Rutgers The State University of New Jersey
|
| Instructor | : Prof. Vijay Atluri |
Office |
: 200R Ackerson Hall (Newark) |
| Office Hours | : Thursdays 5:00 - 6:30pm, Room 217D, Levin Building |
| Telephone | : 973-353-1642 |
| Fax | : 973-353-5003 |
| : atluri at rutgers dot edu | |
| Homepage | : http://cimic.rutgers.edu/~atluri |
Final Exam
Official University/Campus closings:
Call 973-353-1766 or 732-932-1766
New Brunswick Campus Information
Newark Campus Information
Class participation
Class participation, Spring 2005
Course Description:
The objective of this course is to introduce to students the emerging area of electronic commerce and the security challenges and threats in EC, and provide them with an understanding of the state-of-the-art EC security technologies. In particular, this course discusses security requirements for electronic commerce such as identification and authentication, authorization and access control, data integrity, confidentiality, non-repudiation, trust, and regulation. It discusses the EC security technologies including internet security, firewalls, cryptography, digital signatures, secure email, public key infrastructure, intellectual property protection and watermarking, Java security, database security, secure electronic payments such as SET (secure electronic transaction), digital cash and digital cheques, and smart card technology, and the related standards and commercial systems.
Text Book:
- Protocols for Secure Electronic Commerce, Second Edition by Mostafa Hashem Sherif ISBN 0-8493-1509-3 Publisher: Taylor & Francis Group, LLC
- We also use reference material from the web pages linked to the topic.
Reference Books:
- Warwick Ford and Michael S. Baum, Secure Electronic Commerce, Building the infrastructure for digital signatures and encryption , Prentice Hall, Second Edition, ISBN 0-13-027276-0
- Details on cryptography can be found in: Charlie Kaufman, Radia Perlman and Mike Speciner, Network Security: Private Communication in a Public World, Prentice-Hall.
Other Reading:
- Assigned readings of selected articles from journals and magazines.
- Bruce Schneier, "Secrets & Lies, Digital Security in a Networked World," John Wiley, 2000
- Electronic CIPHER (http://www.ieee-security.org/cipher.html)
- Information Security
Magazine
- The Risks Digest (http://catless.ncl.ac.uk/Risks)
Expected Work:
- Homework assignments 20%
- Class participation 5%
- Research paper 15%
- Project 10%
- Midterm Examination 25%
- Final Examination 25%
Tentative Schedule:
The schedule is subject to change any time. The notes is posted at least one day in advance.
Jan 24
- Introduction to Electronic Commerce and Security
- Class notes
- Chapter 1 from the text
- Basics of Cryprography
- Class notes
- Chapter 3 from the text
- ITPRC.COM The Information Technology Professional's Resource Center
- Security Tutorials Online
- CERT
- Securing Your Business, A White Paper
- Secure Electronic Commerce Links
Jan 31
Feb 7
- Project Overview
- Fundamentals of Security Technologies
- Class notes
- Chapter 3 from text and chapters 2,3 and 5 from reference text 2
- Introduction to Cryptography - 1
- Introduction to Cryptography - 2
- Demonstration for RSA Cryptography using JavaApplet.
-
AES: The New encryption
standard selected by the US govt
Feb 14
- Provide details of your paper and project either by email or hard copy
- Homework 1 (Due February 28) Hints for Digital signature assignment
- Fundamentals of Security Technologies (continued)
- Chapter 3, and chapters 4,7 and 8 from reference text 2
- Class notes
- A nice introduction to digital signatures
- Article on Kerberos
- Article on Biometrics
- Article on Elliptic Curve Cryptography
Feb 21
- Internet Security
- Class notes
- Chapter 2,5 from the reference text 1
Feb 28
- Internet security (Continued)
- Chapters 5 and 6 from text
- TCP SYN Flooding and IP Spoofing
- Some Introduction on Network Sniffers
- Session hijack script
- Theft On The Web: Prevent Session Hijacking
- Denial of Service Attacks
- You will find more information on the attacks at CERT
- Internet Firewalls: Frequently Asked Questions.
- Packet Filtering Vs Application Level Firewalls
Mar 6
- Mid-term Examination
(Topics covered until Feb 28) - Sample Questions
Mar 13
- Certificates, Certification Practices and PKI Chapter 3 and Chapter 6,7,8,9 from reference text 2
- Class notes
- PKIX (X.509)
- X.509 Public Key Infrastructure Certificate and CRL Profile
-
Security Wire Daily
- Information Security Magazine News Archives
- Certificate Validation
- Class notes
- DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE
- Tumbleweed Communications (Valicert)
- Corestreet
- Kyberpass
- Ascertia
- OpenValidation.org
- Online Certificate Status Protocol (RFC 2560)
- Simple Certificate Validation Protocol
Mar 20
- Spring recess: No Class
Mar 27
- Secure Payment Systems
- Class notes (56 Pages!! Just save as an electrinic copy instead of printing)
- Electronic Money, or E-Money, and Digital Cash, including FAQ
- SET
- A list of on-line payment schemes
- Homework 2 (Due April 10)
Apr 3
- Secure Payment Systems continued
- Class notes (41 Pages!! Just save as an electrinic copy instead of printing)
- Java Security
- Class notes
- Email Bombs
- Class Notes
- Viruses
- Class Notes
- Reading Assignment: Java Security by Steven Fritzinger and Marianne Mueller, Sun Microsystems, Inc.
- Java Security FAQ
- Java Commerce
- Finjan
- JumpingBeans
Apr 10
- Security Policy and Regulation
- Class Notes
- Chapter 3 from the reference text 2
- World Intellectual Property Organization
- cybersquatting
- Watermarking Technologies
- Class Notes
- References to Watermarking research and technology
- Digimarc
- Verance
- Macrovision
-
An article Terrorists and steganography by By Bruce
Schneier
Apr 17
- Security of Integrated Circuits
- Chapter 13 from the text
- Mobile Commerce Security
- Class Notes
- Reading Assignment: An article
Apr 24
- Database Security
- Class Notes
- Final Exam
May 1
- Paper Presentations and Project Demonstrations
- Final Examination due
- Reserach papers due