Home Page for CSCI 476 (Spring 2019)

Schedule

• Tuesday, Thursday: 3:05pm--4:20pm in Reid Hall 103

Textbook

• Introductin to Computer Security, by Goodrich and Tamassia, Pearson

Instructor: Dr. Binhai Zhu

• Office: Barnard 355
• Office hours: Tue, Wed, Thu: 9:00-10:00am (or by appointment)
• Email: bhz@montana.edu
• Phone: X4836
• Grader: Seraj Mostafa, sammbd@gmail.com (Office Hours in the Help Center: Monday, noon-1pm, 3-4pm.)

Syllabus by week

• This syllabus is only a sketch of what's covered in each lecture. Hopefully this will help people who occasionally miss a class. The details (solutions for homeworks, etc) and slides can be found on D2L.
• We will update the syllabus before each lecture.
• Jan 10, 15 --- Course overview. Introduction (read chapter 1). Exercise 1.
• Jan 17, 22 --- Physical security (read chapter 2). Exercise 2.
• Jan 22, 24, 29 --- OS security (read chapter 3). Exercise 3.
• Jan 29, 31 --- Malware (read chapter 4). Exercise 4.
• Feb 5, 7, 19 --- Network security I (read chapter 5). Exercise 5.
• Feb 12 --- Practice Test for Test 1.
• Feb 14 --- Test 1.
• Feb 19, 21 --- Network security II (read chapter 6, DNS). Exercise 6.
• Feb 26, 28 --- Network security II (read chapter 6, Firewall, Tunnel, ID, Wireless). Exercise 7.
• Mar 5, 7 --- Web security (read chapter 7). Exercise 8. Exercise 9.
• Mar 12 --- Practice Test for Test 2.
• Mar 14 --- Test 2.
• Mar 18-22 --- Spring Break, no class.
• Mar 26, 28, Apr 2 --- Cryptography (read chapter 8). Exercise 10.
• Apr 2, 4 --- AES and hash function (read chapter 8). Exercise 11.
• Apr 9 --- Practice Test for Test 3.
• Apr 11 --- Test 3.
• Apr 16, 18 --- Projects.
• Apr 23, 25 --- Projects.

Exercise (in-class, random, and just try your best)

• Due to that the textbook has not arrived yet, I will start to give you small exercises (15 minutes) in many of the lectures --- to enhance your learning experience. The exercises will be posted on this page and their solutions will be posted on D2L a bit later.

Project (15%)

