CS 1653 - Applied Cryptography and Network Security

Summer 2023

Contact Information

Course Description

The goal of this course is to provide students with the necessary conceptual background and hands-on experience to understand the most common cryptographic algorithms and protocols and how to use them to secure distributed applications and computer networks.

Prerequisites

CS 0449 and CS 1501

Textbook

Bishop: Matt Bishop, Computer Security: Art and Science (2^nd Edition), Addison-Wesley, ISBN-13: 9780321712332

Stallings: William Stallings and Lawrie Brown, Computer Security: Principles and Practice (4th Edition), Pearson, ISBN-13: 9780134794105

Optional references:

1.      KPS: Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World (2^nd Edition), Prentice Hall, ISBN-10: 0133744051

2.      Ross Anderson, Security Engineering, Wiley

3.      Charles Pfleeger and Shari Lawrence Pfleeger, Security in Computing, Prentice Hall

4.      Schneier: Bruce Schneier, Applied Cryptography (2^nd Edition), Wiley

5.      John Viega and Gary McGraw, Building Secure Software, Addison-Wesley

Grading Policy

Course Project (35%): This semester, we will apply the concepts learned in class through a semester-long project that will be carried out in groups of 3. The project will be split into five distinct phases that refine and build upon one another. Tentative deadlines are listed below. Late submissions will not be accepted. There will be meetings with me and the TA to discuss the deliverables before and after submission.

The project deliverables must be your own team's work. Do not look at the solution of any other team (or even part of it), and do not let anyone else look at yours (or even part of it). Each team should figure out the solutions by themselves --- do not ask anyone how to solve the project, and do not seek the answer from some other source.

Midterm and Final exams (30%): 18% on higher grade and 12% on lower. Make-up exams can be scheduled well in advance. The exams are in-person and non-cumulative.

Programming Assignments (15%): Three programming assignments worth 5% each. Late submissions are allowed for up to two days with a 10% reduction per late day. After two days, the assignment grade is zero. The assignments will be handed out using Github Classroom and submitted on the Gradescope platform.

This must be your own individual work. Do not look at the solution of anyone (or even part of it), and do not let anyone else look at yours (or even part of it). You should figure out the solutions by yourself --- do not ask anyone how to solve the problem, and do not seek the answer from some other source.

Students are expected to have a backup disk (or storage somewhere) for every assignment they turn in. In this way, if there is any problem with the copy that is handed in the backup can be used for grading purposes.

Homework Assignments (10%): Ten homework assignments worth 1% each. Late submissions are allowed with a 10% reduction per late day.

In-class participation (10%): Tophat questions almost every lecture. The join code is 246844.

Please note that the grades posted on Canvas, especially the final letter grade, are tentative.

Important Dates (Tentative)

Weekly Schedule

(Tentative)

Other Readings

• [AO96] Aleph One, Smashing the Stack for Fun and Profit, Phrack Issue 49, Nov. 1996.
• [L81] Leslie Lamport, Password Authentication with Insecure Communication, Communications of the ACM 24(11): 770-772, Nov. 1981.
• [O09]Paul Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, University of Colorado Law Legal Studies Research Paper No. 09-12, August 2009.
• [S79] Adi Shamir, How to Share a Secret, Communications of the ACM 22(11): 612-613, Nov. 1979.
• [SS75] Jerome H. Saltzer and Michael D. Schroeder, The Protection of Information in Computer Systems, Proceedings of the IEEE 63(9): 1278-1308, Sep. 1975.
• [S89] Eugene Spafford, The Internet Worm: Crisis and Aftermath, Communications of the ACM 32(6): 678-687, June 1989.
• [S02] Latanya Sweeney, k-Anonymity: A Model for Protecting Privacy, International Journal on Uncertainty, Fuzziness, and Knowledge-based Systems, 10(5):557-570, 2002.
• [SS+08] Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger, MD5 Considered Harmful Today, 25th Annual Chaos Communication Congress, December 2008.
• [WT99] Alma Whitten and J.D. Tygar, Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0, USENIX Security 1999.

Communication Policy

Please reach out to the teaching team as early as possible and as frequently as possible. You can reach the course instructor during student support hours and on Piazza (you can send public and private messages. You can also post anonymously).

Please expect a response within 72 hours. Any other communication method (e.g., email) is not recommended.

Your Well-being Matters

College/Graduate school can be an exciting and challenging time for students. Taking time to maintain your well-being and seek appropriate support can help you achieve your goals and lead a fulfilling life. It can be helpful to remember that we all benefit from assistance and guidance at times, and there are many resources available to support your well-being while you are at Pitt. You are encouraged to visit Thrive@Pitt to learn more about well-being and the many campus resources available to help you thrive. 

If you or anyone you know experiences overwhelming academic stress, persistent difficult feelings and/or challenging life events, you are strongly encouraged to seek support. In addition to reaching out to friends and loved ones, consider connecting with a faculty member you trust for assistance connecting to helpful resources. 

The University Counseling Center is also here for you. You can call 412-648-7930 at any time to connect with a clinician. If you or someone you know is feeling suicidal, please call the University Counseling Center at any time at 412-648-7930. You can also contact Resolve Crisis Network at 888-796-8226. If the situation is life threatening, call Pitt Police at 412-624-2121 or dial 911.

