Introduction to Security

University of Cambridge Computer Laboratory

Principal lecturer: Dr Ross Anderson
Taken by: Part IB, Part II (General), Diploma
Number of lectures: 4
Lecture location: Arts School Room A
Lecture times: 11:00 on TTS starting 02-Mar-99

This course gives a basic introduction to contemporary computer security and cryptology. It consists of four lectures on the following topics:

Lecture 1: Introduction. Typical applications and their security requirements. Bookkeeping systems; transaction processing systems; multilevel secure systems; electronic warfare. Review of software engineering basics, and their application to security engineering.
Lecture 2: Access control basics: access matrices, access control lists, capabilities, roles and groups. Password cracking, malicious code and intrusion detection.
Lecture 3: Basic block ciphers. Feistel ciphers including DES and TEA. Modes of operation: electronic code book, cipher feedback, output feedback, cipher block chaining; MACs and hash functions. Applications including one-time password generators and Kerberos.
Lecture 4: Public key cryptography: Diffie-Hellman, ElGamal, DSA; public key protocols and failures including Denning-Sacco and Needham-Schroder.

Books and other sources

In four lectures, I can do little more than prepare the ground for the part 2 security course and for other courses in communications, information theory, distributed computing and so on. In any case, the best way to acquire a feel for this subject is by wide reading. The history is quite fun: a good starting point is Kahn's book `The Codebreakers'.

Computer security: Perhaps the best basic textbook is Dieter Gollmann's `Computer Security'; as this was published only a few months ago, many college libraries won't have it yet, and an alternative is Garfinkel and Spafford's `Practical Unix and Internet Security'. For more specific information on network vulnerabilities, see Cheswick and Bellovin's `Firewalls and Internet Security'; a more abstract treatment is Amoroso's `Fundamentals of Computer Security Technology'.

Cryptography: there are many books which cover the basics, and which one you find congenial will depend on the amount of mathematics with which you're comfortable. Schneier's `Applied Cryptography' is fairly non-mathemtical and includes source code for a lot of algorithms. Another comprehensive text is Simmons' `Contemporary Cryptology'; this has more engineering detail. For the mathematically inclined, Stinson's `Cryptography - Theory and Practice' and Koblitz's `Course in Number Theory and Cryptography' have got a wealth of technical detail.

Ross Anderson
March 1999

IB | II(G) | Dip