CS 281 INTRODUCTION TO CRYPTOGRAPHY AND COMPUTER SECURITY

IES Abroad Madrid

DESCRIPTION:
Fundamental introduction to the broad area of computer security. Topics will include fundamentals of cryptography, network
security, operating system security, and common vulnerabilities in computer systems.

CREDITS: 4 credits

CONTACT HOURS: 60 hours

LANGUAGE OF INSTRUCTION: English

INSTRUCTOR: Anas Abbood Email: [email protected]

PREREQUISITES: Data structures, Programming principles, and Computer Ethics/Philosophy (recommended)

ADDITIONAL COST: None

METHOD OF PRESENTATION:
This course will be presented in modules; each module discusses a topic in computer security. Lectures, labs, assignments, in-
class activities will be used as teaching and learning tools.

REQUIRED WORK AND FORM OF ASSESSMENT:

 Final exam- 30%
 Midterm exam - 20%
 Quizzes & In-Class Activities - 20%
 Assignments - 20%
 Attendance and Participation - 10%

All class activities and quizzes must be submitted during the class session. Late submissions will receive a grade of zero.
Assignments must be submitted before the specified deadline. Late submissions will incur the following penalties:
o 10% penalty for submissions within 24 hours of the deadline.
o 20% penalty for submissions within 48 hours of the deadline.
o 30% penalty for submissions within 72 hours of the deadline.
o Assignments submitted more than 3 days after the deadline will receive a grade of zero.

Key Dates:

Midterm Exam: Thu. 23 Oct.

Final Exam: Thu. 11 Dec.
Course Element
1. Introduction to Security Concepts:
o Overview of course rules, evaluation methods, and basic security concepts.
2. Threat Models:
o Challenges in security, including policy, threat models, and mechanisms.
3. Encryption Systems:
o Symmetric Key Encryption: Study of classic encryption systems.
o Asymmetric Key Encryption: Exploration of public and private key encryption methods.
o Post-Quantum Encryption Methods: Analysis of the vulnerabilities in current encryption algorithms and an
introduction to quantum-resistant cryptographic techniques.
4. Linux for Computer Security:
o Introduction to Linux commands and their applications in security.
5. Buffer Overflow Attacks:
o Understanding device structure, CPU, RAM, stack, and how to exploit buffer overflow vulnerabilities.
6. Web Vulnerabilities & Security:
o Exploration of web design vulnerabilities, ethical hacking, and penetration testing.
7. Network Security:
o Detailed study of network layers, associated vulnerabilities, and security protocols.
8. Proxy & VPN:
o Understanding the functionality and differences between proxies and VPNs.
9. Machine Learning and AI for Network Security
o An overview of recent advancements in research methods and algorithms within the field.

LEARNING OUTCOMES:
By the end of the course, students will be able to:
1. Describe detailed features of fundamental computer security concepts.
2. Describe network security designs which are commonly used in organizations.
3. Be familiar with fundamentals of cryptography, including private and public key cryptography.
4. Have knowledge with the network security threats and countermeasures, including common attacks and defensive
strategies.
5. Understand security within and Software-Defined Networking (SDN), including common attacks and defensive
strategies.
6. Recognize common vulnerabilities on various operating systems, web applications and can compare and contrast
various features provided on popular operating systems.
7. Explain common vulnerabilities in programs, such as buffer overflows and lack of input sanitization.

ATTENDANCE POLICY:
As a member of our class community, you are expected to be present and on time every day. Attending class has an impact
on your learning and academic success. For this reason, attendance is mandatory for all IES Madrid classes, including
course-related excursions. Absences will only be excused in cases of documented medical or family emergencies. You are
allowed a maximum of one unexcused absence for once-a-week courses and two unexcused absences for twice-a-week
courses. Each additional unexcused absence will result in a deduction of 3 percentage points from your final grade and/or
disciplinary action. Accumulating 7 or more unexcused absences in twice-a-week courses, or 4 or more in once-a-week
courses, may result in a failing grade for the course.
Late or missed submission of assessed work: any assessed work, including exams, tests, and presentations, will be
rescheduled only if the absence is justified; otherwise, it will be graded as zero.
Punctuality is critical: three instances of being over 10 minutes late will be counted as one absence and being more than 15
minutes late will also count as one absence.
For more information, please refer to the full Attendance and Punctuality Policy document.
 CONTENT:

Session Content Assignments

Reading assignment:
Class Intro and Intro to Security Concepts
Session1  vulnerabilities &
 To introduce course rules syllabus evaluation methods, the
 essay: Ransomware protection: How
aim of this course and security concepts.
to keep your data safe in 2023 )

Threat Models
 Why is security hard?
Session2
 Problems with security policy & solutions Reading: Threat Modeling
 Problems with treat model (assumptions) & solutions.
 Problems with the mechanism (bugs) and & solutions.

