Organisation Organisation Introduction Introduction Radboud University Nijmegen Radboud University Nijmegen A security protocol example A security protocol example Outline Computer Security: Intro Organisation B. Jacobs Introduction Institute for Computing and Information Sciences – Digital Security Radboud University Nijmegen A security protocol example Version: fall 2014 B. Jacobs Version: fall 2014 Computer Security 1 / 50 B. Jacobs Version: fall 2014 Computer Security 2 / 50 Organisation Organisation Introduction Introduction Radboud University Nijmegen Radboud University Nijmegen A security protocol example A security protocol example About this course I About this course II Lectures Attitude • Weekly, 2 hours, Tuesday morning (8h45) • Presence at the lectures is not compulsory . . . • Lectures are based on own slides • but active attitude expected, when present • Phones/laptops shut down • Updated version, slightly different from previous years • Politeness is highly appreciated! • Lots of background information available on the web (esp. wikipedia) • Asking questions: • Do use such additional sources! • about the exercises: talk to your course assistant • Certainly if you do not fully understand things • about the course: best to see me during the break • think/check before you send me email! • Up-to-date info (bookmark; accessible via my webpage) at: • The audience is large; chatting is annoying to everyone else ru.nl/ds/education/courses/security_2014 • Slides will appear there • Exception: jokes are OK, but only if they are extremely funny B. Jacobs Version: fall 2014 Computer Security 4 / 50 B. Jacobs Version: fall 2014 Computer Security 5 / 50 Organisation Organisation Introduction Introduction Radboud University Nijmegen Radboud University Nijmegen A security protocol example A security protocol example About this course III About this course IV Exercises Exercises • Compulsory, make up half of final mark • Schedule: • Also weekly exercise meetings, on Thursdays (15:45) • New exercise on the web on Thursday morning, say in week n • Answers, for old exercises • You can try them yourself immediately and ask advice on • Questions, for new ones Thursday afternoon in week n • 2 staff members: Gergely Alp´ ar, Fabian van den Broek , and 2 • You can ask final questions, again on Thursday in week n + 1 • You have to hand-in, via Blackboard, before Thursday 24h00 students: Ko Stoffelen, Joost Rijneveld sharp, in week n + 1; late submissions will not be accepted • You may work in (stable) pairs, and also alone • Exercises URL on lectures page, with further instructions • if this is not the first time you do this course, you have to work alone! • The first set of exercises appears Thursday 11 sept. • it will be sent by email in which group you are B. Jacobs Version: fall 2014 Computer Security 6 / 50 B. Jacobs Version: fall 2014 Computer Security 7 / 50
Organisation Organisation Introduction Introduction Radboud University Nijmegen Radboud University Nijmegen A security protocol example A security protocol example About this course V About this course VI Examination Some special points • Final mark is average (each 50%) of: • You can fail for this course! • average of markings of exercises (I know, it’s extremely unfair) • final, written exam (January) • 6ec means 6 × 28 = 168 hours in total • (there is no mid-term exam for security) • Let’s say 18 hours for exam • Mark of written exam must be at least 5. • 150 hours for 15 weeks means: 10 hours per week! • Re-exam of written exam in spring • Large, mixed audience: computer science, information science, • only written exam can be done once again: mark for exercises pre-master, artificial intelligence, mathematics, . . . . . . remains • Requires some flexibility • If you fail again, you must start all over next year • but computer security is inherently multidisciplinary (including re-doing new exercises) B. Jacobs Version: fall 2014 Computer Security 8 / 50 B. Jacobs Version: fall 2014 Computer Security 9 / 50 Organisation Organisation Introduction Introduction Radboud University Nijmegen Radboud University Nijmegen A security protocol example A security protocol example About this course VII About this course VIII Experiences from earlier (mathematics) course, with similar marking (average of homework and exam): How to pass this course . . . Study # students Homework Exam Final • Practice, practice, practice . . . KI 16 8.1 6.5 7.1 Only in this way the course material can