UBC-wide orientation.
No classes.

Before the class:

1. Connect to the course on Canvas.
2. Sign up for Piazza site of the course to receive course announcements.
3. Learn about academic integrity by studying UBC’s Policy on Academic Misconduct and information resources provided at  “Understand Academic Integrity“. 
4. Study the course syllabus.

Learning objectives:

1. Academic Integrity

During the class:

1. Course overview.
2. Quiz on the knowledge of the course syllabus and academic integrity.

1:15–2:30 PM:
Instructor’s In-person (KAIS 4047) and Zoom  Office Hours.

3-5 PM: Lab session

Topics:
1) Intro to lab sessions,
2) Overview of buffer overflow

13

Topic: Buffer Overflow

Before the class:

1. Make sure you can connect to the course on Canvas to be able to take the Entrance Quiz during the class.
2. Study and prepare to be quizzed on buffer overflow:
   1. Vulnerability and Exploits (watch from 25:45 to the end)
   2. Countermeasures (watch from 25:43 to 43:48)
3. Study and prepare to be quizzed on the Basics of the Economics of Cybersecurity (42m)
   1. 1. Study A brief history (8m).
      2. Study Introduction to economics (10m).
      3. Study The economics of information goods (13m).
      4. Study Security from an economic perspective (11m),
4. Optionally, read a detailed analysis of a buffer overflow vulnerability in an earlier version of WhatsApp.

Learning Objectives:

1. Buffer Overflow
2. Economic,  Organizational, and Political Aspects of Cybersecurity

During the class:

1. Entrance Quiz on Buffer Overflow and Math Essentials
2. Presentations of term projects from previous cohorts.

Topic: Introduction to Cybersecurity

Before the class:

1. Study sections 1.1-1.6 & 1.8 of Chapter 1 from Computer Security and the Internet: Tools and Jewels [CSI-TJ].

Learning Objectives: Introduction to Cybersecurity

During the class:

1. Discussion of the material studied for this class.
2. Quiz on the study material for the class.

UBC Closed.

No  classes or office hours.

Topic: Principles of Designing Secure Systems 

Before the class:

1. Study section 1.7 of Section 1.7 from Computer Security and the Internet: Tools and Jewels [CSI-TJ].

Learning Objectives: Design Principles

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

Due: Assignment 1: Risk Analysis. See  Canvas for submission instructions and deadline details.

Topic: Introduction to Cryptography (part I)

Before the class:

1. Study Cryptography 101: Goals, Basics, Substitution Ciphers
2. Study all micro-modules of ancient cryptography and  Ciphers modules.
3. Study Stamp Sections 2.1–2.3, 2.6, 2.7. Feel free to supplement the reading with Stamp video lectures on on the corresponding sections.
4. Optionally, read Stamp 2.4, 2.5.

Learning Objectives: Introduction to Cryptography (part I)

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

12:45–2:00 PM:
Instructor’s  Zoom  Office Hours.

3-5 PM: Lab session

Topics:
1) In-class assignment on cryptography,
2) Overview of home assignment 2

Topic: Introduction to Cryptography (part II)

Before class:

1. Get clear understanding of confusion and diffusion properties of ciphers by studying this short explanation.
2. Study Modern Crypto History: Stamp 2.5. Feel free to supplement the reading with Stamp video lectures on on the corresponding sections.
3. Study Random Oracle model and its versions for hash functions, block ciphers, and stream ciphers:
   1. Anderson: Section 5.3 (introduction, 5.3.1, 5.3.2, 5.3.3).
   2. Random Oracle in Pictures.
4. Study properties of hash functions: Stamp: Sections 5.1 & 5.2. Feel free to supplement the reading with a video of Stamp’s lecture on Hash Function properties.
5. Bonus Material: study Birthday Paradox and Birthday Attack. Stamp Sections 5.3, 5.4.
6. Bonus Material: Study Vigenere cipher by reading Anderson Section 5.2.1.

Learning Objectives:

1. Introduction to Cryptography (part II)

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Topic: Stream and Block Ciphers Under the Hood

Before the class:
(most videos are short)

1. Optionally, view this gentle introduction into stream ciphers, videos 1, 2, 3,
2. Study Stamp Sections 3.1 and introductory text in 3.2 (but not 3.2.1 or 3.2.2). Feel free to supplement the reading with Stamp video lectures: parts 1& 2 from Chapter 3.
3. Study random number generators:  video 1, and Stamp’s lecture on Random Numbers in Cryptography.
4. Study required properties of block ciphers (5m).
5. Study AES:
   1. Stamp Section 3.3.4, feel free to compliment it with viewing Stamp’s lecture on AES.
   2. AES animation demo (enjoy the soundtrack).
   3. Videos 1, 2, 5, 11, 12, 13 on the mechanics of AES.
6. Bonus material: Study A5/1 cipher
   1. Pages 7-10 of the slides.
   2. Video animation of A5/1.
7. Optionally, watch the rest of the video lectures on AES (3, 4, 6, 7, 8, 9, 10, 14, 15) from applied crypto playlist.

