During the class:

Course overview.

Before the class:

1. Connect to the course on Canvas.
2. Learn about academic integrity by studying UBC’s Policy on Academic Misconduct and information resources provided at  “Understand Academic Integrity“. 
3. Study the course syllabus.
4. Study and prepare to be quizzed on buffer overflow:
   1. Vulnerability and Exploits (watch from 25:45 to the end)
   2. Countermeasures (watch from 25:43 to 43:48)

Learning objectives:

1. Academic Integrity
2. Buffer Overflow

During the class:

1. Course overview.
2. Quiz on the knowledge of the course syllabus and academic integrity.

No Lab session

Topic: Buffer Overflow

Before the class:

1. Make sure you can connect to the course on Canvas to be able to take the Entrance Quiz during the class.
2. Study and prepare to be quizzed on buffer overflow:
   1. Vulnerability and Exploits (watch from 25:45 to the end)
   2. Countermeasures (watch from 25:43 to 43:48)
3. Study and prepare to be quizzed on the Basics of the Economics of Cybersecurity (42m)
   1. 1. Study A brief history (8m).
      2. Study Introduction to economics (10m).
      3. Study The economics of information goods (13m).
      4. Study Security from an economic perspective (11m),
4. Optionally, read a detailed analysis of a buffer overflow vulnerability in an earlier version of WhatsApp.

Learning Objectives:

1. Buffer Overflow
2. Economic,  Organizational, and Political Aspects of Cybersecurity

During the class:

1. Entrance Quiz on Buffer Overflow and Basics of the Economics of Cybersecurity
2. Presentations of term projects from previous cohorts.

After the class:

12:45–1:45 PM:
Instructor’s In-person (KAIS 4047) and Zoom  Office Hours.

16

Topic: Introduction to Cybersecurity

Before the class:

1. Study sections 1.1-1.6 & 1.8 of Chapter 1 from Computer Security and the Internet: Tools and Jewels [CSI-TJ].

Learning Objectives: Introduction to Cybersecurity

Attention: this class is held on Zoom due to weather conditions.

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

Lab session:

1. In-class assignment on Introduction to Cybersecurity,
2. Overview of home assignment 1.

Topic: Principles of Designing Secure Systems 

Before the class:

1. Study section 1.7 of Section 1.7 from Computer Security and the Internet: Tools and Jewels [CSI-TJ].

Learning Objectives: Design Principles

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:

12:45–1:45 PM:
Instructor’s In-person (KAIS 4047) and Zoom  Office Hours.

Topic: Introduction to Cryptography

Before the class:

1. Study Cryptography 101: Goals, Basics, Substitution Ciphers
2. Study all micro-modules of ancient cryptography and  Ciphers modules.
3. Study Stamp Sections 2.1–2.3, 2.6, 2.7. Feel free to supplement the reading with Stamp video lectures on on the corresponding sections.
4. Study Vigenere cipher by reading Anderson Section 5.2.1.
5. Get clear understanding of confusion and diffusion properties of ciphers by studying this short explanation.
6. Optionally, read about the History of Classic Crypto (Stamp 2.4).

Learning Objectives: Introduction to Cryptography

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Due: Assignment 1: Risk Analysis. See  Canvas for submission instructions and deadline details.

Lab session:

1. In-class assignment on cryptography,
2. Overview of home assignment 2

Topic: Hash Functions

Before class:

1. Study Modern Crypto History: Read Stamp 2.5 on the history of modern crypto.
2. Study Taxonomy of Cryptography (Stamp 2.6) and Taxonomy of Cryptanalysis (Stamp 2.7).
3. Study Non-cryptographic Hash Functions Stamp Section 5.5.
4. Study Random Oracle model and its version for hash functions:
   1. Anderson: Section 5.3 (introduction & 5.3.1).
   2. Slides 2 & 3 on hash functions  in Random Oracle in Pictures.
5. Study properties of hash functions: Stamp: Sections 5.1 & 5.2. Feel free to supplement the reading with a video of Stamp’s lecture on Hash Function properties.
6. Study Cryptographic hash functions: video Lecture 1.1 (first 21 minutes) of this video material on Cryptocurrencies.

Learning Objectives: Hash Functions

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.
3. Presentation of “YouShallNotPass!”, a design project from 2022 cohort.

After the class:

12:45–1:45 PM:
Instructor’s In-person (KAIS 4047) and Zoom  Office Hours.

Topic: Modern Stream and Block Ciphers

Before the class:
(most videos are short)

1. Optionally, view this gentle introduction into stream ciphers, videos 1, 2, 3,
2. Study Random Oracle model and its version for stream and block ciphers:
   1. Anderson: Sections 5.3.2 (first 2 paragraphs) and 5.3.3 (first 3 paragraphs).
   2. Slides 4 & 6 in Random Oracle in Pictures.
3. Study Stamp Sections 3.1 and introductory text in 3.2 (but not 3.2.1 or 3.2.2). Feel free to supplement the reading with Stamp video lectures: parts 1& 2 from Chapter 3.
4. Study random number generators:  video 1, and Stamp’s lecture on Random Numbers in Cryptography.
5. Study required properties of block ciphers (5m).
6. Study AES:
   1. Stamp Section 3.3.4, feel free to compliment it with viewing Stamp’s lecture on AES.
   2. AES animation demo (enjoy the soundtrack).
   3. Videos 1, 2, 5, 11, 12, 13 on the mechanics of AES.
7. Bonus material: Study A5/1 cipher
   1. Pages 7-10 of the slides.
   2. Video animation of A5/1.
8. Optionally, watch the rest of the video lectures on AES (3, 4, 6, 7, 8, 9, 10, 14, 15) from applied crypto playlist.

