414-F10-index

CMSC 414-0101

Computer and Network Security

Fall 2010

http://www.cs.umd.edu/~shankar/414-F10
Check at least twice weekly. See News for last update

Professor	A. Udaya Shankar (email: shankar@cs.umd.edu). Office hours: TuTh 2-3 or by appointment (AVW 4141).
TA	Abdul Quamar (email: abdul@cs.umd.edu). Office hours: MW 2:00-3:00pm or by appointment (AVW 1112).
Classes	CSI 1121. TuTh 12:30-1:45pm
Project page	https://www.glue.umd.edu/graceclass/fall2010/cmsc/414/0101/public/project.html. For all project information (read regularly).
Previous 414	This course will differ significantly from my previous 414 class, but the latter still gives some idea of how the course will develop.

News

(Dec 15) NEW Final exam scores and course grades posted.
(Dec 15) Practice exam 2 solution.
(Dec 14) Email me if you want to meet for office hours Thursday afternoon, say 1:30-3:30.
(Dec 13b) Practice exam 2.
(Dec 13a) Topics for exam 2.
(Dec 12) Homework 7 (and 8) solution. Hw 8 scores posted.
(Dec 8)
- Hw 7 will be returned in class tomorrow.
- Hw 8 due date is changed again to this Saturday Dec 11.
  - Slip your hw under my office door by Sat Dec 11 NOON.
  - Or email it to me by Sat Dec 11 8pm.
- Around 9pm, I'll ack your submissions by adding a hw 8 entry on grades.cs with a score of 1.
- Around 10pm, I'll post the solution, after which no submissions will be accepted.
- As before, you can use your hw 7 / 7A / 7B score for hw 8 / 8A / 8B. If I don't have a submission from you, I'll use your hw 7 score.
(Dec 7) The note of Dec 2 has a typo (now fixed): for hw 8, you can reuse your hw 7 grade (not your hw 6 grade).
~~Hw 7 grades may not be available by this thursday, so I'm extending the due date. Slip it under my office door before Dec 16 2pm.~~
(Dec 7) Homework 5 solution.
(Dec 2) Hw 8: redo hw 7. Due Thu Dec ~~9 in class, Dec 15 2pm (slip under my office door)~~ See Dec 8 note.
If you want your hw ~~6, 6A, or 6B~~ 7, 7A, or 7B score to be reused, just email the TA and me.
(Nov 30) Hw 5 points distribution:
(Nov 23b) Homework 7. Due Thu Dec 2 (same day as hw 6). Staple if multiple pages.
(Nov 23a) Homework 6 (redo of hw 5, hint). Due Thu Dec 2. Staple if multiple pages.
(Nov 17) Hw 5 typo: last transmission in ClientNS: the kZB in tx([A,B,enc(kZB,n3-1)]) should be kAB.
(Nov 10) Homework 5. Due Thu Nov 18.
(Nov 9) Homework 4 solution: Solution to Hw 3 parts 5, 6, 7.
(Nov 4)
- If I had to give a course grade based solely on exam 1, it would be: A ≥ 40; B ≥ 30; C ≥ 20; D ≥ 10.
- Exam 1 is at most only 25% of the course. Several more homeworks will be assigned. Most of the project weightage is yet to come. So there is ample scope to make up.
- But if your exam 1 score is less than 20 and your hw 2 and hw 3 scores are very weak, then you are probably going to fail the course unless you make drastic changes in how you deal with this course. If you do not have the time or ability to do so, you should probably drop this course (Nov 8 deadline).
- Your grade in the course will depend entirely on your scores in the homeworks, exams, and projects. It's not affected by whether this holds up your graduation, you have a wonderful job lined up, etc.
(Nov 4) Exam 1 grades posted. Exam 1 solution and grading guideline. Hastily typed up, so most likely has typo errors.
(Nov 1d) In the updated Hw 3 solution, part 8, the rhs in J1 and J2 should be "[A,'OPEN',.,nB] in hst" instead of "[A,'OPEN',.,nB] = hst[i-1]".
(Nov 1c) When you prove an assertion, if you're sure your predicates do the job, there is no need to give an informal argument.
(Nov 1c) In the updated Hw 3 solution, in the table in part 8, C0 should be J2.

(Nov 1c) Here is an easier answer to practice exam problem 1b:

C0: hst[i] = [B,nB,nA] => [A,nA,nB] in hst[0..i-1]
C1: ([A,B,nA,enc(mKey,nB)] in chan) and (B at 2) and B.nL = nB and B.nR = nA
     => [A,nA,nB] in hst
C2: [A,B,nA] in chan => nA <= A.nL
C3: [A,B,nA,nB] in chan => nA <= A.nL and nB <= B.nL
C2: [B,A,nB,nA] in chan => nA <= A.nL and nB <= B.nL

