1 Content

1.1 Schedule and due dates

• The schedule and due dates will be updated as we progress through the semester (on Canvas).
• Please check back regularly for changes.

1.2 Review

• Python review, for those who want it:
  • ../ComputationalThinking/Content.html
  • We will also do a full Python3 introduction, using a book intended for teaching programming to kids (in the context of basic cryptography), for the first several weeks of class.
• Bash review, for those who want it:
  • ../DataStructuresLab/Content/01-02-LinuxBash.html

1.3 Topical outline

• Slides will usually be posted before class.
• The outline will be filled in with slides, readings, and assignments as the semester moves forward.
• The topic schedule may change slightly as the semester progresses.
• mycode.tar.gz is a zip-like archive file.
  • In Linux/Unix/Mac
    • Just click on it in your file browser of choice, and it should open an “archive manager” which can unzip it
    • At the command line, you can unpack it by executing in the directory with the file: $tar -xf mycode.tar.gz
  • In Windows
    • you can open it with http://7-zip.org/

1.3.1 First day

Very briefly mention:

• Canvas
  • Calendar
  • Syllabus quiz
• Website syllabus
• Zulip
• Git-classes and CI/CD
• Then spend lecture on:
  Content/00-Inspiration.html

1.3.2 Introduction

Content/01-InfoSecOverview.html

1.3.3 Cryptography

Content/02-IntroCryptoCaesar.html
Content/03-TranspositionCiphers.html
Content/04-AffineCipher.html
Content/05-SubstitutionFrequency.html
Content/06-OneTimePad.html
Content/07-CryptoMath.html
Content/08-AsymmetricEncryption.html
Content/09-ModernSymmetric.html
Content/10a-SymmetricBlock.html
Content/10b-SymmetricStream.html
Content/11-Hashing.html
Content/12a-AppliedCryptoSystems.html
Content/12b-DeniableForwardSecure.html

1.3.3.0.1 Extra crypto-related materials

https://web.engr.oregonstate.edu/~rosulekm/crypto/
https://www.cs.cornell.edu/courses/cs4830/2010fa/lecnotes.pdf
http://people.cs.bris.ac.uk/~nigel/Crypto_Book/
http://www.cs.umd.edu/~jkatz/imc.html
https://cseweb.ucsd.edu/~mihir/cse207/slides.html

1.3.3.1 Technical assignments

pa01_crabby-caesar
Write the Caesar cipher in bash (Rust)

pa02_perfect-10
Binary one time pad (OTP) (Rust)

pa03_crabby-eve
Crack Diffie-Helmen light, with no mod.
And, crack the real deal, with mod.
All in Rust!

pa04-whisper
Practical crypto:
ssh/rsa-key for git-instance,
verify iso/gpg sig,
gnugp email and key exchange,
PFS text/chat application
(no coding)

1.3.4 x86-64 asm and reverse engineering

Content/13b-ReverseEngineering.html

1.3.4.1 Technical assignments

pa05: Reverse and/or exploit a multitude of C/C++ programs (x86-64 Intel asm) (assignment posted on Canvas, not git-classes).

• add some new algorithm problems.

1.3.5 Malware and defensive software security

Content/14-MaliciousSoftware.html
Content/15-BufferOverflow.html
Content/16-Databases.html
Content/17-DefensiveProgramming.html

pa06-hack4096: Hack a CompSci4096 team project (timing/order varies depending on 4096 schedule).

• pa07-web-of-hacks? hackthissite database/web project?

1.3.6 Authentication, access controls, operating system security

Content/18-Authentication.html
Content/19a-AccessControls.html
Content/19b-Permissions.html
Content/20-PasswordUserGroup.html
Content/21a-OSHardening.html
Content/21b-Virtualization.html
Content/21c-AppArmorSELinux.html
Content/21d-PracticalPersonal.html

1.3.6.1 Technical assignments

pa08-shadow-residue: crack the shadow password file in Linux/Unix (bash wrapper, with custom sub-component in Rust this time?)

• pa0n-big-brother? Reverse and try apparmor or selinux on one of the many abusive academic testing-policing apps, lock-down browser, or zoom?

1.3.7 Historical case analyses (optional topic, if time)

Review of cases in Plfeeger book (if time)

1.3.7.1 Technical assignments

pa0n: Audit report and case analysis of a historical case, including technical code analysis (maybe, if time)