COMP522

Privacy and Security

Aims

The aims of this module are:

  • to introduce students to the major problems and solution approaches in the area of computer and Internet privacy, confidentiality and security.
  • to provide a theoretical framework for subsequent research in these challenging areas.

Syllabus

Identification and authentication:

  • passwords v. tokens v. biometrics
  • identity v. capability
  • data aggregation, anonymity and pseudoanonymity; and
  • steganography.

Monitoring:

  • audit, and intrusion detection;
  • techniques (statistics, pattern recognition, etc);and
  • issues such as accountability v. privacy.

Protocols:

  • protocol design;
  • cryptography for secrecy, for signing, etc.;
  • symmetric key and asymmetric key protocols;
  • 3DEA and RSA protocols;
  • logical representation of protocols,
  • formal properties of protocols; and
  • applications, e.g. encryption, key distribution, identification, authentication, electronic cash, gambling etc.

Attacks and defences:

  • covert channels;
  • smart cards;
  • E-warfare:, e.g. viruses and worms, logic bombs, EMP guns, Trojan horses, denial/manipulation of service,etc.; and
  • firewalls and sandboxes, ethical hacking for penetration testing.

Legal and ethical issues: national anti-terrorism legislation, the USA clipper chip. Include a reference to legal and ethical issues (UK data protection act, European data protection and privacy legislation) covered in the research methods module COMP516.

Future directions:

  • ubiquitous/pervasive computing/nanotech security issues; and
  • quantum protocols and cryptography.

Recommended Texts

William Stallings [2000]: Network Security Essentials: Applications and Standards. (Prentice Hall)

Simson Garfinkel [2002]: Web Security, Privacy and Commerce. (Second Edition, O'Reilly)

Learning Outcomes

At the end of the module, students should:

  • understand the main problems in security, confidentiality and privacy in conputers and in networks, and the reasons for their importance.
  • understand the main approaches adopted for their solution and/or mitigation, together with the strengths and weaknesses of each of these approaches.
  • understand the main encryption algorithms and protocols.
  • appreciate the application of encryption algorithms to secure messaging, key distribution and exchange, authentication and electronic payment systems.
  • understand the use of epistemic logics for formal modeling of security and privacy protocols.
  • understand the legal and ethical issues related to security, confidentiality and privacy.

The module addresses learning outcomes 2, 3, 4, 5 and 6 for the MSc in Computer Science programme, and learning outcomes 2, 3, 4, 5 and 6 for the MEng in Computer Science programme.

Learning Strategy

Formal Lectures: Students will be expected to attend three hours of formal lectures in a typical week plus one hour supervised tutorial.

Private study: In a typical week students will be expected to devote six hours of unsupervised time to private study. The time allowed per week for private study will typically include three hours of time for reflection and consideration of lecture material and background reading, and three hours for completion of practical exercises.