Developing secure software requires a great deal more than a knowledge of programming. In security, the ability to understand threats and risks in general, as well as specific security technologies (for example cryptography or security protocols) is paramount. This course discusses these and other issues relating to software and systems security, including banking security and security evaluation.
|12th October 2015||Oxford University Department of Computer Science|
|18th January 2016||Oxford University Department of Computer Science|
|25th April 2016||Oxford University Department of Computer Science|
Please contact the programme office for availability.
At the end of the course, students will
- understand the main issues in computer and information security;
- have practical experience in the analysis of secure communication protocols;
- have an overview of the scope of the current leading technologies and standards;
- be able to evaluate security solutions.
- The need for security; types of security (confidentiality, authentication; non-repudiation; service integrity); big picture (network security; host OS security; physical security); multi-level security; trusted systems.
- Data protection/privacy, electronic payment, secret communications, government security. Risk assessment and social factors.
- Number theory: inverses, primes. Basic encryption and decryption: terminology, substitution, stream, and block ciphers; characteristics of good ciphers. Symmetric and asymmetric encryption. Encryption algorithms: DES, RSA, AES, etc. Hashing.
- Security Protocols
- Goals of protocols: key distribution, authentication, key confirmation. Protocols and attacks: use of public-key and symmetric-key cryptography; Needham-Schroeder Protocols; Kerberos; Diffie-Helmann key exchange; dangers of key compromise. Key management. Advanced protocols: Encrypted Key Exchange; secret sharing.
- Public-key cryptography and ISO authentication framework: design of X.509 certificates, and their uses. Secure sockets layer: SSL and encryption, key exchange protocols, use of X.509 certificates; secure web pages. Electronic signatures: role of hashing and cryptography; MD5 etc.; potential attacks, such as the `birthday book'.
- Case Studies
- Banking security, ATM, SWIFT, SET standards. Common criteria. Internet security; SSL/TLS, IPsec.
There are no particular requirements for this course.