Computer Security and Cryptography

Location: Arizona State University - Tempe Arizona
Program Dates: Custom program by request

Program Sections:

Click Section Title to Expand or Close Section

Program Overview

Security is at the forefront of the currents of computing news. Fraud has taken a front seat in the Internet, and is already causing significant financial losses that are climbing. The innovations in computer crime has blown the lid on many inherent flaws in our computing infrastructure (i.e. use of passwords) and financial infrastructure (i.e. use of credit card and account numbers). We are coasting in denial and spreading the losses and hoping things will get better. From "Evil Twins" to "Pharming" from "SQL Injection" to "Rootkits" the march of attack discovery is outpacing the fixes. The sinister truth is well stated by a trade magazine that said: "Computing at home has never been so powerful - and treacherous. Just as millions of Americans are buying new PCs and signing up for blur-fast Internet connections, cybercrooks are hatching schemes to take control of their machines."

We cover software techniques, hardware techniques, protocols and cryptography, which form the arsenal of our current crop of countermeasures. We inform the audience of the wide variety of techniques used by attackers to gain personal information and financial gains. We cover the countermeasures that are being deployed with limited success. We cover the variety of new tricks that play cat and mouse between fraudsters and security experts. We cover the inherent design defects that lead to unintended consequences. In addition, we cover the latest research techniques and academic protocols that can stem the tide of attacks (virtualization, integrity checking, link farm detection, and so on). This tutorial is accessible to computer professionals familiar with software design, web transactions and basics of networking.

Topics covered by the course include types of attacks, defenses using virus detection and cryptography; Cryptographic techniques such as encryption, public keys, digital certificates and secure communications used to provide data security; PKI systems, digital certificates, digital signatures and challenge response systems provide the more advanced levels of data and identity security, using cryptography and non-tamperable hardware. The course is aimed at computer professionals with an interest in computer security, network security and cryptography. The audience will benefit from increased awareness of attack techniques and cryptographic countermeasures especially the emerging deployment of digital certificates and digital signatures.

Program Schedule
Monday (1:00pm - 5:00pm)
  • Part 1: Security Basics
    • Security Principles
    • Threats and Attacks
    • Vulnerabilities
    • Countermeasures
    • False solutions (e.g. shared secrets)
    • Threat Models
    • Hardening Systems
  • Part 2: Attacks
    • Virus, Trojans and Worms
    • Buffer Overflows
    • SQL Injection
    • Spam, Pharming, Link farms
    • Attacking software systems
    • Attacking Networks
    • Attacking Hardware
    • Rootkits and other Esoteric attacks
    • Social engineering
Tuesday (9:00am-5:00pm)
  • Part 3: Countermeasures
    • Patches and security fixes
    • Awareness and Education
    • Cryptographic Solutions
    • Embedding security in software and hardware
    • Out of band notifications
    • Simple yet effective (vs. Complex and breakable)
    • Part 4: Cryptography
    • Encryption and Hashing
    • Shared secrets
    • Challenge response
    • Public Key Systems
    • Digital Certificates
    • Digital Signatures
    • Key Management
    • Applications of cryptography in Web Transactions
    • Part 5: Network Security
    • Secret Communication
    • Authentication
    • SSL and IPSec
    • PGP and Email
    • Intrusion Detection
    • Denial of Service
    • Honeypots and Tarpits
Wednesday (9:00 - 1:00pm)
  • Part 6: System Security
    • Firewalls
    • Virus Detectors
    • Software Signatures
    • "Kernel Integrity Checkers"
    • "Application Integrity Checkers"
  • Part 7: State of the Art and the Future
    • Are we in a sorry state?
    • Software trust management
    • Hardware trust management
    • Innovative tricks
    • Evasive virus scanning
    • Return of Obscurity Techniques (e.g. Steganography)
Who Should Attend

Computer professionals, students and researchers with backgrounds in software design and systems design will benefit from the program and will find the material accessible. The focus is in understanding how and why current Internet software and ecommerce methodologies are flawed and what can be done in the future to tighten the infrastructure. The audience will benefit from increased awareness of attack techniques and cryptographic countermeasures, especially the emerging deployment of digital certificates and digital signatures.

This program is designed to bridge the gap existing in the community of computer professionals, designers and researchers in their awareness of security vulnerabilities and countermeasures. While, for example, public key systems are well known, most professionals are unaware of how it can be used to be a very effective method of authentication and non-repudiation and also, how even public key systems can be prone to vulnerabilities. This short course is not targeted to security experts, but definitely applicable for those administering computers for security purposes.

Instructor

Dr. Partha Dasgupta joined ASU in 1991. Prior to ASU, he had teaching appointments with Georgia Tech and New York University. He received his Ph.D. in Computer Science from Stony Brook University.

Dr. Dasgupta's core areas of expertise are in Computer Security, Operating Systems and Distributed Computing. His current research focus is the use of cryptography and secure software systems to provide security and dependability of consumer computing. These technologies have the ability to safeguard naive computer users from attacks that attempt to defraud via spoofing, viruses and spam. In addition, he works with software, hardware and networking techniques for enhancement of security and attack resilience. He has significant prior research results and publications in construction of distributed operating systems, high performance systems and secure computing infrastructures.

Dr. Dasgupta also has experience in industrial consulting, training course development and delivery. His research funding has primarily been from NSF and DARPA with smaller grants from Intel, Microsoft and the Consortium for Embedded Systems. He has 20 years of experience with operating systems and 8 years experience with security systems. He is an accomplished teacher and researcher of topics in computer security and distributed computing.

Selected Publications:
L. Tari, C. Baral, and P. Dasgupta, "Understanding the Global Properties of Functionally-Related Gene Networks Using the Gene Ontology," Pacific Symp. on Biocomputing, 2005.

S. Krishnamoorthy and P. Dasgupta, "Tackling Congestion to Address Distributed Denial of Service: A Push-Forward Mechanism," Proc. IEEE Global Communications Conf. (Globecom 2004), IEEE Press, 2004, pp. 2055-2060.

P. Dewan, P. Dasgupta, "Securing Reputation Data in Peer-to-Peer Networks," Proc. 16th IASTED Int'l. Conf. on Parallel and Distributed Computing and Systems (PDCS 2004) , 2004.

M. Khambatti, K. Ryu, and P. Dasgupta, "Efficient Discovery of Implicitly Formed Peer-to-Peer Communities," Int'l J. Parallel and Distributed Systems and Networks, vol. 5, no. 4, 2002, pp. 155-164.

A. E. Motter, A.P.S. de Moura, Y.-C. Lai, and P. Dasgupta, "Topology of the Conceptual Network of Language," Physical Review E, vol. 65, 2002.

For more information contact:

Octavio Heredia
Associate Director, Extended Education
asu.cpd@asu.edu