Lecturers: Professor R.J. Anderson, Dr M.G. Kuhn, Mr G. Danezis
No. of lectures: 16
Prerequisite courses: Introduction to Security, Discrete Mathematics, Economics and Law, Operating Systems, Digital Communication I and II, Information Theory and Coding
This course is a prerequisite for E-Commerce.
This course aims to give students a thorough understanding of computer
security technology. This includes high-level issues such as security
policy (modelling what ought to be protected) and engineering (how we
can obtain assurance that the protection provided is adequate). It
also involves the protection mechanisms supported by modern processors
and operating systems; cryptography and its underlying mathematics;
electrical engineering issues such as emission security and tamper
resistance; and a wide variety of attacks ranging from network
exploits through malicious code to protocol failure.
What is security?
Introduction and definitions: different meanings of principal, system,
policy, trust. Diversity of applications. Relationship with
distributed system issues such as fault-tolerance and naming.
The Bell-LaPadula policy model; similar formulations such as the
lattice mode, noninterference and nondeducibility. Composability. Real
MLS systems, and real problems: covert channels, the cascade problem,
polyinstantiation, dynamic and non-monotonic labelling. Flexibility,
usability and compatibility.
Multilateral security policy models
Compartmented systems, Chinese Wall, the BMA policy. Inference
security: query controls, trackers, cell suppression, randomisation,
stateful controls, and active attacks.
Banking and bookkeeping systems
Double-entry bookkeeping, the Clark-Wilson policy model. Separation
of duties, and its implementation problems. Payment systems and how
they fail: SWIFT, ATMs.
Alarms. Sensor defeats; feature interactions; attacks on
communications; attacks on trust. Examples: antivirus software,
tachographs, prepayment electricity meters. Seals; electronic postal
Attacks on metering, signalling, switching and configuration. Attacks
on end systems. Feature interactions. Mobile phone issues: protection
issues in GSM, GPRS, 3g. Surveillance technology and practice. Models of
attacks on communications systems. Worms and viruses.
Anonymity and peer-to-peer systems
Dining cryptographers; mix-nets. Models of opponents. Surveillance
versus service denial. Peer-to-peer systems; resilience and censorship
Hardware engineering issues.
Tamper resistance: smartcards, cryptoprocessors. Mechanical and optical
probing, fault induction, power analysis, emission security.
Signal processing issues.
Biometrics: fingerprint readers, iris scanners, signature recognition.
Information hiding: watermarks, digital fingerprints, steganography;
jam-resistance and low-probability of-intercept communications.
Historical systems: Caesar, Vigenère, Playfair. Revision of
information theory: unicity distance, the one-time-pad, attacks in
depth. Shift register based systems: the multiplexer generator, the
filter generator, A5. Attacks on these systems: divide and conquer,
Design of block ciphers: SP-networks and Feistel ciphers. Differential
and linear cryptanalysis. AES; Serpent; DES. Revision of the random
oracle model: modes of operation. Splicing and collision attacks.
Message authentication codes and hash functions.
Symmetric cryptographic protocols.
Needham-Schroder, Otway-Rees, Kerberos, the wide-mouthed frog. The
BAN logic. Applying BAN to verify a payment protocol.
Revision of public-key mathematics: RSA, ElGamal, Diffie-Hellman.
Elliptic curve systems, factoring algorithms. Advanced primitives:
identity based schemes; threshold schemes; zero knowledge; blind
Asymmetric cryptographic protocols.
Needham-Schroder, Denning-Sacco, TMN. Applications including SSL, SSH,
SET, PGP and PEM. The BAN logic applied to public key systems.
Rights management, interoperability control and economics.
Copyright management systems; accessory control systems; the TC
architecture. Security economics. Tensions between security and
Why is security management hard? Risk reduction versus
transference; due diligence and the role of insurance. Threat trees;
risk models; robustness; dependability; engineering disciplines.
Verification and evaluation: TCSEC, ITSEC and the Common Criteria.
Interaction with the regulatory environment, from data protection
through RIP to export control.
At the end of the course students should be able to tackle an
information protection problem by drawing up a threat model,
formulating a security policy, and designing specific protection
mechanisms to implement the policy.
* Anderson, R. (2001). Security engineering. Wiley.
Stinson, D.R. (2002). Cryptography: theory and practice.
Chapman & Hall (2nd ed.).
Schneier, B. (1995). Applied cryptography: protocols, algorithms,
and source in C. Wiley (2nd ed.).
Kahn, D. (1966). The codebreakers: the story of secret writing. Weidenfeld and Nicolson.
Cheswick, W.R., Bellovin, S.M. & Rubin, A.D. (2003). Firewalls and Internet security: repelling the wily hacker. Addison-Wesley (2nd
Howard, M. & leBlanc, D. (2002). Writing secure code. Microsoft Press (2nd ed.).
Gollmann, D. (1999). Computer security. Wiley.
Koblitz, N. (1994). A course in number theory and cryptography. Springer-Verlag (2nd ed.).
Neumann, P. (1994). Computer related risks. Addison-Wesley.
Biham, E. & Shamir, A. (1993). Differential cryptanalysis of the data encryption standard. Springer-Verlag.
Leveson, N.G. (1995). Safeware: system safety and computers. Addison-Wesley.
Davies, D.W. & Price, W.L. (1984). Security for computer networks. Wiley.
Beker, H. & Piper, F. (1982). Cipher systems. Northwood.
Cohen, F.B. (1994). A short course on computer viruses. Wiley (2nd ed.).