Encryption System- I Assignement1: implementing classic encryption

Session3
 This module we will study the classic encryption systems (19 Sep)
and symmetric key encryption methods and applications.

Session5 Encryption System- I Class activity

 Cryptanalysis of symmetric key encryption.
Assignment- Cryptanalysis (26 sep)

Encryption System- II
Session6
 Asymmetric key encryption will be covered in this
module.

Session7 Encryption System- II Assignment (2)- DES encryption Algorithm

 Hands-on DES

Session8 Encryption System- II

 RSA encryption

Post Quantum Computing Cryptography Reading /presentation

Session9
 The Post-Quantum Threat Assigning Midterm Project
 Evaluation of Encryption Algorithms in the Context
of Post-Quantum Cryptography

Session10 Introduction to Linux I Lab1- introduction to Linux commands (17 Oct)

 Hands-on Linux command

Session11 Introduction to Linux II Lab2- Linux for computer security. (24 Oct)
 Kali Linux for Penetration test

Session12 Buffer Overflow attack Lab3- understands the RAM, Stack, Register and
 Background on devise structure how to read the content. (31 Oct)
 CPU, Registers, RAM, and stack.
 How to use tools to read registers, RAM and stack
content.

Session13 Buffer Overflow Exploits and Defense

 How to use tools to read registers, RAM and
stack content.
 Session Content Assignments

Session14 Web Vulnerabilities & Security

 Web design and structure.
 Threat and vulnerabilities on web app structure.

Session15 Web Vulnerabilities & Security Lab6- Practicing penetration test (XSS-
 Use ethical hacking references and tools to implement XXS Attacks). (7 Nov)
attack and penetration test.

Session17 Network Security-I Lab7- Hands-on Client-Server

 Introduction to network structure communication, Implementing DoS attack,
 Network protocols and vulnerabilities and mitigation. (14 Nov)

Session18 Network Security-II Lab8 Testing network connection, using

 Hands-on Network testing, and information gathering sniffing tools (e.g., Linux Commands,
Wireshark ). (21 Nov)

Session19 Network Security-III

 Hands-on advanced information gathering tools, and how
use gathered information for hacking.

Session20 Network Security-IV Assignment6- Information gathering

 Social engineering attacks- Spoof email advanced tools, and spoofing attack. (28 Nov)

Proxy & VPN

Session21
 Understand how each of them works.
 To know the differences between them.

Session 22 Machine Learning and AI for network security

 Review the current methods and Algorithms Lab9: Hands-on Detection & Mitigation (Final
Project - 11 Dec)

Session 23
Reading and Presentation

Session20
Reading and Presentation
COURSE-RELATED TRIPS:
 None

REQUIRED READINGS:
 Course lecture notes.

REQUIRED TOOLS AND TECHNOLOGY:

 Virtual Machine: There are several free virtual machine options available. Feel free to choose the one that best
fits your computer's specifications. For example, you may consider using VirtualBox.
 Kali Linux Image: Select a Kali Linux image that is compatible with the virtual machine you have chosen.

Please, be aware that it's impossible for the teachers to provide technical support for the installation in your own
computer of the required tools or other related issues

RECOMMENDED READINGS:
 Kali Linux Penetration Testing – Bible. 1st edition by Gus Khawaja (Author)
 Hands-On Penetration Testing with Kali NetHunter

INSTRUCTOR BIOGRAPHY:

Name: Anas Abbood

Languages: English, Arabic

● Dr Anas Abbood holds a PhD in Computer Science from University Putra Malaysia/ Faculty of Computer Science and
Information Technology an MSC Computer Science and Data Security / University of Technology, IRAQ, a High Diploma in
Computer Science and Data Security/ National Computer Center/ Baghdad, Iraq, and a BSC Operation Research / Mansour
University College / Baghdad form IRAQ. She has numerous research papers published in prestigious international journals.
Her research interests are Human-Computer interaction, Vision and Visualization, Computer Integrated System in Health,
Geometric Modeling and Augmented Reality.
● She has more than 20 years’ experience as teacher and developer. Currently works as professor at Instituto de Empresaand
(IE university) and Saint Louis University (SLU) in Madrid