• We will do a project at the end of this term, during the last two-three weeks starting in early April. The idea is that you form a group (2-3 preferrably) and either study a new algorithm/method that we did not cover in class related to computer security/cryptography, or implement it. You will spend about 10 minutes reporting your work to the class in April. I know Spring Break is coming, but that is also a good time that you start to think about it. (We will probably only cover Chapter 8 on Cryptography after Spring Break and all the other materials will be covered before Spring Break.)
• Apr 16
• Apr 16 --- Kyle Webster: TwoFish Encryption.
• Apr 16 --- John Bemis, Logan Davis and Joel Lechman: Denial of Service using the Cookie Bomb.
• Apr 16 --- Elizabeth Hamaoka, Glen Johnson and Logan Vining: Deeplocker.
• Apr 16 --- Morgan Johnson, Tonia Schlick and Xuying Swift: Rainbow Tables.
• Apr 16 --- Nathan Roberts and Bridget Wermers: Blowfish.
• Apr 16 --- Shaniah Blanchard and Taylor Koth: XML Bombs and Billion Laughs Attack.
• Apr 16 --- Chance Coleman, Tyler Fleetwood and Calvin Seamons: RTF Malware.
• Apr 16 --- Alex Harry, Nate Tranel and Keely Weisbeck: Metamorphic testing.
• Apr 18
• Apr 18 --- Brandon May and Marie Morin: Brutal Kangaroo.
• Apr 18 --- Amanda Hawkins, Conner McCloney and Grace Walkuski: Security of Blockchain.
• Apr 18 --- Alex Rueb, Dillon Tice and Nicolas Tonjum: IDEA Encryption.
• Apr 18 --- Dylan Lynn, Matthew Sagen and Andrew Smith: Elliptic Curve Cryptography.
• Apr 18 --- Gavin Austin and Nick Rust: Everyday Encryption.
• Apr 18 --- Jase Rost and Max Weimer: The Serpent Encryption Algorithm.
• Apr 23
• Apr 23 --- Alex Pelaez and Henry Soule: ElGamal Encryption.
• Apr 23 --- Ethan Malo, Jayson Potter and Zan Rost-Montieth: Image encryption using chaos maps.
• Apr 23 --- Jadin Casey: AES Implementation.
• Apr 23 --- Tyler Ewald and Riley Williams: MD5.
• Apr 23 --- Erickson Christopher, Josh Cullings and Daniel Laden: IP Spoofing with RTA.
• Apr 23 --- Alex Mershon and James Tomasko: Breaking the Vigenere Cipher.
• Apr 23 --- Brian Foley and Brandon Klise: Wireshark.
• Apr 23 --- Abdulrahman Alhitmi, Jason Armstrong and Jacob Frank: SHA-3 Algorithm.
• Apr 23 --- George Engel, Dana Parker and Troy Oster: Tool Assisted Hacking.
• Apr 23 --- Spencer Debuf: Decrypting Monoalphabetic Ciphers.
• Apr 23 --- Matthew Cirillo, Amelia Getty, Kyle Rathman: Application security testing.
• Apr 23 --- Logan Caraway and Ryan Caraway: Meltdown vulnerability.
• Apr 25
• Apr 25 --- Daniel Bachler and Jan Van Alstyne: MARS Encryption.
• Apr 25 --- Jaret Boyer, Kyle Hagerman, Jared Thompson and Timothy Wells: The 4-square cipher.
• Apr 25 --- Karl Molina and Logan Pappas: SlowLoris DOS Attack.
• Apr 25 --- Victor Anyanwu and Jordan Pottruff: Quantum Key Distribution.
• Apr 25 --- Patrick Phattharaampornchai, Phillip Phattharaampornchai and Shengnan Zhou: SQL and script injection.
• Apr 25 --- Rusty Clayton, Ahmed Naji and Timothy Parrish: Modified Caesar Cipher.
• Apr 25 --- Sean Jungst and Jacob Ziehli: Side-channel Attacks.
• Apr 25 --- Connor Grace, Tyler Krueger and Ryley Rodriguez: Hill Cipher Implementation.
• Apr 25 --- Hugh Jackovich, Austin Johnson and Michael Pollard: Comparison of ECC vs RSA vs DSA.
• Apr 25 --- Rostik Mertz and Philip Neill: Cloudflare Pseudo-random Generator.
• Apr 25 --- Parker Folkman and Justin Elias: Aircrak-ng Wifi with Kali Linux.
• Apr 25 --- Henry Barker, Kyle Brekke and Ren Wall: Spoofing magnetic stripes and cat cards.
• Apr 25 --- Philip Gales, John M. Singleton and Joshua R. Steenson: Threefish Algorithm.
• Apr 25 --- Cory Petersen and Brendan Tracey: Vernam Cypher.

Assignments (30%)

• CSCI 476 - assignment 1 (pdf) (Due: Jan 24, 2019.) The input.txt file.
• CSCI 476 - assignment 2 (pdf) (Due: Feb 7, 2019.) The memorydump.dmp file.
• CSCI 476 - assignment 3 (pdf) (Due: Mar 6, 2019.)
• CSCI 476 - assignment 4 (pdf) (Due Mar 27, 2019.) Netbeans+jNetPcap Guidelines.
• CSCI 476 - assignment 5 (pdf) (Due Apr 17, 2019.)

Tests (45%)

• There will be three in-classes tests. The exact date will be announced at least one week ahead before each test. A sample practice test will be given before each test.
• Test 1 will be on Feb 14th. The contents will be the first 4 chapters. Use exercise/participation questions/solutions as a starting point to prepare. A sample practice test will be given on Feb 12th. (One letter-size cheatsheet, both sides, is allowed; no textbook and no other notes are allowed.)
• Test 2 will be on Mar 14th. The contents will be Chapter 5 and 6. Use exercise (5-8) and participation (3-4) questions/solutions as a starting point to prepare. A sample practice test will be given on Mar 12th. (One letter-size cheatsheet, both sides, is allowed; no textbook and no other notes are allowed.)
• Test 3 will be on Apr 11th. The contents will be Chapter 7 and 8. Use exercise (9-11) and participation (5-6) questions/solutions as a starting point to prepare. A sample practice test will be given on Apr 9th. (One letter-size cheatsheet, both sides, is allowed; no textbook and no other notes are allowed.)

Participation Tests (10%)

• There will be 6 random participation tests and you just need to genuinely try, 5 will be counted. The questions will be simple and relevant to what's been covered, and a solution will be posted on D2L for each test.

Class Averages for Each Assignment/Test