This is the official webpage for 50.020 Security, elective of the ISTD pillar. The tentative schedule for 2017 can be seen here. The old schedules from 2014 and 2016 are archived here (2014) and here (2016).
|Subject Title||50.020 Security|
|Initial Offering||Spring 2016|
|Term Offered||Term 7|
|Elective or Core||Elective|
|Grading Method||Letter grade|
|Maximum Class Size||50|
The security class features a three week group project to design and implement a security challenge for your classmates. The challenges can then be solved by the teams as part of a CTF we are hosting. In 2016, the three top teams were awarded cash prizes sponsored by Citybank.
This course will provide students with a basic appreciation and understanding of the underlying security issues and implications of the use of various networked systems and electronic devices. Topics to be covered include overview of information systems and devices in a global network environment; introduction to cybercrimes and security issues; threats to information systems and devices; concepts for confidentiality, integrity and availability; security solutions and technologies; web security and electronic payment models; encryption algorithms.
- List basic security solutions and models; explain concepts for confidentiality, integrity and availability.
- Apply protocols used for key establishment, network encryption, and authentication to secure a system.
- Classify and describe common attacks and countermeasures for host, network and web security.
- Apply known attacks to vulnerable cryptographic primitives.
- Model, analyze, and apply cryptographic primitives used for encryption, secure hashing, and digital signatures.
- Design security solutions to achieve specific security goals in a system.
- Evaluate the security of existing networked systems.
- Description of the fundamental concepts of security.
- Application of TLS to establish an authenticated secure connection.
- Critical assessment and summary of real-world attacks.
- Demonstration of known security vulnerabilities related to incorrect use of One-time-pads and block ciphers in Electronic-Codebook mode.
- Design and implementation of a scheme for preimage recovery of hashes through brute force and hybrid attacks.
- Application of substitution ciphers, One-time-pads, and AES to preserve the confidentiality of secret data.
- Analysis of potential attacks on schemes for secure authentication and digital signatures.
- Development of security requirements for a networked system.
- Design and analysis of a secure system using common security technologies.
- Practical security assessment of a provided networked system.
50.012 Networks. If you do not meet this pre-requisite and are interested in this course, please contact me to discuss.
The exercises for this class will be mostly based on Python. Our lab will provide a live Linux environment to perform experiments and exercises. No prior experience with Linux is required.