Topics in Computer Security

Basic cryptography

i) encryption what is "secure" encryption?

ii) common encryption and signature schemes trends: elliptic curves, ...

iii) what if quantum computing actually works?

Authentication and handshake protocols.

i) examples, vulnerabilities and attacks (Kerberos, SSH, SSL, ...)

ii) analysis methods

iii) interactions between protocols and cryptography

Electronic commerce

i) business models

ii) digital cash and digital payment schemes

System security

i) common errors: password attacks, summary of sendmail and other attacks on network daemons, etc.

ii) server problems, cgi scripting, perl tainting, …

ii) security mechanisms (tripwire? other ideas?)

iii) intrusion detection

Firewalls and network security issues

i) network routing, sniffers, etc.

ii) DNS vulnerabilities, IP-spoofing, ...

iii) what firewalls can and cannot do

Mobile code security

i) overview of Java, JavaScript, ActiveX, etc.

ii) example risks and case studies: surfer and server

iii) Java security model

iv) security mechanisms and policies

Privacy issues

i) what does a web site know about you?

ii) legal status of privacy (do we know anything about this...?)

Policy

i) export control laws

ii) key escrow schemes; risks and potential benefits

iii) offshore gambling, commerce, …