Computer &

Network Security

Lecture 0: Introduction
Teachers
 Dr. Donald Donglong Chen
– Office: T3-401-R4
– Email: [email protected]

 Mr. Junhao Huang

– T3 1st floor, Maker Center
– Email: [email protected]

2
 About Me
 Associate Professor @ UIC
 Tencent Technology, Shenzhen
 Huawei Technology, Shenzhen
 City University of Hong Kong, PhD

 Research Interests:
– Software/Hardware co-design for cryptosystems
– Artificial Intelligent applications on embedded system (i.e. CPU,
ARM, RISC-V, FPGA)

3
Evaluation
Evaluation

5%

25% Participation
40%
Assignment
Project
Final examination

30%

4
Assignment
 Individual assignments weekly
– Written Q&A
– Do not collaborate with other students
– The deadline is non-negotiable

 Academic honesty
– Copying and copied assignments will get a ZERO grade

5
Tutorials
 Weekly
 Time: To be discussed
 Venue: informed later

6
Project
 Hands-on project: Develop a secret-key or public-key
cryptosystem by using programming languages.
 Team’s work: 4 students form a team.
 Report: Introduction on the design of your
cryptosystem, optimize methods which used in this
project.
 Demonstration & presentation.
 Details will be announced later.

7
Textbook
 Cryptography and Network Security – Principles
and Practices (7th Ed.)
– William Stallings

8
Why are you taking this class?
 Need credit hours to graduate?
 Would rather listen to a lecture than having
sleep?
 It is an easy course with good grade?

 Security is HOT
 Want to be a hacker?
 Want to be a cyber warrior?
 Want to be a cryptographer?
 Are we at risk?
9
Job Opportunity?

10
Are we at risk?

11
Are we at risk?

12
National Infrastructure

13
National Infrastructure

14
Companies

15
Why COMP4023 ?
 Provides a fruitful classroom for you to
– Understand various threats and attacks

– Identify the preventive techniques for protecting your computer

systems

– Understand the fundamental mathematics and coding

techniques

– Describe current trends in Internet, Cloud, Wi-Fi security,

Credit-card / smart-card safety

– Be well-prepared to take advantage of the existing security

technology

16
The Intended Audience
 Assume you have a certain level of technical
abilities, including some mathematics and
programming skills.
– You want to protect your own data.
– You already heard a little about security, but not
quite sure about what they are.
– You are required to code crypto standards.
– This course will not teach you which firewall or
antivirus software is better …

 Requires patience and dedication. 

17
What security is about in
general?
 Security is about protection of assets
– D. Gollmann, Computer Security, Wiley
 Prevention
– take measures that prevent your assets from
being damaged (or stolen)
 Detection
– take measures so that you can detect when, how,
and by whom an asset has been damaged
 Reaction
– take measures so that you can recover your
assets 18
Real world example
 Prevention
– locks at doors, window bars, secure the walls
around the property, hire a guard
 Detection
– missing items, burglar alarms, closed circuit TV
 Reaction
– attack on burglar (not recommended ), call the
police, replace stolen items, make an insurance
claim

19
Internet shopping example
 Prevention
– encrypt your order and card number, enforce
merchants to do some extra checks, using PIN
even for Internet transactions, don’t send card
number via Internet
 Detection
– an unauthorized transaction appears on your
credit card statement
 Reaction
– complain, dispute, ask for a new card number, sue
(if you can find of course )

20
Information security in past & present
 Traditional Information Security
– keep the cabinets locked
– put them in a secure room
– human guards
– electronic surveillance systems
– in general: physical and administrative
mechanisms
 Modern World
– Data are in computers
– Computers are interconnected

Computer and Network Security

21
Terminology
 Computer Security
– 2 main focuses: Information and Computer itself
– tools and mechanisms to protect data in a computer
(actually an automated information system), even if
the computers/system are connected to a network
– tools and mechanisms to protect the information
system itself (hardware, software, firmware, etc.)
 Against?
– against hackers (intrusion)
– against viruses
– against denial of service attacks
– etc. (all types of malicious behavior)

22
Terminology
 Network and Internet Security
– measures to prevent, detect, and correct security
violations that involve the transmission of
information in a network or interconnected networks

23
A note on security terminology
 No single and consistent terminology in the
literature!
 Be careful not to confuse while reading
papers and books

 See the next slide for some terminology taken

from Stallings and Brown, Computer Security
who took from RFC4949, Internet Security
Glossary

24
Computer
Security
Terminology
RFC 4949, Internet

Security Glossary,

May 2000
Relationships among the security Concepts

26
Skill and knowledge required to
Security Trends
mount an attack

27
 The global average cost of cyber
crime/attacks 2017 Cost
of Cyber
Crime
Study by
Accenture*

Steeper
increasing
trend in the
recent
years

* https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf 28
 Average cost of cyber crime for
2017 Cost
seven countries of Cyber
Crime
Study by
Accenture*
- Germany
has highest
percentage
increase;
- UK, US
are around
the mean in
254 institutions percentage
responded increase

* https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf 29
 A Scattergram of Respondents 2017 Cost
of Cyber
Crime
Study by
Accenture*
- Mean is
US$11.7 M
- High
variance
- 163
institutions
are below
mean (out
of 254)

* https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf 30
 Breakdown by Sector 2017 Cost
of Cyber
Crime
Study by
Accenture*
- Financial
Services
Sector has
the Highest
Cost due to
Cyber
Crime

* https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf 31
 Types of cyber attacks experienced
2017 Cost
of Cyber
Crime
钓 站
Study by
会 程利 点以识盲区不性弱点了根据社会属性诈骗
Accenture*

- Percentage
of the
respondents
experienced
- Ransomware
(敲诈软件)
doubled

* https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf 32
工
鱼
网
用
 Deployment Rate of Security
Technologies 2017 Cost
of Cyber
Crime
Study by
Accenture*

- Percentage
of the
respondents
experienced

* https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf 33
 Annual Return of Investment (RoI)
2017 Cost of Cyber Crime
Study by Accenture*

- More or less in
parallel with
deployment rate
- But AI, Data
Mining based
novel techniques
have higher RoI
- Bad performance
for encryption, but
they are needed

* https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf 34
Why COMP4023 ?
 Provides a fruitful classroom for you to
– Understand various threats and attacks

– Identify the preventive techniques for protecting your computer

systems

– Understand the fundamental mathematics and coding

techniques

– Describe current trends in Internet, Cloud, Wi-Fi security,

Credit-card / smart-card safety

– Be well-prepared to take advantage of the existing security

technology

35
 Coding elements
 Requirement: you are able to code in C / Python / Sage etc.

36
Sagemath – Online Free account
 http://www.sagemath.org/
 SageMath is a free open-source mathematics software system
licensed under the GPL. It builds on top of many existing open-source
packages: NumPy, SciPy, matplotlib, Sympy, Maxima, GAP, FLINT, R
…

37
Sagemath - Introduction

http://doc.sagemath.org/html/en
/tutorial/introduction.html

38
Sagemath – Install it on your
Computer

https://www.sagemath.org/do
wnload.html

39
Sagemath - Introduction

40
Online Sage - CoCalc
https://doc.cocalc.com/getting-started.html

41
Course Structure
 Section 1: Security Fundamental
 Section 2: Classical Cryptography
 Section 3: Number Theory
 Section 4: Secret-key Cryptography
 Section 5: Public-key Cryptography
 Section 6: Hashing Algorithm
 Section 7: MAC & Digital Signature
 Section 8: PKI
 Section 9: TLS/SSL
42