources and Services located in 215 Elliott University Center: (336)
334-5440 (or `http://oars.uncg.edu`

).

**Commercial note-taking services:** Selling class notes for
commercial gain or purchasing such class notes in this or any other
course at UNCG is a violation of the University's Copyright Policy and
of the Student Code of Conduct. Sharing notes for studying purposes,
or borrowing notes to make up for absences, without commercial gain,
are not violations.