Rutgers The State University of New Jersey
|
| Instructor | : Prof. Vijay Atluri |
Office |
: 200R Ackerson Hall (Newark) |
| Office Hours | : Thursdays 5:00 - 6:30pm, Room 245, Levin Building |
| Telephone | : 973-353-1642 | Fax | : 973-353-5003 |
| : atluri at rutgers dot edu | |
| Homepage | : http://cimic.rutgers.edu/~atluri |
Call 973-353-1766 or 732-932-1766
New Brunswick Campus Information
Newark Campus Information
Class participation
Class participation, Spring 2005
Course Description:
The objective of this course is to introduce to students the emerging area of electronic commerce and the security challenges and threats in EC, and provide them with an understanding of the state-of-the-art EC security technologies. In particular, this course discusses security requirements for electronic commerce such as identification and authentication, authorization and access control, data integrity, confidentiality, non-repudiation, trust, and regulation. It discusses the EC security technologies including internet security, firewalls, cryptography, digital signatures, secure email, public key infrastructure, intellectual property protection and watermarking, Java security, database security, secure electronic payments such as SET (secure electronic transaction), digital cash and digital cheques, and smart card technology, and the related standards and commercial systems.
Text Book:
- Protocols for Secure Electronic Commerce, Second Edition by Mostafa Hashem Sherif ISBN 0-8493-1509-3 Publisher: Taylor & Francis Group, LLC
- We also use reference material from the web pages linked to the topic.
Reference Books:
- Warwick Ford and Michael S. Baum, Secure Electronic Commerce, Building the infrastructure for digital signatures and encryption , Prentice Hall, Second Edition, ISBN 0-13-027276-0
- Details on cryptography can be found in: Charlie Kaufman, Radia Perlman and Mike Speciner, Network Security: Private Communication in a Public World, Prentice-Hall.
Other Reading:
- Assigned readings of selected articles from journals and magazines.
- Bruce Schneier, "Secrets & Lies, Digital Security in a Networked World," John Wiley, 2000
- Electronic CIPHER (http://www.ieee-security.org/cipher.html)
- Information Security
Magazine
- The Risks Digest (http://catless.ncl.ac.uk/Risks)
Expected Work:
- Homework assignments 20%
- Class participation 20%
- Research paper 10%
- Project 10%
- Midterm Examination 20%
- Final Examination 20%
Tentative Schedule:
The schedule is subject to change any time. The notes is posted at least one day in advance.
Jan 22
- Introduction to Electronic Commerce and Security
- Class notes
- Chapter 1 from the text
- Basics of Cryprography
- Class notes
- Chapter 3 from the text
- ITPRC.COM The Information Technology Professional's Resource Center
- Security Tutorials Online
- CERT
- Securing Your Business, A White Paper
- Secure Electronic Commerce Links
Jan 29
- Project Overview
- Fundamentals of Security Technologies
- Class notes
- Chapter 3 from text and chapters 2,3 and 5 from reference text 2
- Introduction to Cryptography - 1
- Introduction to Cryptography - 2
- Demonstration for RSA Cryptography using JavaApplet.
- Meet-in-the-middle attack, Double DES
-
AES: The New encryption
standard selected by the US govt
- Article on Elliptic Curve Cryptography
Feb 5
- Provide details of your paper and project either by email or hard copy
- Homework 1 (Due February 26)
- Fundamentals of Security Technologies (continued)
- Chapter 3, and chapters 4,7 and 8 from reference text 2
- Class notes
- Article on Kerberos
- A nice introduction to digital signatures
- Article on Biometrics
Feb 12
- Internet Security
- Class notes
- Chapter 2,5 from the reference text 1
Feb 19
Class is Cancelled
Feb 26
- Internet security (Continued)
- Chapters 5 and 6 from text
- TCP SYN Flooding and IP Spoofing
- Some Introduction on Network Sniffers
- Session hijack script
- Theft On The Web: Prevent Session Hijacking
- Denial of Service Attacks
- You will find more information on the attacks at CERT
- Internet Firewalls: Frequently Asked Questions.
- Packet Filtering Vs Application Level Firewalls
- Certificates, Certification Practices and PKI Chapter 3 and Chapter 6,7,8,9 from reference text 2
- Class notes
- PKIX (X.509)
Mar 5
- X.509 Public Key Infrastructure Certificate and CRL Profile
-
Security Wire Daily
- Information Security Magazine News Archives
- Certificate Validation
- Class notes
- DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE
- Tumbleweed Communications (Valicert)
- Corestreet
- Ascertia
- Open-VA.org
- Online Certificate Status Protocol (RFC 2560)
- Simple Certificate Validation Protocol
- Secure Payment Systems
- Class notes1
- Class notes2 (56 Pages!! Just save as an electrinic copy instead of printing)
- Electronic Money, or E-Money, and Digital Cash, including FAQ
- SET
- A list of on-line payment schemes
Mar 12
- Mid-term Examination
(Topics covered until Mar 5)
Mar 19
- Spring recess: No Class
Mar 26
- Secure Payment Systems (continued)
- Homework 2
(Due April 9)
April 2
- Java Security
- Class notes
- Email Bombs
- Class Notes
- Viruses
- Class Notes
- Reading Assignment: Java Security by Steven Fritzinger and Marianne Mueller, Sun Microsystems, Inc.
- Java Security FAQ
- Java Commerce
- Finjan
- JumpingBeans
Apr 9
- Security Policy and Regulation
- Class Notes
- Chapter 3 from the reference text 2
- World Intellectual Property Organization
- cybersquatting
- Watermarking Technologies
- Class Notes
- References to Watermarking research and technology
- Digimarc
- Verance
- Macrovision
-
An article Terrorists and steganography by By Bruce
Schneier
- Database Security
- Class Notes
Apr 16
- Mobile Commerce Security
- Class Notes
- Reading Assignment: An article
Apr 23
- Paper Presentations and Project Demonstrations
- Reserach papers due
Apr 30
- Schedule for Paper Presentations and Project Demonstrations
- Final Exam (Due on April 30)