Health and Safety Statement

I would like to emphasize that my number one concern is your safety and health, both physical and mental.  My goal is for every one of you to succeed in the course. I am here to support you and I will remain understanding and flexible given the challenges that we are all facing together. The lectures and some recitations will be recorded, and the recorded sessions include your participation. The recorded sessions will be made available through Canvas and only to this term's class.

During this pandemic, it is extremely important that you abide by the public health regulations, the University of Pittsburgh's health standards and guidelines, and Pitt's Health Rules. These rules have been developed to protect the health and safety of all of us. The University's requirements for face coverings will at a minimum be consistent with CDC guidance and masks are required indoors (campus buildings and shuttles) on campuses in which COVID-19 Community Levels are High. This means that when COVID-19 Community Levels are High, you must wear a face covering that properly covers your nose and mouth when you are in the classroom. If you do not comply, you will be asked to leave class. It is your responsibility to have the required face covering when entering a university building or classroom. Masks are optional indoors for campuses in which county levels are Medium or Low. Be aware of your Community Level as it changes each Thursday. Read answers to frequently asked questions regarding face coverings. For the most up-to-date information and guidance, please visit the Power of Pitt site and check your Pitt email for updates before each class.

If you are required to isolate or quarantine, become sick, or are unable to come to class, contact me as soon as possible to discuss arrangements. Arrangements include, but are not limited to, providing a Zoom link to join class remotely.

Students with Disabilities

If you have a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and Disability Resources and Services (DRS), 140 William Pitt Union, (412) 648-7890, drsrecep@pitt.edu, (412) 228-5347 for P3 ASL users, as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.

Academic Integrity

All assignment submissions must be the sole work of each individual student. Students may not read or copy another student's solutions or share their own solutions with other students. Students may not review solutions from students who have taken the course in previous years. Submissions that are substantively similar will be considered cheating by all students involved, and as such, students must be mindful not to post their code publicly. The use of books and online resources is allowed, but must be credited in submissions, and material may not be copied verbatim. Any use of electronics or other resources during an examination will be considered cheating. If you have any doubts about whether a particular action may be construed as cheating, ask the instructor for clarification before you do it. The instructor will make the final determination of what is considered cheating. Cheating in this course will result in a grade of F for the course and may be subject to further disciplinary action. Should a student be accused of a breach of academic integrity or have questions regarding faculty responsibilities, procedural safeguards including provisions of due process have been designed to protect student rights. These may be found in Guidelines on Academic Integrity: Academic Integrity Policy of the School of Computing and Information.

Pay attention to the following examples of cheating, which include:

Sharing code: either by copying, retyping, looking at, or supplying a copy of a file from this or a previous semester.

Describing code: Verbal description of code from one person to another.

Coaching: Helping your friend to write a lab, line by line.

Copying: Copying code from the Web or another student. You are only allowed to use code that we provide you.

Searching: Searching the Web for solutions or for any advice on the lab.

Cheating is also looking at other students' code or allowing others to look at yours. This includes one person looking at code and describing it to another. Be sure to store your work in protected directories (e.g., under the private folder on your AFS space on the department servers), and log off when you leave a remote server, to prevent others from copying your work without your explicit assistance.

You may find it useful to know what is not cheating:

Clarifying ambiguities or vague points in class handouts, lectures, or textbooks.

Helping others use the computer systems, networks, compilers, debuggers, profilers, or other system facilities.

Helping others with high-level design issues only, but algorithm/coding and other such details are not ``high-level design issues''.

Helping others with high-level (not code-based) debugging.

Using code from the skeleton/package provided in class is always OK.

For a first offense, a student caught collaborating or cheating in any way will receive an F for the course and may be subject to stronger action. They will be reported to the school following University procedures. Submissions that are alike in a substantive way (not due to coincidence) will be considered to be cheating by ALL involved parties. Please protect yourselves by only storing your files in private directories, and by retrieving all printouts promptly.

Religious Observances

To accommodate the observance of religious holidays, students should inform the instructor (by email, within the first two weeks of the term) of any such days which conflict with scheduled class activities.

Equity, Diversity, and Inclusion

The University of Pittsburgh does not tolerate any form of discrimination, harassment, or retaliation based on disability, race, color, religion, national origin, ancestry, genetic information, marital status, familial status, sex, age, sexual orientation, veteran status or gender identity or other factors as stated in the University's Title IX policy. The University is committed to taking prompt action to end a hostile environment that interferes with the University's mission. For more information about policies, procedures, and practices, visit the Civil Rights & Title IX Compliance web page.

I ask that everyone in the class strive to help ensure that other members of this class can learn in a supportive and respectful environment. If there are instances of the aforementioned issues, please contact the Title IX Coordinator, by calling 412-648-7860, or e-mailing titleixcoordinator@pitt.edu. Reports can also be filed online. You may also choose to report this to a faculty/staff member; they are required to communicate this to the University's Office of Diversity and Inclusion. If you wish to maintain complete confidentiality, you may also contact the University Counseling Center (412-648-7930).

Copyright Statement

These materials may be protected by copyright. United States copyright law, 17 USC section 101, et seq., in addition to University policy and procedures, prohibit unauthorized duplication or retransmission of course materials. See Library of Congress Copyright Office and the University Copyright Policy.

Classroom Recording

To ensure the free and open discussion of ideas, students may not record classroom lectures, discussion and/or activities without the advance written permission of the instructor, and any such recording properly approved in advance can be used solely for the student's own private use.

Acknowledgements

Most of the materials of this course are based on Prof. Adam Lee's CS 1653 course.