This module consists of the following four parts:

This part introduces the students to cryptography and its use in protecting the secrecy of sensitive communications. The basic definition of plaintext, ciphertext, encryption, decryption and session keys are introduced. The earlier Data Encryption Standard (DES) is reviewed and its pro and cons are analyzed. Public key encryption methods are explained along with the mathematical underpinning of finding the two prime factors of the product of two large primes. The improved scalability of (secret) key management achieved by public key encryption over symmetric encryption is explained. The problem of false publications of public keys is discussed and the need for digital signatures and trusted certification authorities to bind the public key to the name of the principal is motivated and explained.

This part covers the basic principles of authentication and intrusion detection in distributed systems. Authentication-related security threats are discussed, e.g., forgery, replay, eavesdropping, and repudiation. Basic authentication protocols are covered including the Needham-Schroeder protocol, the Denning-Sacca protocol, and the kerberos protocol. The problem of intrusion detection is introduced. In host-based intrusion detection systems, intrusion detection clients run on the individual hosts of the network and collect data about real time processes, user activities, and the contents of log files. In network-based systems, the intrusion detection code runs in some dedicated network devices and analyzes packets for known attack patterns. An overview of intrusion detection methods, their functionality and limitations is given.

The World Wide Web and Internet applications have witnessed unprecedented growth in the past decade. Accompanied with this growth, there has been an increase in the number and sophistication of security threats and cyber attacks as well as an increase in the effort to combat such threats and ensure the security and availability of e-commerce and other internet-based critical applications. The proliferation of mobile code technology has contributed to both the seriousness of the threats and the effectiveness of the protection methods. Part 3 reviews the general types of internet threats, e.g., denial-of-service attacks. Examples of mobile code applications are given including Java applets that get downloaded into a web browser for execution in its active contents, mobile agents that roam internet sites to search for resources or collect data, and the newly emerging smart packets being proposed in active networks for the purpose of shipping code to routers and adjusting the communications environment. Solution approaches to limit the threat of mobile code are discussed, e.g., the secure execution of Java applets via the sandbox model and the playground model.

This part covers some other security issues and special applications including security in computing, threats and program security, security in networks, analyzing security, protection in hardware architecture and operating systems, designing trusted operating systems, and database security.

One example of the topics in this part is the application of security to statistical databases. These databases manage large numbers of individually sensitive records such as patients of a national health facility. Researchers and scientists should be allowed to retrieve useful statistical summaries of data, but not private information about specific individuals. The two conflicting goals here are how to increase usability and protect privacy. The security threat in this case is called a “tracker” which is a set of database queries that can collectively be used to compromise the secrecy of sensitive information even though each query alone is a legitimate statistical query to obtain some summary data. Trackers can pose two types of threats: 1) Positive compromise, i.e., the tracker is used to deduce the value of a field (such as salary or blood pressure) for a specific individual and 2) Negative compromise, i.e., the tracker is used to confirm that a certain value is not present in such a field. Part 4 gives an overview of the methods of generating trackers in statistical databases as well as approaches to counteract these trackers.