Learning Objectives: Modern Stream and Block Ciphers

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Optional Lab session:

Bring your term project ideas to present and discuss with others and with the TA.

Topic: Modes of Operation for Block Ciphers

Before the class:

1. Study Stamp Section 3.3.6. (Feel free to supplement the reading with Stamp video lectures: parts 8 & 9 of Chapter 3.)
2. Study conventional modes of operations for block ciphers:
   1. ECB, CBC, and CTR, and optionally: CFB.
3. Study Integrity with MAC: Stamp Section 3.4.
4. Study advanced modes of operation: CCM (minutes 36-42 of the video) and GCM.

Learning Objectives: Modes of Operation for Block Ciphers

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.
3. Presentation of “PassGate”, a design project from 2022 cohort.

After the class:

12:45–1:45 PM:
Instructor’s In-person (KAIS 4047) and Zoom  Office Hours.

Topic: Review of the modules on Hash Functions, Stream and Block Ciphers, and Modes of Operation for Block Ciphers

Before the class:

Review your notes from studying the above three modules. If necessary revisit the study material for those modules.

Learning Objectives: Hash Functions, Stream and Block Ciphers, and Modes of Operation for Block Ciphers

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Due: Assignment 2: Cryptanalysis. See Canvas for submission instructions and deadline details.

Optional Lab session:

Bring your term project ideas to present and discuss with others and with the TA.

Topic: Public Key Cryptography 

Before the class:

1. View an introduction to Diffie-Hellman (DH) key establishment scheme with this very affordable video.
2. Study version of Random Oracle model for public key encryption: Anderson: Section 5.3.4.
3. Study Stamp Chapter 4, all sections except 4.3.2, 4.3.3, 4.5, 4.9 (which are optional), and 4.11. Feel free to supplement the reading with Stamp video lectures on Chapter 4.

Learning Objectives: Public Key Cryptography

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:

12:45–1:45 PM:
Instructor’s In-person (KAIS 4047) and Zoom  Office Hours.

In the class:

Term project proposals presentations

After the class:

Due: Term Project Proposal. See Canvas for submission instructions and deadline details.

Lab session

Review of sample  questions for midterm exam.

No classes. Midterm break.

No classes. Midterm break.

No classes. Midterm break.

No classes. Midterm break.

No lab. Midterm break.

During the class:
Mid-term exam
The exam is on all the material studied until the exam.

After the class:

12:45–1:45 PM:
Instructor’s In-person (KAIS 4047) and Zoom  Office Hours.

Topic: Simplified Authentication and Key Establishment Protocols

Before the class:

1. Study Stamp Chapter 9  (except for Sections 9.5, 9.8). Feel free to supplement the reading with Stamp video lectures on Chapter 9.
2. Bonus Material: Stamp Section 9.5 on Zero Knowledge Proofs.

Learning Objectives: Simplified Authentication and Key Establishment Protocols

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Lab session:

1. In-class  part  (on coin mining) of Assignment  3.
2. Overview of home part (Secure VPN) of Assignment 3.

Topics: Designing and Building (More) Secure Software

Before the class:

1. Study the following parts of Software Security Lecture 4:
   1. Security Requirements and Abuse Cases (26m46s-30m14s).
   2. Design Flaws (30m20s-32m46s).
   3. Top Design Flaws (1h07m18s-1h16m30s).
   4. VSFTPD case study (1h16m30s-1h27m45s).
2. Bonus Material: study Web (in)Security.

Learning Objectives: Designing and Building (More) Secure Software

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:

3:00–3:45 PM:
Instructor’s Zoom-only Office Hours.

Topic: Real World Security Protocols

Before the class:

1. Study Stamp Sections 10.1-10.3, 10.5 – 10.8. You can compliment your reading with Stamp video lectures on Chapter 10.
2. Study WEP vs. WPA explanation.
3. Optionally, study an explanation of the differences between SSL (aka TLS 1.2) and TLS 1.3 (18 minutes).

Learning Objectives: Real World Security Protocols

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.
3. Midterm anonymous feedback for the teaching staff.

No Lab session

Topic: Case Study: Bitcoin (Part 1)

Before the class:

1. Study 1. Introduction to Bitcoin and Blockchain Cryptography (from 20th minute of the video to the end) (38 minutes).
2. Study 2. How Bitcoin Achieves Decentralization (1h14m).

