King Saud University

College of Computer and Information Sciences

Department of Computer Engineering
CEN 585 COMPUTER AND NETWORK SECURITY
Semester II, Academic Year 2010-2011

Course Description (catalog):

Introduction to Computer Security/History, case studies, Risk Analysis and Security
Planning, Security Policies and Models, Access Controls, Program Security (Trojan Horses,
Viruses, Worms), Operating system security, Cryptography & Hashing Techniques,
Encryption-based Protocols, Authentication/PKI, Network Security, Network Cryptographic
Protocols, Traffic Analysis & Prevention, Network Security Standards, IP Security Options,
Firewalls and protocol vulnerabilities.

Textbook(s) and/or Other Required Materials:

Primary:
William Stallings, Cryptography and Network Security, Prentice-Hall, 4/E, 2005.
Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed
Systems, Wiley, 2/E, 2008. Information and sample chapters are available at:
http://www.cl.cam.ac.uk/~rja14/book.html.

Supplementary:
Alfred Menezes, Paul van Oorschot and Scott Vanstone, Handbook of Applied
Cryptography (Discrete Mathematics and Its Applications), CRC Press, 1/E, 1996.
Available online at: http://www.cacr.math.uwaterloo.ca/hac/.
Dieter Gollmann, Computer Security, Wiley, 3/E, 2011.
Lecture Notes, Selected Articles from Conference Proceedings, Journal Publications
and the World Wide Web.

Course Objectives
This course is designed to help the student:
Identify principles and practices of cryptography and network security.
Understand the potential threats to computer and information systems.
Develop ability to implement security tools and algorithms.
Learn how to apply and control appropriate protective measures.

Course Outcomes
This course requires the student to demonstrate the following:
Define the main security attack types.
Define standard security terminology.
Apply encryption and hash algorithms by hand and/or using calculator.
Apply access control mechanisms on file system and network levels.
Identify security weaknesses and how to fix them.
Design good security policies based on needs and threats.
Do own research on advanced security topics.
Deliver good presentation on selected topic.
Topics Covered and Schedule in Weeks
Week Topic Related text
1 Introduction, Security Threats, Standards, Importance, Definition of WS1, RA1
Security Engineering.
2 Classical Encryption Techniques, Cryptanalysis. WS2, RA5
3 Modern Symmetric Encryption Techniques, DES, 3DES. Modes of WS3, WS6,
Operation. RA5
4 Modular Arithmetic, Number Theory, Public Key Encryption, RSA. WS4, WS8,
WS9
5 Advanced Encryption Standard (AES). WS5
6 Message Authentication, Hash Functions, MD5, SHA1. HMAC. WS11, WS12
7 Midterm 1
Revision.
8 Authentication Protocols, MITM Attacks, Kerberos, Two-Factor WS14, RA2,
Authentication, Passwords, Phishing, Psychological Issues. RA3
Spring Break
9 Access Control, Operating Systems, Database, Sandboxing, RA4, RA15
Virtualization.
Biometrics: Face recognition, Fingerprints, Iris, DNA.
10 Malicious Software, Network Attacks, DDoS, DNS Security. WS19, RA21
11 Network Security, IPSec, VPNs, Intrusion Detection, Firewalls. WS16, WS20
12 Email Security, Digital Signatures and Certificates, PGP, S/MIME, WS15, WS17
Web Security, SSL/TLS.
13 Physical Security, Tamper Resistance, Smart Cards, Emission RA16, RA17
Security, Side Channel Attacks.
14 Midterm 2
Revision.

Evaluation
Homework/Quizzes 15%
Project 15%
Midterms 30%
Final Exam 40%

Course Policies
Each student must provide a valid email address for communication.
Announcements and course notes will be posted on the course website:
http://faculty.ksu.edu.sa/mdahshan/Pages/CEN585.SP11.aspx.
Homework must be submitted by email no later than specified date.
Homework assignments and projects must be done individually.
You may not share your answers with others.
Plagiarism is an academic misconduct and will be dealt with appropriately.
Current Instructor, Department, Office Hours and Date
Dr. Mostafa Hassan Dahshan
Department of Computer Engineering
Bldg: 31, room: 2190
Office Hours: Monday 10am -12pm, Wednesday 10am -12pm and by appointments
Email: mdahshan@ksu.edu.sa
Office Phone: 46-76703
Semester II, AY 2010-2011