(Nov 1b) Practice exam problem 4b. There is no need for a man-in-the-middle attack. The attacker can just receive the msg sent by A and respond to it.
(Nov 1a) Info session on going to CS grad school (Thu Nov 4).
(Oct 31b) You can look up my 414 exams and solutions from earlier semeseters from my previous semester's class page (link above). They are not representative (no protocol programs, over-emphasis on crypto) but you may still find them helpful.
(Oct 31a) Solution to Practice exam 1. Hastily typed up, so most likely has typo errors.
(Oct 28b) Office hrs: 2-4pm Mon Nov 1.
(Oct 28a)
- In practice exam problem 4 server code, add the line "tL <- g^nL mod p" before sending tL.
- Updated solution to Hw 3 parts 1, 2, 3, 8, 4. Parts 1 and 2 solutions are now the shorter ones done in class. Part 3 solution is unchanged. Part 8 is not present in the original hw 3; it's a problem I did in class. Part 4 solution now has one more counter-example evolution. The original hw 3A solution is still available.
- Homework 4 is now parts 5, 6, 7 of homework 3. (i.e., removed part 4).
(Oct 27d) There are errors in hw 3 grading. Contact the TA for regrading if you think your hw's grading has mistakes.
(Oct 27c) Hw 3 grades posted.
(Oct 27b) Practice exam 1.
(Oct 27a) Hw 3A solution1. Solution (and grading guideline) for the first 4 parts of hw 3. The solutions for parts 1 and 2 are not has simple as the ones I did in class (a subset of the predicates C1-C7 is sufficient).
(Oct 26c) Homework 4 is parts 4, 5, 6, 7 of homework 3. Due Thu Nov 4 (but it a good idea to do it before exam 1). If you want your hw 3 submission to be used as your hw 4 submission, just email the TA before Nov 4.
(Oct 26b) Topics for exam 1.
(Oct 26a) Don't forget to check the projects page regularly.
(Oct 25) In class tomorrow, I'll cover part of homework 3 and go over the note (on proving authentication protocols). This also serves as a review of exam 1 (Tue Nov 2). Make sure you have gone over the note carefully before class (hw 3 problem 1). Most students I saw in office hours had not done so. Commit to memory the meaning of "predicate P is unconditionally preserved by step S".
(Oct 18) Homework 2 scores posted. Hws 1 and 2 to be handed back tomorrow in class.
(Oct 17) Homework 3 has been updated to fix typos (tagged with ***). (Available at old links).
(Oct 16) No TA office hours on Monday. TA office hours from 1-3pm on Wednesday.
(Oct 15c) All scores will be posted on grades.cs.umd.edu. Hw 1 scores available.
(Oct 15b) Exam 1 on Nov 2 Tuesday. (W drop deadline is Nov 8.)
(Oct 15a) Homework 2 solution and homework 3 have been updated with fixes (available at old links). Homework 3 is now due on Thu Oct 21.
(Oct 14) Homework 2-F10 solution .
(Oct 12) Homework 3-F10 . Due ~~Tuesday Oct 19~~ Thu Oct 21.
(Oct 5) Homework 2-F10 . Due Tuesday Oct 12.
(Oct 4) Authentication note 1-oct-4-2010. Fixed error in analysis 2 of protocol 1.
(Sep 28) Hw 1-F10 solution.
(Sep 22) Authentication note 1. To be covered in class.
(Sep 21b) Re the project, GRACE and glue.umd.edu are the same. Login to your glue account and cd to /afs/glue.umd.edu/class/fall2010/cmsc/414/0101/.
(Sep 21a) Added TA office hours.
(Sep 20) Project 1 assigned. See Project page.
(Sep 13b) Hw 1-f10. Due Sep 23.
(Sep 13a) Cleaned-up crypto slides posted (link below).

Overview

NEW Protocols will be defined by distributed programs (aka multi-threaded programs), instead of the handshake diagrams. Proofs of correctness will be presented by assertions (along the lines of loop invariants). This material is not in the text; it will be covered in detail in class.

Required text:

Network Security: Private Communication in a Public World, 2nd edition

The first edition of this book (much cheaper) is fine for most of the course. There are only a few chapters (IPsec, SSL) that we cover which are not present in the first edition. So if you can access this material, the first edition should suffice.

Course topics (OLD VERSION), roughly in the order to be covered.

Class notes:

Programming projects

Done in Java. Involves understanding a few hundred lines of code and writing a few ten lines of code. Submitted and tested on the OIT GRACE cluster.

Practice exams

Practice exams, primarily based on homeworks, will be posted. Exams of previous semesters are publicly available on the websites. Although they do not cover the "distributed program" material, they do give insight into how I make up problems and how I grade them (the scoring guidelines are also included in the exam solution).

Homeworks

Homeworks are due in class. Late homework submitted within one day of deadline will be graded out of 80%. No submissions accepted after one day of deadline. Submissions that are not neat and easily legible may get zero marks.

Regrade requests

Any regrade request (for exams, homeworks, projects) must be submitted within a week of the grade being posted.

Grading

Midterm -------- approx 25% (Date: Tue Nov 2)
Final ------------- approx 25% (Date: Fri Dec 17 1:30 pm - 3:30 pm)
Homeworks ---- approx 25%
Projects --------- approx 25%

"Approx" means +/− 5%

Academic Integrity

Academic dishonesty.

This page and all problem sets, lecture notes, and exams linked to it are copyrighted. Use of these pages for the class CMSC414 at the University of Maryland is permitted. Any other use requires permission of the author (Udaya Shankar, shankar@cs.umd.edu).