This page is organized by the weeks of the quarter in which lectures were given and papers assigned. The weeks are in inverse order, on the assumption you will most often be looking for the most recent week.
This class will be taught by Peter Reiher
I will be lecturing on these subjects during the class. Since I'm choosing them as we go along, the research papers I am assigning are not listed here, but are listed below with the lecture slides. `
Web links:
CSI Roundtable: Experts Discuss present and future intrusion detection systems Richard Power, Computer Security Journal, Vol. XIV, No. 1.
Papers:
EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances Phillip A> Porras and Peter G. Neumann, NISSC, October 1997.
No class on Monday.
Lecture 15. This is the lecture deliverd by Jun Li. Note that the slides are in Postscript format.
Web links:
Controlling High Bandwidth Aggregates in the Network Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ionnidis, Vern Paxson, and Scott Shenker, draft of technical report, February 1991.
A Snapshot of Global Internet Worm Activity A technical report by Dug Song, Rob Malan, and Robert Stone, Nov. 13, 2001.
The Internet Worm Program: An Analysis A technical report by Eugene Spafford, 1988.
Not related to this week's material, but I've assigned this because it looks like some people could use a bit more background on Kerberos.
The Evolution of Kerberos J. Kohl, B. Neuman, and T. T'so, in Distributed Open Systems, Morgan Kauffman Publishers, 1994.
Slides on security policy for the UCLA CS Department
There were no other slides this week, due to the midterm.
Web links:
There is no required reading for this week.
The RFCs I assigned for IPSec have been superceded by more recent RFCs on the same subject. The basic approaches outlined in the superceded versions are still taken in the new RFCs, but the new RFCs contain far more details, and a few things have changed. They are much longer than the old RFCs, and you do not need to read them for the class. However, you might find them interesting:
RFC 2401, updated RFC on IPSEC
RFC 2402, updates RFC on IPSEC authentication header.
RFC 2406, updated RFC on IPSEC Encapsulating Security Payload.
Lecture 9 Note that this lecture is in PDF, not postscript. Subsequent lectures are also likely to be posted in PDF form.
Web links:
For Wednesday, May 1:
RFC 1826, on IPSEC authentication header.
RFC 1827, on IPSEC Encapsulating Security Payload.
Lecture 8 Note that this lecture is in PDF, not postscript. Subsequent lectures are also likely to be posted in PDF form.
Lecture 7 Note that this lecture is in PDF, not postscript.
Note: There will be a change in lecture order. On Wednesday, instead of talking about network security, I will discuss key servers and certificates.
Web links:
For Wednesday, April 24
Appendix H to the National Research Council's report on Cryptography's Role in Security the Information Society, on essential characteristics of public key infrastructures.
10 Risks of PKI: What You're Not Being Told About Public Key Infrastructure An article by Carl Ellison and Bruce Schneier.
A rebuttal to Ellison and Schneier's article on the risks of PKI .
Another rebuttal to the article.
For Monday, April 22
Formal Verification of Cryptographic Protocols: A Survey. Catherine A. Meadows, ASIACRYPT: International Conference on the Theory and Application of Cryptology, 1995.
Lecture 6 Note that this lecture is in PDF, not postscript.
Web links:
For Wednesday, April 17
The 2002 CSI/ FBI Computer Crime Survey. I referred to statistics from the 2001 survey in class. This is the newest one, just out.
An essay on the value of using known and proven cryptography by Bruce Schneier. It's part of a longer message. You are only required to read this essay.
An interesting approach to what amounts to key distribution using synchronized neural networks Too soon to determine if it's of any use, but interesting.
For Monday, April 15
Not required reading, but an interesting resource:
A Web page with vast amounts of information on international laws on cryptography.
Web links:
A good description of public key cryptography, courtesy of Netscape.
A description of the Rijndael cipher.
April 3, 2002
Web links:
An Introduction to Role-Based Access Control
Always On, Always Vulnerable: Securing Broadband Connections , Matthew Tanase.
April 1, 2002
Web links:
Improving the Security of Networked Systems, Julia Allen, Christopher ALberts, Sandi Behrens, Barbara Laswell, and William Wilson.
Why Computers Are Insecure, Bruce Schneier. (The link leads to an entire web page on various security subjects. Read it all, if you want. You are only required to read this essay, however, which is around a page and a half.)
Methods of Hacking: Social Engineering, Rick Nelson.
Social Engineering Fundamentals Sarah Granger.