be internalised IC 11 7.5 7.6 7.5 • You don’t learn to do it by just staring at the slides IK 5 6.9 7.1 6.8 • or by letting your exercise partner do the work • Exam questions will be in line with (compulsory) exercises Why were KI students doing so much worse at the exam? • They exchanged answers in a Facebook group • Who were they fooling? B. Jacobs Version: fall 2014 Computer Security 10 / 50 B. Jacobs Version: fall 2014 Computer Security 11 / 50 Organisation Organisation Introduction Introduction Radboud University Nijmegen Radboud University Nijmegen A security protocol example A security protocol example About this course IX About this course X: gender issues Here is the deal : • We provide: careful explanations & examples, and individual feedback • You work for this course: regularly and diligently! • The topic is not really difficult, but you may have to get used to it, and work on each exercise yourself • everyone here should be able to pass. If you don’t go for the deal . . . • You create problems that you will have to solve yourself • Don’t forget about the bindend studie advies (BSA): in the first year you need to collect at least 39 ec out of 60! (Source: Vox 6-10, nov. 2009) • In 2012/2013 only 58% in IC got a positive BSA! B. Jacobs Version: fall 2014 Computer Security 12 / 50 B. Jacobs Version: fall 2014 Computer Security 13 / 50
Organisation Organisation Introduction Introduction Radboud University Nijmegen Radboud University Nijmegen A security protocol example A security protocol example About this course XI About this course XII Topics • Basic notions: confidentiality, integrity, availability Sensitivity of the topic (jointly known as: CIA of information security) • Not everything is publicly known (like e.g. in algebra) • Basic techniques: encryption, both symmetric (shared secret • Some things are simply illegal: don’t try this at home! key) and asymmetric (public key) • Moral compass/fibre/backbone required in this field • Basic protocols for achieving security goals • Lectures are deliberately not recorded! • Basic technologies (PGP, SSL, certificates, etc) • some inside stories & anecdotes will be told • they can be misinterpreted, out of context • Underlying mathematics (cryptography) is used as tool box, not topic of study in itself • Following the daily news is strongly recommended: security is a highly political topic. • But very basics are included (substitution, transposition, RSA, El Gamal) • Several practical examples: e-passport, voting, Bitcoins, . . . B. Jacobs Version: fall 2014 Computer Security 14 / 50 B. Jacobs Version: fall 2014 Computer Security 15 / 50 Organisation Organisation Introduction Introduction Radboud University Nijmegen Radboud University Nijmegen A security protocol example A security protocol example Beyond this course Computer security @Nijmegen Research • Security important research topic at Nijmegen More about computer security • Focus on smart cards, in various forms • Much theoretical research, eg. on protocol correctness • There is a lot of interesting reading • Also many societal issues: involvement with • Historical • e-voting • smart (electricity) • Military/intelligence • e-passports and metering • Societal (eg. about privacy) identity cards • road pricing • and technical, of course • bankcards (eg. EMV • electronic patient • Reading a bit more is strongly encouraged issues) records • Many conncections with legal issues • e-ticketing • cyber security • You can find out about a Minor in law Teaching • Or follow the (master)course Law in Cyberspace • A special Kerckhoffs master programme • Jointly between Nijmegen, Twente and Eindhoven • Also open to Math. & AI students B. Jacobs Version: fall 2014 Computer Security 16 / 50 B. Jacobs Version: fall 2014 Computer Security 17 / 50 Organisation Organisation Introduction Introduction Radboud University Nijmegen Radboud University Nijmegen A security protocol example A security protocol example Financial crime in NL (Source: NVB) Warfare is going digital Activity 1992 2010 2011 2012 2013 bank robbery 570 26 7 4 ? internet banking — 10M e 35M e 38M e 9.6M e bankcard skimming — 20M e 40M e 29M e 6.8M e Remarks : • You’re an old-school loser if you’re still planning a career as bank robber • Bad guys have gone digital , in fraud, blackmail, sabotage, espionage, . . . ( c � Herald Tribune) B. Jacobs Version: fall 2014 Computer Security 19 / 50 B. Jacobs Version: fall 2014 Computer Security 20 / 50
Recommend
More recommend
