Syllabus of CTIS 496 - Computer and Network Security

Department: Computer Technology and Information Systems

Credits: Bilkent 3,    ECTS

Course Coordinator: Hamdi Murat Yıldırım

Semester: 2016-2017 Spring

Section: 001

Instructor(s): Hamdi Murat Yıldırım

Office & Office Hours: Mon. 13:40-15:30; Thu 10:40-11:30

Course Schedule:
  Mon. Tue Wed Thu Fri Sat Sun
08:40 - 09:30              
09:40 - 10:30              
10:40 - 11:30              
11:40 - 12:30              
12:40 - 13:30              
13:40 - 14:30       CTIS 496-001 CD-B02      
14:40 - 15:30       CTIS 496-001 CD-B02      
15:40 - 16:30 CTIS 496-001 CD-B02            
16:40 - 17:30 CTIS 496-001 CD-B02*            
17:40 - 18:30              
18:40 - 19:30              
19:40 - 20:30              
          Lecture hours.
          Spare hour
*  This hour has been reserved as spare hour in the weekly schedule. The spare hour may be used by the instructor for recitations, make-up of classes missed, etc.

Contact Hours: 3 hours of lecture per week,    1 hour of Lab/Studio/Others per week
Textbook and Other Required Material:
  • Required - Textbook: Cryptography and Network Security: Principles and Practice, William Stallings, 5th/2011, Prentice Hall
  • Required - Reading: OWASP Secure Coding Practices - Quick Reference Guide [download]
  • Required - Web Link: SEI CERT Coding Standards [download]
Catalog Description:
Theory and practice of computer security, focuing in particular on the security aspects of computing systems. Survey of classical cryptography and cryptographic tools used to provide secuirty, such as shared key encryption, cryptographic hash functions, public key encryption, key exchange, and digital signature. Review of how these tools are utilized in Public Key Infrastructure (PKI), Transport-Level Security, Wireless Network Security, Electronic Mail Security. Introduction to "Network Access Control", "System Secuirty", and "Secure Programming".
Prerequisite(s): CTIS 290
Assessment Methods:
  Type Label Count Total Contribution
1 Midterm:Essay/written 1 24
2 Homework Homework 1 5
3 Project 1 9
4 Final:Essay/written 1 32
5 In-class attendance 1 4
6 In-class participation 1 2
7 Midterm:Essay/written 1 24
Minimum Requirements to Qualify for the Final Exam:
In order to qualify for the final exam, ◦ At least 50% of attendance is required. ◦ the students should get at least the students should get at least 16.2 points (out of 54 points) from “a weighted average of their midterm examination, quizzes and two homeworks grades\"
Course Learning Outcomes:
Course Learning Outcome Assessment
Choose a set of cryptographic algorithms and protocols to achieve security goals Midterm:Essay/written
Evaluate strength and security level of cryptographic algorithms Midterm:Essay/written
Use suitable cryptographic algorithms' software implementations to digitally sign documents/emails, verify signatures and encrypt them Homework
Weekly Syllabus:
  1. * Course Overview ** Introduction
  2. Electronic Mail Security (PGP): PGP Authentication & PGP Confidentiality & PGP Keys / Lab Session: Creating and sharing PGP keys; Encrypted/Digitally signed E-mail and files
  3. Classical Cryptography / Lab Session: Use of Cryptography educational tool
  4. Symmetric Encryption / Lab Session: Exhaustive Key (Brute-force) attack
  5. Symmetric Encryption / Lab Session: Use of Cryptography APIs
  6. Cryptographic Hash Functions; Message Authentication Codes / Lab Session: Verifying the integrity and/or the origin of files or messages; Hash based user authentication.
  7. Public-Key Cryptography: Digital Signatures and Key Exchange / Lab Session: Generating public and private keys and using a Key Exchange protocol
  8. Public-Key Infrastructure (PKI): Managing SSL/TLS (X.509) Certificates, Certificate Authorities and Trust Model
  9. PKI Applications; Electronic Mail Security using X.509 Certificates / Lab Session: Encrypted and signed e-mails using X.509 certificates and Authentication with E-Signatures
  10. Introduction to HTTPS; Introduction to “Wireless Network Security” / Lab Session: Creating self-signed X.509 certificates and configuring web server software for HTTPS
  11. Introduction to “Network Access Control” ; Network vulnerability scanner / Lab Session: AAA Server Configuration and use of vulnerability scanner software
  12. System Security: Intruders, Intrusion Detection, Password Management, Malicious Software: Viruses, Virus Countermeasures ; Worms, Distributed Denial of Service Attacks
  13. System Security:Firewalls; Introduction to “Secure Programming/Coding”
  14. Introduction to “Secure Programming/Coding”
Type of Course:   Lecture
Course Material:   Multimedia - PC - PP - Written
Teaching Methods:   Assignment - Exercises - Lecture - Presentations