Syllabus of CTIS 496 - Computer and Network Security


Department: Computer Technology and Information Systems

Credits: Bilkent 3,    ECTS 6

Course Coordinator: Hamdi Murat Yıldırım

Semester: 2016-2017 Spring

Section: 001

Instructor(s): Hamdi Murat Yıldırım

Office & Office Hours: Mon. 13:40-15:30; Thu 10:40-11:30


Course Schedule:
  Mon. Tue Wed Thu Fri Sat Sun
08:40 - 09:30              
09:40 - 10:30              
10:40 - 11:30              
11:40 - 12:30              
12:40 - 13:30              
13:40 - 14:30       CTIS 496-001 CD-B02      
14:40 - 15:30       CTIS 496-001 CD-B02      
15:40 - 16:30 CTIS 496-001 CD-B02            
16:40 - 17:30 CTIS 496-001 CD-B02*            
17:40 - 18:30              
18:40 - 19:30              
19:40 - 20:30              
          Lecture hours.
          Lab/studio/others
          Spare hour
*  This hour has been reserved as spare hour in the weekly schedule. The spare hour may be used by the instructor for recitations, make-up of classes missed, etc.
 

Contact Hours: 3 hours of lecture per week,    1 hour of Lab/Studio/Others per week
 
Textbook and Other Required Material:
  • Required - Textbook: Cryptography and Network Security: Principles and Practice, William Stallings, 5th/2011, Prentice Hall
  • Required - Reading: OWASP Secure Coding Practices - Quick Reference Guide [download]
  • Required - Web Link: SEI CERT Coding Standards [download]
 
Catalog Description:
Theory and practice of computer security, focuing in particular on the security aspects of computing systems. Survey of classical cryptography and cryptographic tools used to provide secuirty, such as shared key encryption, cryptographic hash functions, public key encryption, key exchange, and digital signature. Review of how these tools are utilized in Public Key Infrastructure (PKI), Transport-Level Security, Wireless Network Security, Electronic Mail Security. Introduction to "Network Access Control", "System Secuirty", and "Secure Programming".
 
Prerequisite(s): CTIS 290
 
Assessment Methods:
  Type Label Count Total Contribution
1 Midterm:Essay/written 1 24
2 Homework Homework 1 5
3 Project 1 9
4 Final:Essay/written 1 32
5 In-class attendance 1 4
6 In-class participation 1 2
7 Midterm:Essay/written 1 24
 
Minimum Requirements to Qualify for the Final Exam:
In order to qualify for the final exam, ◦ At least 50% of attendance is required. ◦ the students should get at least the students should get at least 16.2 points (out of 54 points) from “a weighted average of their midterm examination, quizzes and two homeworks grades\"
 
Course Learning Outcomes:
Course Learning Outcome Assessment
Choose a set of cryptographic algorithms and protocols to achieve security goals Midterm:Essay/written
Final:Essay/written
Evaluate strength and security level of cryptographic algorithms Midterm:Essay/written
Final:Essay/written
Use suitable cryptographic algorithms' software implementations to digitally sign documents/emails, verify signatures and encrypt them Homework
Project
 
Weekly Syllabus:
  1. * Course Overview ** Introduction
  2. Electronic Mail Security (PGP): PGP Authentication & PGP Confidentiality & PGP Keys / Lab Session: Creating and sharing PGP keys; Encrypted/Digitally signed E-mail and files
  3. Classical Cryptography / Lab Session: Use of Cryptography educational tool
  4. Symmetric Encryption / Lab Session: Exhaustive Key (Brute-force) attack
  5. Symmetric Encryption / Lab Session: Use of Cryptography APIs
  6. Cryptographic Hash Functions; Message Authentication Codes / Lab Session: Verifying the integrity and/or the origin of files or messages; Hash based user authentication.
  7. Public-Key Cryptography: Digital Signatures and Key Exchange / Lab Session: Generating public and private keys and using a Key Exchange protocol
  8. Public-Key Infrastructure (PKI): Managing SSL/TLS (X.509) Certificates, Certificate Authorities and Trust Model
  9. PKI Applications; Electronic Mail Security using X.509 Certificates / Lab Session: Encrypted and signed e-mails using X.509 certificates and Authentication with E-Signatures
  10. Introduction to HTTPS; Introduction to “Wireless Network Security” / Lab Session: Creating self-signed X.509 certificates and configuring web server software for HTTPS
  11. Introduction to “Network Access Control” ; Network vulnerability scanner / Lab Session: AAA Server Configuration and use of vulnerability scanner software
  12. System Security: Intruders, Intrusion Detection, Password Management, Malicious Software: Viruses, Virus Countermeasures ; Worms, Distributed Denial of Service Attacks
  13. System Security:Firewalls; Introduction to “Secure Programming/Coding”
  14. Introduction to “Secure Programming/Coding”
 
ECTS - Workload Table:
Activities Number Hours Workload
Quiz 2 2 4
Course hours 14 3 42
Midterm exam 1 2 2
Final exam 1 2 2
Report (including preparation and presentation if applicable) 1 3 3
Laboratory (including preparation) 14 1 14
Preparation for Midterm exam 1 18 18
Individual or group work 14 3 42
Homework 2 4 8
Preparation for Final exam 1 18 18
Preparation for Quiz 2 8 16
Project (including preparation and presentation if applicable) 1 8 8
Presentation (including preparation) 1 3 3
Total Workload: 180
Total Workload / 30: 180 / 30
  6
ECTS Credits of the Course: 6
 
Type of Course:   Lecture
 
Course Material:   Multimedia - PC - PP - Written
 
Teaching Methods:   Assignment - Exercises - Lecture - Presentations