**Title:** Network Security and Cryptography

**Credits:** 3

**Coordinator:** Radha Poovendran, Professor, Electrical and Computer Engineering

**Goals:** To develop an understanding of the fundamental principles of cryptography and its application
to network and communication security. This course will serve as an introduction to the fundamental tools in
cryptography and the protocols that enable its application to network and communication security. This course is
an introduction to the basic theory and practice of cryptographic techniques used in computer security. We will
cover topics such as encryption (secret-key and public-key), digital signatures, secure authentication, key
management, cryptographic hashing, and ethics associated with the use of computer security.

**Learning Objectives:** At the end of this course, students will be able to:

*Describe*the basic cryptographic primitives, authentication protocols and why they work, what are the common design errors.*Design and analyze*some of simpler algorithms in MATLAB (or other languages such as Python, Mathematica).*Analyze*the given cipher text using standard cryptanalysis tools to be presented in class.*Describe and analyze*authentication protocols for two party communications.*Design*algorithms using block ciphers.*Describe*the ethical issues related to the misuse of computer security.

**Textbook:** D. Stinson, *Cryptography Theory and Practice*, 3^{rd} edition, Chapman & Hall/CRC, 2006.

**Reference Texts:**

- C. Kaufman, R. Perlman, M. Speciner,
*Network Security (Private Communication in a Public World),*Prentice Hall, 2002. - W. Stallings,
*Cryptography and Network Security,*4^{th}edition, Prentice Hall, 2005. - B. Schneier,
*Applied Cryptography: Protocols, Algorithms, and Source Code in C*, John Wiley & Sons, 2007. - A. Menezes, P. Van Oorschot, S. Vanstone,
*Handbook of Applied Cryptography*, CRC Press, 2001.

**Prerequisites by Topic:**

- Math 308
- Either Math 390, Stat 390 or Industrial Engineering 315
- Familiarity with MATLAB is essential.

**Topics:**

- Introduction to classical cryptography and cryptanalysis (Stinson Chapter 1) [1 week]
- Introduction to hash functions (Stinson Chapter 4) [1.5 weeks]
- Public key encryption (RSA, El-Gamal) (Stinson Chapters 5 and 6) [2 weeks]
- Digital signatures (RSA, El-Gamal, DSA) (Stinson Chapter 7) [1.5 weeks]
- Authentication and key exchange (Stinson Chapter 10) [2 weeks]
- Trust establishment and propagation in wireless and social networks [1 week]
- Public key infrastructure and IEEE code of ethics [1 week]

**Course Structure:** The class meets for two lectures a week, each consisting of 1 hour and 20 minutes.
There is (bi-)weekly homework due that includes small computer projects in MATLAB. Two team oriented projects
are planned in this course either with MATLAB or other programming language like Python. Course includes one
midterm and one final exam. In-class activities include quizzes and 5-minute presentation of a selected security topic.

**Computer Resources:** The course uses MATLAB/Python for homework exercises and course projects.
Students are expected to use their personal laptops, but they may use the ECE department computers as needed.

**Grading:** 20% Homework, 30% projects, 20% midterm, 25% final exam, 5% in-class activity.

**ABET Student Outcome Coverage:** This course addresses the following outcomes:

H = high relevance, M = medium relevance, L = low relevance to course.

(1) *An ability to identify, formulate, and solve complex engineering problems by applying principles of engineering,
science, and mathematics.* **(H)** The course uses mathematical tools. Students must identify and design
suitable algorithms. Engineering judgment is developed through the understanding the limitations and advantages
of a given cryptographic algorithm or network security protocol. Throughout the course we emphasize the need to use
sound design principles instead of relying on mathematics only. Towards this direction, security protocols that were
mathematically correct but had design flaws are discussed. Assignments require students to analyze other protocols
with weaknesses. The homework involves solving engineering problems identified by the assignments and exemplified
by class discussion. The exams and projects challenge the students to identify the issues and formulate their
individual solutions. The students develop an implementation for stream cipher based encryption of speech.

(2) *An ability to apply engineering design to produce solutions that meet specified needs with consideration
of public health, safety, and welfare, as well as global, cultural, social, environmental, and economic factors.*
**(M)** The project challenges the students to develop, design and implement different cryptographic algorithms.
In most cases, this is implemented in MATLAB.

(3) *An ability to communicate effectively with a range of audiences.* **(M)** Students are required to
write up their simulations in an engineering format. The ability to communicate effectively in writing is a portion
of the grade received on homework and projects. Students are required to give a short presentation on a selected
security topic to the class (depending on the instructor).

(4) *An ability to recognize ethical and professional responsibilities in engineering situations and make informed
judgments, which must consider the impact of engineering solutions in global, economic, environmental, and societal
contexts.* **(H)** The course covers security vulnerabilities in systems and their societal implications,
enabling the students to recognize the ethical dilemmas that they may face in their professions. Impact of good
network security protocols is emphasized. We discuss the impact of design and implementation of insecure protocols
and the way they can be exploited. Main focus here will be to show how to design protocols that are resilient to
common security threats such as user collusion.

(5) *An ability to function effectively on a team whose members together provide leadership, create a
collaborative and inclusive environment, establish goals, plan tasks, and meet objectives.* **(H)**
The course projects are conducted in teams of up to 3 members and constitute about 30% of their grade
(depending on the instructor).

(7) *An ability to acquire and apply new knowledge as needed, using appropriate learning strategies.*
**(H)** The course emphasizes the need for evolving current secure system designs as new threats emerge and
security assumptions are weakened. Further, pointers to security websites and articles are provided in order to
enhance personal knowledge in this developing area.

**Prepared By:** Radha Poovendran

**Last revised:** 1/31/19