Learning Objectives: Case Study: Bitcoin

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:

12:45–1:45 PM:
Instructor’s In-person (KAIS 4047) and Zoom  Office Hours.

Topic: Economic,  Organizational, and Political Aspects of Cybersecurity

Before the class:

Study the following video lectures on the economics of cybersecurity:

Part 2: Security Metrics (39m)

1. Study What to measure? (9m).
2. Study Measuring security levels (9m).
3. Study Metrics in practice (9m).
4. Study Metrics from incident data (12m).

Part 3: Security Investment and Risk Management (47m)

1. Study Information security strategy (11m).
2. Study Information security investment (10m).
3. Study Risk management (13m).
4. Study Operational security management (13m).

Learning Objectives: Economic,  Organizational, and Political Aspects of Cybersecurity

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Due: Assignment 3: Secure VPN. See Canvas for submission instructions and deadline details.

Online Lab session

1. In-class part (Topic TBD) of  Assignment  4,
2. Overview of home part (Topic TBD) of  Assignment 4.
3. Introduction of (bonus) coin mining contest.5 PM:
   coin-mining contest starts

Topic: Economic,  Organizational, and Political Aspects of Cybersecurity

Before the class:

Study video lectures on the economics of cybersecurity (continued):

Part 4: Market Failures (43m)

1. Study Market failures (12m).
2. Study Policy interventions (13m).
3. Study Case study 1: Information sharing in incident response (8m).
4. Study Case study 2: payment card security (10m).

Part 5: Behavioural research into security & Policy Implications (38m)

1. Study Prospect Theory (10m).
2. Study Heuristics and social persuasion (16m),
3. Study Behavioural economics of privacy (12m).
4. Optionally: Consumer behaviour and deception,
5. Optionally: Security economics and policy.

Learning Objectives: Economic,  Organizational, and Political Aspects of Cybersecurity

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:

12:45–1:45 PM:
Instructor’s In-person (KAIS 4047) and Zoom  Office Hours.

Topic: Authentication of Humans to Computers

Before the class:

1. Study all sections of Stamp Chapter 6 “Authentication” (Feel free to compliment your reading with Stamp video lectures on the chapter).
2. Study “After-action report – learning from the mistakes we’ve made with passwords” by Dr. Cormac Herley (1h13m).
3. Study 5 –Usable Authentication (49m).

Learning Objectives: Authentication of Humans to Computers

During the class: 

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Lab session (UPS):

1. In class assignment  5 on UPS.
2. Overview of home part of assignment 5 on UPS.

Topic: Usable Privacy and Security (UPS) (Part 1)

Before the class:

1. Study 1 — Introduction (56m).
2. Optionally, watch 2 — Design.
3. Study 3 — Evaluating usable security design (1h13m).
4. Study Neilsen’s Usability Heuristics.

Learning Objectives: Usable Privacy and Security

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:

12:45–1:45 PM:
Instructor’s In-person (KAIS 4047) and Zoom  Office Hours.

Topic: Usable Privacy and Security (UPS) (Part 2)

Before the class:

1. Study 4 — Guidelines for Secure Interaction Design (58m).
2. Optionally: Read Section 3 (“Design Principles”) of User Interaction Design for Secure Systems by Ka-Ping Yee.

Learning Objectives: Usable Privacy and Security

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Due: Assignment 4 Market Failures.
See Canvas for submission instructions and deadline details.

No classes. UBC Closed.

No classes. University closed.

Deadline for submitting pre-final drafts of term project reports.

Topic: Case Study: Bitcoin (Part 2)

Before the class:

1. Study 3. Mechanics of Bitcoin (1h20m).
2. Study 4. How to Store and Use Bitcoins (Section 4.7 “Currency Exchange Markets” is optional) (1h05m).

Learning Objectives: Case Study: Bitcoin

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:

9PM:
coin-mining contest ends

Due: Assignment 5: UPS.
See Canvas for submission instructions and deadline details.

No Lab session

Topic: Case Study: Bitcoin (Part 3)

Before the class:

1. Study 6. Bitcoin and Anonymity (all parts except for 6.5 “Zerocoin & Zerocash” ) (1h20m).
2. Optionally, watch 7. Bitcoin Community, Politics, and Regulation.
3. Optionally, watch 10. Altcoins and the Cryptocurrency Ecosystem (1h5m).
4. Optionally: watch 5. Bitcoin Mining

Learning Objectives: Case Study: Bitcoin

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:

12:45–2:00 PM:
Instructor’s  Zoom Office Hours.

Term Project Video ClipsTerm Project Video Clips Due
(See Canvas for time and submission instructions).

During the class:

1. Guest talk by Andria Selinger, Cyberium.
2. Where to go from here.
3. Mini-conference, term project reports, and final exam Q&A.
4. Course anonymous feedback survey.

2-5:45 PM
Course mini-conference with term project presentations. 

Location: MCLD 3038

Term Project Report Final Version Due (See Canvas for time and submission instructions).

12:45–2:00 PM:
Instructor’s  Zoom Office Hours.

12:45–2:00 PM:
Instructor’s  Zoom Office Hours.

12-2:30 PM Final Exam