Show The Graduate Center Menu
 
 

Internet Security

Instructor: Professor Bon K. Sy


Description

Internet Security is an introductory course for individuals interested in the theory and practice of security control and privacy protection. We will first introduce the concepts behind security control and privacy protection as applied to ascertain confidentiality, integrity, and availability (of the information and/or computer system). Here are some of the issues that we will explore in the class: What is privacy? What is the difference between security and privacy? How security control and privacy protection may be achieved through technical and non-technical means?

This introductory course will aim for covering roughly 1/3 of the curriculum required for the CISSP certification. To provide practical hands-on experience, each student will be provided with a personal Linux (virtual) machine in a VPN with no internet connection, but one can build and craft attack vector to hack each other’s machine at the network, application and data levels. In other words, each student can play defense and offense in this environment if the class decides to have a capture-the-flag contest.

We may use the SANS NewsBites as a resource for the case study on the REAL information leaks and computer security breach. We may also use the “case reports” from the ACLU (American Civil Liberties Union) and EFT (Electronic Frontier Foundation) to discuss issues surrounding privacy, digital rights, among others. Selected techniques and technologies used for security and privacy safeguard will be illustrated; specifically, the basic idea behind using cryptography to realize privacy preserving secure computation for information/data exchange, and the basic idea behind using multi-modal biometrics to achieve non-repudiation on information and/or computer access. These selected techniques and technologies will be used as a basis to introduce the concept of risk assessment and management, as well as the metrics and methods used for evaluating the strength of security control and privacy protection.
 

Learning Objectives

  • Understand administrative, procedure, and technical control for security safeguard.

  • Understand the concepts of vulnerability, exposure, and exploit; incorporate approaches for risk management and best practices.

  • Understand the ethics in cyber security and cyber law.

  • Develop practical skill and acquire a good understanding on the basics for securing networks.

  • Develop proficiency on the basic cryptographic techniques for data protection, and the maturity to approach security model and analysis.

  • Keep abreast of the emerging technologies, and learn through a case study on our contract project with the NYC agency the complexity and the challenges of real world security requirements.

  • Develop skills and critical thinking needed for “entering research” in the field.

 

Reference books and web resources

 

Tentative topics (Part 1: 2-3 weeks; Part 2: 8.5 weeks; Part 3: 2.5-3.5 weeks)

  • Part 1
    • Basics
      • Quick review on the basics for securing computing and networking resources.

      • Security safeguard based on administrative, procedure and technical control.

      • Risk management and best practice; Separation of duty and Need-to-know

      • Information from social engineering

    • Ethics in Cyber Security & Cyber Law
      • Privacy

      • Professional Ethics and (SANS and CISSP) code of conduct

      • Western law history, cyber law and cybercrimes

    • Forensics
      • Forensic Technologies

      • Chain of custody and admissibility

  • Part 2
    • Network Assurance
      • Policy centric architecture for layered defense

      • Network Intrusion Detection and prevention

      • Load balance; and fail over solution for high availability and fault tolerance

      • Public key infrastructure and system level security model design and analysis

    • Cryptography
      • Group theory and number theory review

      • Introduction to the concept of one-way functions, pseudo-random functions for key generations, and the concept of symmetric, asymmetric, and homomorpic encryption.

      • Exemplary symmetric, asymmetric, and homomorphic encryptions such as AES, RSA, and Paillier.

      • Applied cryptographic protocols such as 1-n Oblivious Transfer using RSA.

    • Application development and Ethical Hacking>
      • Application development and web security

      • SQL injection and buffer overflow

      • DNS poisoning and Denial of Service

  • Part 3
    • Emerging Technologies, Secure Computation, and Real World Case Study
      • Biometric application for security with privacy assurance

      • Signal processing and scientific computation over R in encrypted domain and number representation

      • Real world system security design and implementation for NYC agency that requires 99.9% uptime availability, and that does not allow credential pre-enrollment.

 

Grade

Weekly E-community discussion and/or progress report (ongoing throughout the semester)

  • 15% RSA crypto hacking contest

  • 10% Security technology evaluation

  • 15%x3 Choose three challenges

    • Reverse engineer biometric signature for impersonation

    • Buffer overflow

    • SQL injection

    • Intrusion detection

  • 15% Research paper review: report and presentation.

  • 15% Project proposal, feasibility study/proof of concept demo.

 

Policy

All assignments must be YOUR OWN EFFORT and submitted on time. Late submission without prior permission will not be graded.