Learning Objectives: Stream and Block Ciphers Under the Hood

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.
3. Presentation of a previous year term project.

Truth and Reconciliation Day

No Classes

1:15–2:30 PM:
Instructor’s In-person (KAIS 4047) and Zoom  Office Hours.

3-5 PM: Lab session

Topics:
1) Team presentations of project ideas and possible methodology designs

4

Topic: Modes of Operation and Hash Functions

Before the class:

1. Modes of operation for block ciphers
   1. Study Stamp Section 3.3.6. (Feel free to supplement the reading with Stamp video lectures: parts 8 & 9 of Chapter 3.)
   2. Study modes of operations for block ciphers: ECB, CBC, and CTR, and optionally: CFB.
   3. MAC: Stamp Section 3.4.
2. Hash functions:
   1. Study Non-cryptographic Hash Functions Stamp Section 5.5.
   2. Study Cryptographic hash functions: video Lecture 1.1 (first 21 minutes) of this video material on Cryptocurrencies.
   3. Optionally, watch HMAC video (from 6m12s to the end) and read Stamp Section 5.7.

Learning Objectives: Modes of Operation and Hash Functions

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

Due: Assignment 2: Cryptanalysis. See Canvas for submission instructions and deadline details.

Topic: Asymmetric Ciphers 

Before the class:

1. Study Stamp Chapter 4, all sections except 4.3.2, 4.3.3, 4.5. (which are optional). Feel free to supplement the reading with Stamp video lectures on Chapter 4.

Learning Objectives: Public Key Cryptography

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

9:00–10:00 AM:
Instructor’s  Zoom  Office Hours.

Thanksgiving Day. University closed.

No Classes, lab sessions, or Office Hours

In the class:

Term project proposals presentations

Last day to obtain authorization for third-party system security analysis from the UBC IT Security.

Due: Term Project Proposal. See Canvas for submission instructions and deadline details.

Topic: Authentication and Key Establishment Over Insecure Networks

Before the class:

1. Review DH protocol with this very affordable videos.
2. Study Stamp Sections 9.1-9.4, 9.6, 9.7. Feel free to supplement the reading with Stamp video lectures on Chapter 9.

Learning Objectives: Simplified Authentication and Key Establishment Protocols

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

12:45–2:00 PM:
Instructor’s  Zoom Office Hours.

3-5 PM: Lab session

Topics:
1) Review of sample  questions for midterm exam.

Topic: Authentication and Key Establishment Over Insecure Networks

Before the class:

1. Review problems and questions discussed in the previous class.

Learning Objectives: Simplified Authentication and Key Establishment Protocols

During the class:

1. Quiz on the study material for the class.
2. Guest lecture.
3. Continue discussing the material studied for the previous class.

Mid-term exam

The exam is on all the material studied until the exam.

12:45–2:00 PM:
Instructor’s  Zoom Office Hours.

3-5 PM: Lab session

Topics:
1) In-class assignment on hashing in real-world systems,
2) Overview of home assignment 3

Topic: Real World Security Protocols

Before the class:

1. Study Stamp Sections 10.1-10.3, 10.5-10.8. You can compliment your reading with Stamp video lectures on Chapter 10.
2. Optionally, watch WEP vs. WPA explanation.

Learning Objectives: Real World Security Protocols

During the class:

1. Quiz on the study material for the class.
2. Midterm anonymous feedback for the teaching staff.
3. Discussion of the material studied for this class.

27

Topic: Authentication of Humans to Computers

Before the class:

1. Study all sections of Stamp Chapter 6 “Authentication“ (Feel free to compliment your reading with Stamp video lectures on Chapter 7).
2. Study “Passwords — A Guide to the Ruins and Lessons for Improvement” by Dr. Cormac Herley (length: 1h25m).

Learning Objectives: Authentication of Humans to Computers

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

9:00–10:45 AM:
Instructor’s  Zoom Office Hours.

3-5 PM: Lab session

Topics:
1) Team presentations of progress on final projects

Topics: Designing and Building (More) Secure Software

Before the class:

1. Study the following parts of Software Security Lecture 4:
   1. Security Requirements and Abuse Cases (26m46s-30m14s).
   2. Design Flaws (30m20s-32m46s).
   3. Top Design Flaws (1h07m18s-1h16m30s).
   4. VSFTPD case study (1h16m30s-1h27m45s).
2. Bonus Material: study Web (in)Security.

Learning Objectives: Designing and Building (More) Secure Software

During the class:

1. Quiz on the study material for the class.
2. Guest lecture.
3. Discussion of the material studied for this class.

Due: Assignment 3: VPN. See Canvas for submission instructions and deadline details.

Topic: Economic,  Organizational, and Political Aspects of Cybersecurity

Before the class:

Optionally refresh your memory of Part 1 (the same as for the Entrance Quiz): Basics (42m)

1. Study A brief history (8m).
2. Study Introduction to economics (10m).
3. Study The economics of information goods (13m).
4. Study Security from an economic perspective (11m).

