Secure Systems Engineering


Prof. Sape J. Mullender (sape@huygens.org)


The class of Secure Systems Engineering is intended for predoctoral students in their final years, for doctoral students (AiO's and TwAiO's) and for postacademic computer experts seeking to update their expertise in computer security.
Class contents: introduction to cryptography, theory of authentication, access control, security of the Internet, of Unix and of the systems commonly used in industry, security of electronic payment systems, and securing the human/computer interface.
The students will be required to give a presentation of the contents of a published article pertaining to security. They will also carry out a small literature survey and write a ten to fifteen-page essay.
The class will be taught in English, so that Dutch students will achieve additional proficiency in using the language -- essential for their further carreer -- and so that foreign students (many of the AiO's are foreign) and post-academic students can make use of the course as well. 

Schedule

This schedule is subject to variation.

Slides used during class

Chapter 1, Applied Cryptography

Chapter 2, Applied Cryptography

Chapter 3, Applied Cryptography

Chapter 8, Applied Cryptography

Chapter 11, Applied Cryptography

Chapter 12, Applied Cryptography

Chapter 19, Applied Cryptography

Chapter 20, Distributed Systems

Chapter 21, Distributed Systems

A Logic of Authentication

Conclusions


Essay Subjects

  1. Find out about, and give an overview of tamperproof smart cards. Discuss techniques for making smart cards tamperproof and methods of attack. (Martin)
  2. Give an overview of the state of the art in smart card operating systems. (Thomas)
  3. Discuss the security that can be provided by Internet Firewalls (see, for instance, [Cheswick and Bellovin]) (Bas)
  4. Give an overview of Phil Zimmermann's PGP, discuss merits and defects.
  5. Give an overview of Ssh, how it works, what standards it uses; discuss merits and defects. (Jeroen)
  6. Analyse the virus phenomenon: Why are computers running Windows so much more prone to attacks than those running Unix? What sort of security measures can one take against virus attacks?
  7. Give an overview of digital watermark technology. How can they be used to protyect digital images, sound, movies? What protection do they provide? How do the work?
  8. Give an overview of David Chaum's anonymous payment system, how it works and what it achieves. (Joost)
  9. How does security work in NEtscape and Internet Explorer? How secure is it? Against what attacks does it or does it not protect? (Richard)

Literature

Chapters 1, 2, 3, 8, 9, 10, 12 
and Sections 6.1, 6.4, 11.1-11.5, 19.1-19.3
Applied Cryptography,
Bruce Schneier 
John Wiley & Sons, Inc, 1996 
ISBN 0-471-11709-9
Chapters 20 and 21 of Distributed Systems, 2nd edition,
Sape J. Mullender, editor 
ACM Press, 1993 
ISBN 0-201-62427-3
Article Why Cryptosystems Fail
Ross Anderson
Communications of the ACM 37(11) 
November 1994
Technical Report A Logic of Authentication 
Michael Burrows, Martin Abadi, and Roger Needham 
DEC SRC Technical Report 39
February 1989
Technical Report Prudent Engineering Practice for Cryptographic Protocols
Martin Abadi and Roger Needham
DEC SRC Technical Report 125
February 1989

Additional Literature

Ross Anderson's article, `Robustness Principles for Public Key Protocols' and many of the others on his home page.

Edward Amoroso, Fundamentals of Computer Security Technology, Prentice Hall, Englewood Cliffs, ISBN 0-13-108929-3

Other interesting chapters in Schneier's book are: 5, 6, 7,13, 14, 15, 24 and 25

Firewalls and Internet Security, by William R. Cheswick and Steven M. Bellovin, Addison-Wesley, 1994, ISBN 0-201-63357-4