Introduction to Security
Principal lecturer: Dr Ross Anderson
Taken by: Part IB, Part II (General), Diploma
Number of lectures: 4
Lecture location: Arts School Room A
Lecture times: 11:00 on TTS starting 02-Mar-99
This course gives a basic introduction to contemporary computer security and
cryptology. It consists of four lectures on the following topics:
- Lecture
1: Introduction. Typical applications and their security
requirements. Bookkeeping systems; transaction processing systems;
multilevel secure systems; electronic warfare. Review of software
engineering basics, and their application to security engineering.
- Lecture
2: Access control basics: access matrices, access control lists,
capabilities, roles and groups. Password cracking, malicious code and
intrusion detection.
- Lecture
3: Basic block ciphers. Feistel ciphers including DES and TEA.
Modes of operation: electronic code book, cipher feedback, output
feedback, cipher block chaining; MACs and hash functions. Applications
including one-time password generators and Kerberos.
- Lecture
4: Public key cryptography: Diffie-Hellman, ElGamal, DSA; public
key protocols and failures including Denning-Sacco and
Needham-Schroder.
Books and other sources
In four lectures, I can do little more than prepare the ground for the
part 2 security course and for other courses in communications,
information theory, distributed computing and so on. In any case, the
best way to acquire a feel for this subject is by wide reading. The
history is quite fun: a good starting point is Kahn's book `The
Codebreakers'.
Computer security: Perhaps the best basic textbook is Dieter
Gollmann's `Computer Security'; as this was published only a few
months ago, many college libraries won't have it yet, and an
alternative is Garfinkel and Spafford's `Practical Unix and Internet
Security'. For more specific information on network vulnerabilities,
see Cheswick and Bellovin's `Firewalls and Internet Security'; a more
abstract treatment is Amoroso's `Fundamentals of Computer Security
Technology'.
Cryptography: there are many books which cover the basics, and
which one you find congenial will depend on the amount of mathematics
with which you're comfortable. Schneier's `Applied Cryptography' is
fairly non-mathemtical and includes source code for a lot of
algorithms. Another comprehensive text is Simmons' `Contemporary
Cryptology'; this has more engineering detail. For the mathematically
inclined, Stinson's `Cryptography - Theory and Practice' and Koblitz's
`Course in Number Theory and Cryptography' have got a wealth of
technical detail.
Ross Anderson
March 1999
IB | II(G) | Dip