Study the following video lectures on the economics of cybersecurity:

Part 2: Security Metrics (39m)

1. Study What to measure? (9m).
2. Study Measuring security levels (9m).
3. Study Metrics in practice (9m).
4. Study Metrics from incident data (12m).

Bonus Material:
Part 3: Security Investment and Risk Management (47m)

1. (Bonus) Study Information security strategy (11m).
2. (Bonus) Study Information security investment (10m).
3. (Bonus) Study Risk management (13m).
4. (Bonus) Study Operational security management (13m).

Learning Objectives: Economic,  Organizational, and Political Aspects of Cybersecurity

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

Due: Term Project Pre-final Report (optional for Design and Implementation project teams). See Canvas for submission instructions and deadline details.

12:45–2:00 PM:
Instructor’s  Zoom Office Hours.

3-5 PM: Lab session

Topics:
1) In-class assignment on reverse engineering,
2) Overview of home assignment 4

Topic: Economic,  Organizational, and Political Aspects of Cybersecurity

Before the class:

Study video lectures on the economics of cybersecurity (continued):

Part 4: Market Failures (43m)

1. Study Market failures (12m).
2. Study Policy interventions (13m).
3. Study Case study 1: Information sharing in incident response (8m).
4. Study Case study 2: payment card security (10m).

Part 5: Behavioural research into security & Policy Implications (38m)

1. Study Prospect Theory (10m).
2. Study Heuristics and social persuasion (16m),
3. Study Behavioural economics of privacy (12m).
4. Optionally: Consumer behaviour and deception,
5. Optionally: Security economics and policy.

Learning Objectives: Economic,  Organizational, and Political Aspects of Cybersecurity

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

Midterm Break, No Classes

Midterm Break, No Classes

Midterm Break, No Classes

Remembrance Day, UBC closed.

No instructor’s office hours.

3-5 PM: Lab session

Topics:
1) Intro to coin mining contest,
2) Team presentations of preliminary findings of final projects

5 PM:
coin-mining contest starts

Topic: Usable Privacy and Security

Before the class:

1. Study 1 — Introduction (56m).
2. Optionally, watch 2 — Design.
3. Study 3 — Evaluating usable security design (1h13m).
4. Study Neilsen’s Usability Heuristics.

Learning Objectives: Usable Privacy and Security

During the class: 

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

5:15–6:30 PM:
Instructor’s  Zoom Office Hours.

Due: Assignment 4: Reverse Engineering. See Canvas for submission instructions and deadline details.

Topic: Usable Privacy and Security

Before the class:

1. Study 4 — Guidelines for Secure Interaction Design (58m).
2. Study 5 –Usable Authentication (49m)
3. Optionally: Read Section 3 (“Design Principles”) of User Interaction Design for Secure Systems by Ka-Ping Yee.

Learning Objectives: Usable Privacy and Security

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

12:45–2:00 PM:
Instructor’s  Zoom Office Hours.

3-5 PM: Lab session

Topics:
1) in class assignment on usable privacy and security

Topic: Case Study: Bitcoin

Before the class:

1. Study 1. Introduction to Bitcoin and Blockchain Cryptography (from 20th minute of the video to the end).
2. Study 2. How Bitcoin Achieves Decentralization (1h14m).

Learning Objectives: Case Study: Bitcoin

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

Topic: Case Study: Bitcoin

Before the class:

1. Study 3. Mechanics of Bitcoin (1h20m).

Learning Objectives: Case Study: Bitcoin

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

12:45–2:00 PM:
Instructor’s  Zoom Office Hours.

3-5 PM: Lab session

Topics:
1) Teams presentations of progress report on the term projects

Topic: Case Study: Bitcoin

Before the class:

1. Study 4. How to Store and Use Bitcoins (1h22m).
2. Bonus Material: study 5. Bitcoin Mining

Learning Objectives: Case Study: Bitcoin

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.

Due: Assignment 5: Usable Privacy and Security. See Canvas for submission instructions and deadline details.

9PM:
coin-mining contest ends

Topic: Case Study: Bitcoin

Before the class:

1. Study 6. Bitcoin and Anonymity (1h52m).
2. Optionally, watch 7. Bitcoin Community, Politics, and Regulation.
3. Optionally, watch 10. Altcoins and the Cryptocurrency Ecosystem (1h5m).

Learning Objectives: Case Study: Bitcoin

During the class:

1. Quiz on the study material for the class.
2. Discussion of the material studied for this class.
3. Tutorial on giving presentations.

December 2th:
Term Project Video Clips Due (See Canvas for time and submission instructions).

12:45–2:00 PM:
Instructor’s  Zoom Office Hours.

During the class:

1. Where to go from here.
2. Mini-conference, term project reports, and final exam Q&A.
3. Course anonymous feedback survey.

Course mini-conference with term project presentations. 

Location: KAIS 2020/2030

12:45–2:00 PM:
Instructor’s  Zoom Office Hours.

Term Project Report Final Version Due (See Canvas for time and submission instructions).

3:30 – 6 PM Final Examination