Computer and Network Security by Avi Kak

Lecture Notes on Computer and Network Security
by
Avinash Kak

Think of these lecture notes as a living textbook that strives to strike a balance between the systems-oriented issues and the cryptographic issues. Without the latter, the former cannot be fully comprehended, and, without the former, the latter are too dry to appreciate.

Note for instructors using these slides/notes:

Instructors who use these notes/slides want to know frequently how exactly I use them in class since there is much more information on a typical slide than you will usually find in a powerpoint presentation. Here is the answer: When I teach the theoretical portions of this course, I actually work out the formulas on the chalkboard. And when I teach the systems portion of the course, I spend quite a bit of time demonstrating the issues on my Linux laptop. In that sense, these PDF slide files are as much for showing in class as they are for focused reading by the students. When used as slides, these serve as backdrop to the explanations provided on the chalkboard or through demonstrations on a computer.

Regarding homework assignments:

Homework assignments typically involve writing Perl or Python scripts in order to gain a deeper understanding of the ideas through actual implementation. (From a pedagogical standpoint, scripting is much more efficient for this than writing code in raw C.) In the part of the course that deals with encryption, students write scripts for implementing DES, AES, RC4, etc. In the part of the course that deals with more system related issues, the students are asked to write scripts that carry out DoS attacks, buffer overflow attacks, etc., against servers (for buffer overflow attacks, that would be a socket program in C with intentionally embedded buffer-overflow vulnerability). If you are an instructor and you'd like to see these homework assignments, send me a note at kak@purdue.edu. If you do so, please place the string "requesting security homework" in your subject line to get past my procmail filter.

Useful Resources for Homework Assignments:

If you are writing Perl and/or Python scripts for solving homework problems or for course projects, you will find the book "Scripting with Objects" a useful resource for this course. Chapters 2 and 3 of the book provide quick and easy-to-follow introduction to Perl and Python, respectively.
The BitVector class in Python is useful for writing Python scripts for block and stream ciphers.
If you'd rather do your homework in C++ or Java, you will find the book "Programming With Objects" a useful resource. This book is now being used at a number of universities for teaching object-oriented programming in both C++ and Java simultaneously.

When will these slides/notes be updated next?:

The 2009 major revision and update of the notes is over. Several of the lecture notes went through significant addition and revision. Much new material was added to the notes that address the systems-oriented issues in computer and network security.

The next serious update of this material is scheduled for the January -- April 2010 time frame.

Lecture Notes / Slides
1.	Introductory material, course administration handout, etc.
2.	Classical Encryption Techniques	Updated April 2009
3.	Block Ciphers and the Data Encryption Standard	Updated January 2009
4.	Finite Fields (PART 1): Groups, Rings, and Fields	Updated January 2009
5.	Finite Fields (PART 2): Modular Arithmetic	Updated April 2009
6.	Finite Fields (PART 3): Polynomial Arithmetic	Updated April 2009
7.	Finite Fields (PART 4): Finite Fields of the Form GF(2ⁿ)	Updated February 2009
8.	AES: The Advanced Encryption Standard	Updated February 2009
9.	Using Block and Stream Ciphers	Updated February 2009
10.	Key Distribution and Random Number Generation Issues for Symmetric Key Cryptography	Updated February 2009
11.	Prime Numbers	Updated March 2009
12.	Public-Key Cryptography and RSA	Updated March 2009
13.	Public-Key Cryptography for Exchanging Secret Session Keys	Updated March 2009
14.	Elliptic Curve Cryptography	Updated April 2009
15.	Hashing for Message Authentication	Updated March 2009
16.	TCP Vulnerabilities and the Denial-of-Service Attacks	Updated April 2009
17.	DNS and the DNS Cache Poisoning Attack	Updated May 2009
18.	Packet Filtering Firewalls (Linux)	Updated April 2009
19.	Proxy-Server Based Firewalls	Updated April 2009
20.	PGP, IPSec, and TLS/SSL	Updated April 2009
21.	The Buffer Overflow Attack	Updated April 2009
22.	Malware: Viruses and Worms	Updated April 2009
23.	Port Scanning, Vulnerability Scanning, Packet Sniffing, and Intrusion Detection	Updated April 2009
24.	Password Protected Systems and the Annoying Dictionary Attack	Updated May 2009
25.	Security Issues in Structured Peer-to-Peer Networks	Updated September 2009
26.	Small-World Peer-to-Peer Networks and Their Security Issues	Updated September 2009
27.	Web Security: PHP Exploits and the SQL Injection Attack	Updated May 2009
28.	Bots and Botnets	Posted May 2009
29.	Index (HTML)	Updated May 2009

A BRIEF HISTORY: These lecture notes, at least several of them, made their first appearance on the web in 2006. They have so far gone through three major revisions. With each revision I have attempted to improve the explanations on the basis of the feedback I receive from the students at Purdue and from other users of these notes. Regarding the notes that deal with the systems side of security, I have tried to seek out the best ways to combine the explanation of the concepts and their demonstration on a laptop keeping in the mind the time constraints of a typical lecture period.

EXPERIENCING PROBLEMS? If you experience any problems with downloading or using any of these PDF files, please send an email to kak@purdue.edu with the string "Problem with computer security notes" in the subject line to get past my spam filter.

FEEDBACK WELCOME! If you have any comments or any suggestions for improving these notes, please send an email to kak@purdue.edu with the string "Comments on computer security notes" in the subject line to get past my spam filter. Any suggestions that I incorporate would be duly acknowledged.

WOULD YOU LIKE TO CONTRIBUTE A HOMEWORK PROBLEM OR A PROJECT? My goal is for these notes to become self-contained as a medium of instruction in computer and network security. Toward that end, I'd like to end the notes for each lecture on a set of homework problems and/or projects. If you send me a problem or a project, your name will be mentioned as the author of that problem or project. If you submit a project, please make sure that it can be done in one or two weeks' time in some high-level language. I'll certainly include the problems and projects I currently give out when teaching this material, but any contributions made by others using these lecture notes would add to the variety. If you choose to send me a problem or a project, email it to kak@purdue.edu with the string "homework for computer security notes" in the subject line.