SE 448: Information and Cyber Security אבטחת מידע וסייבר
Course, Kinneret College on the Sea of Galilee, Software Engineering, 2025
Semester 2, 5785
Course Details:
- Lecture and Targil: Thursday 13:00-16:00 in Room 815
- Instructor: Michael J. May
- Email: mjmay (at) kinneret,ac,il
The full detailed syllabus of the course is available here.
Topics:
The topics for the course include the following:
| Threats and Security Requirements | Foundations of Modern Cryptography |
|---|---|
| Encryption and Randomness | Hash Functions |
| Authentication | Public/Private Key Pairs |
| Shared Secrets | Certificates |
| Network Security | Internet and Web Security |
| Access Control | Security Protocol Evaluation |
Goals:
At the end of the course the student will be able to:
- Give proper definitions for the terms “authenticated”, “encrypted”, “trustworthy”, “secret”, “complete” and explain the differences between them.
- Properly use the following security atoms in application code and in designing communication protocols: cryptographic hash functions; AES and similar symmetric ciphers; RSA asymmetric cipher; RSA digital signatures; Diffie-Hellman key establishment; and Needham-Schroeder key distribution.
- Identify strengths and weaknesses in communication protocols under the symbolic attacker model.
- Explain the operation of TLS and X.509 and use them in Java programs.
- Design a system that securely uses and stores passwords for authentication.
- Evaluate a communication security problem, derive an appropriate attacker model for it, and devise a communication security protocol which properly addresses it.
Reading
The following books contain useful course material, and much of the lecture content is derived from them (and other sources). Copies of these books are on reserve in the Kinneret Library or available freely online:
- Security Engineering: A Guide for Building Dependable Systems. (2nd edition) by Ross Anderson. link
- Computer Security: Art and Science. by Matt Bishop.
- Wenliang Du. Computer & Internet Security: A Hands-on Approach. Wenliang Du, 3rd ed. edition, May 2022.
- A Graduate Course in Applied Cryptography. by Dan Boneh and Victor Shoup. link
- Cryptography Engineering: Design Principles and Practical Applications. By Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno. link
- Handbook of Applied Cryptography. by Alfred J. Menzes, Paul C van Oorschot, and Scott A. Vanstone. link
Other materials and readings will be introduced during the course of the semester as necessary.
Assignments
The following assignments will comprise the assignment portion of the course grade:
Assignment 1 (10%): DES/AES Encryption. Due: 9 April 2025
Assignment 2 (10%): Hashing and Encryption. Due: 8 May 2025
Assignment 3 (10%): Hybrid Encryption. Due: 29 May 2025
Assignment 4 (10%): Digital Signatures with Digital Certificates. Due: 21 June 2025
Lab 1 (10%): Buffer Overflow SetUID. Due: 29 June 2025
Lab 2 (0%): Return to Libc Attacks (Cancelled). Due: 29 June 2025
Lab 3 (10%): Format Strings Attacks. Due: 3 July 2025
Lab 4 (10%): SQL Injection Attacks. Due: 5 July 2025
Assignments are on Moodle. More details of assignments will be given during the course of the semester.
Grading Criteria
Final grades will be calculated by combining grades from student participation, the midterm exam, and projects. The grades are weighted as follows:
- 70% Assignments (Required)
- 30% Weekly Quizzes
Lecture Slides and Notes
| # | Date | Topic | Slides | Recitation |
|---|---|---|---|---|
| 1 | 20 March | Requirements<br>Cryptographic Analysis<br>One time pads, Computational Security | [pdf] | |
| 2 | 27 March | Computational Security<br>Stream and Block Cipher Functions, DES<br>Advanced Block Ciphers | [pdf] | [DES/AES] |
| 3 | 3 April | Symmetric Cipher Modes: ECB, CBC, OFB, CTR, GCM | [pdf] | [CTR] |
| 4 | 10 April | Hash Functions and Merkle Trees | [pdf] | [Hashing] |
| 5 | 24 April | Merkle Trees<br>Diffie-Hellman | [pdf] | [Merkle] |
| 6 | 8 May | Public/Public Key Pairs, RSA<br>Quantum Crypto and Post-Quantum Crypto | [pdf] | [RSA] |
| 7 | 15 May | Passwords and Human Authentication | [pdf] | |
| 8 | 22 May | Digital Signatures, Key Exchange and Establishment | [pdf] | [Passwords] |
| 9 | 29 May | PKI, X.509 Certificates, Certificate Revocation and transparency | [pdf] | |
| 10 | 5 June | TLS | [pdf] | [Signatures] |
| 11 | 12 June | Software Security: Buffer Flow and Variable attacks | ||
| 12 | 19 June | Software Security: Format strings and libc attacks | ||
| 13 | 26 June | Secure coding techniques for SQL and injection |
Academic Integrity
This course will abide by Kinneret College’s code of academic integrity. In particular, for individual projects and group projects, the following guidelines should be followed.
Cheating of any sort will not be tolerated. Student collaboration is encouraged, but within limits as set forth in the college’s rules on academic integrity. Any students caught cheating will be immediately referred to the department head and the Dean and may receive a failing grade for the course.
Cheating includes:
- Copying information, content, or verbatim text from other students, internet sites, books (other than the ones listed in the bibliography), other unaffiliated individuals to answer questions, solve problems, or aid in programming projects.
- Copying or submitting source code, documentation, or other programming aids without attribution from other students, web sites, online repositories, text books, open source programs, or other unaffiliated individuals.
- Project teams which submit work which is identical or substantially identical to work submitted by other project teams, whether current or from previous years.
- Other forms of academic misconduct as described here or as reasonably assessed by the instructor, program head, or dean.
If you have any questions about what constitutes cheating in the above rules, contact the instructor as early as possible.