UBC-wide orientation.
No classes.

Before the class:

1. Connect to the course on Canvas.
2. Learn about academic integrity by studying UBC’s Policy on Academic Misconduct, information resources provided at  “Understand Academic Integrity“, and on the use of common knowledge in your writings. 
3. Study the course syllabus.

Learning Objectives: Academic Integrity

During the class:

1. Course overview.
2. Quiz on the knowledge of the course syllabus and academic integrity.

12

Topic: Buffer Overflow

Before the class:

1. Make sure you can connect to the course on Canvas to be able to take the Entrance Quiz during the class.
2. Study and prepare to be quizzed on buffer overflow:
   1. Vulnerability and Exploits (watch from 25:45 to the end)
   2. Countermeasures (watch from 24:43 to 45:48)
3. Study and prepare to be quizzed on the Basics of the Economics of Cybersecurity (42m)
   1. 1. Study A brief history (8m).
      2. Study Introduction to economics (10m).
      3. Study The economics of information goods (13m).
      4. Study Security from an economic perspective (11m),
4. Optionally, read a detailed analysis of a buffer overflow vulnerability in an earlier version of WhatsApp.

Learning Objectives:

1. Buffer Overflow
2. Economic,  Organizational, and Political Aspects of Cybersecurity

During the class:

1. Work on practice problems and questions on the material studied for this class.
2. Entrance Quiz on Buffer Overflow and Basics of the Economics of Cybersecurity

Topic: Introduction to Cybersecurity

Before the class:

1. Study sections 1.1-1.6 & 1.8 of Chapter 1 from Computer Security and the Internet: Tools and Jewels [CSI-TJ].

Learning Objectives: Introduction to Cybersecurity

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:
1–2 PM: Instructor’s In-person (KAIS 4047) office hours.

Topic: Principles of Designing Secure Systems 

Before the class:

1. Study section 1.7 of Section 1.7 from Computer Security and the Internet: Tools and Jewels [CSI-TJ].

Learning Objectives: Design Principles

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Topic: Introduction to Cryptography (part I)

Before the class:

1. Study Cryptography 101: Goals, Basics, Substitution Ciphers
2. Study all micro-modules of ancient cryptography and  Ciphers modules.
3. Study Stamp Sections 2.1–2.3, 2.6, 2.7. Feel free to supplement the reading with Stamp video lectures on on the corresponding sections.
4. Optionally, read Stamp 2.4, 2.5.

Learning Objectives: Introduction to Cryptography (part I)

During the class:

1. Presentation of a term paper from a previous cohort.
2. Quiz on the study material for the class.
3. Work on practice problems and questions on the material studied for this class.

After the class:
2–3 PM: Instructor’s In-person (KAIS 4047) office hours.

Topic: Introduction to Cryptography (part II)

Before class:

1. Get clear understanding of confusion and diffusion properties of ciphers by studying this short explanation.
2. Study Random Oracle model and its versions for hash functions, block ciphers, and stream ciphers:
   1. Anderson: Section 5.3 (introduction, 5.3.1, 5.3.2, 5.3.3).
   2. Random Oracle in Pictures.
3. Study properties of hash functions: Stamp: Sections 5.1 & 5.2. Feel free to supplement the reading with a video of Stamp’s lecture on Hash Function properties.
4. Bonus Material: Read Stamp 2.5 on the history of modern crypto. Ignore the explanation of confusion and diffusion there.
5. Bonus Material: study Birthday Paradox and Birthday Attack. Stamp Sections 5.3, 5.4.

Learning Objectives:

1. Introduction to Cryptography (part II)

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Topic: Stream and Block Ciphers Under the Hood

Before the class:
(most videos are short)

1. Optionally, view this gentle introduction into stream ciphers, videos 1, 2, 3,
2. Study Stamp Sections 3.1 and introductory text in 3.2 (but not 3.2.1 or 3.2.2). Feel free to supplement the reading with Stamp video lectures: parts 1& 2 from Chapter 3.
3. Study random number generators:  video 1, and Stamp’s lecture on Random Numbers in Cryptography.
4. Study required properties of block ciphers (5m).
5. Study AES:
   1. Stamp Section 3.3.4, feel free to compliment it with viewing Stamp’s lecture on AES.
   2. AES animation demo (enjoy the soundtrack).
   3. Videos 1, 2, 5, 11, 12, 13 on the mechanics of AES.
6. Bonus material: Study A5/1 cipher
   1. Pages 7-10 of the slides.
   2. Video animation of A5/1.
7. Optionally, watch the rest of the video lectures on AES (3, 4, 6, 7, 8, 9, 10, 14, 15) from applied crypto playlist.

Learning Objectives: Stream and Block Ciphers Under the Hood

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:
1:15–2:15 PM: Instructor’s In-person (KAIS 4047) office hours.

Topic: Modes of Operation and Hash Functions

Before the class:

1. modes of operation for block ciphers
   1. Study Stamp Section 3.3.6.
   2. Study modes of operations for block ciphers: ECB, CBC, and CTR, and optionally: CFB.
   3. MAC: Stamp Section 3.4.
2. Hash functions:
   1. Study Non-cryptographic Hash Functions Stamp Section 5.5.
   2. Study Cryptographic hash functions: video Lecture 1.1 (first 21 minutes) of this video material on Cryptocurrencies.
   3. Optionally, watch HMAC video (from 6m12s to the end) and read Stamp Section 5.7.

Learning Objectives: Modes of Operation and Hash Functions

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Topic: Asymmetric Ciphers 

Before the class:

1. View an introduction to Diffie-Hellman (DH) key establishment scheme with this very affordable video.
2. Study Stamp Chapter 4, all sections except 4.3.2, 4.3.3, 4.5 (which are optional), and 4.11. Feel free to supplement the reading with Stamp video lectures on Chapter 4.

Learning Objectives: Public Key Cryptography

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:
1:15–2:15 PM: Instructor’s In-person (KAIS 4047) office hours.

Thanksgiving Day. University closed.

In the class:

1. Term paper proposals presentations
2. Q&A about the mid-term exam

Last day to obtain authorization for third-party system security analysis from the UBC IT Security.

Due: Term Paper Proposal. See Canvas for submission instructions and deadline details.

“Make-up Monday”, no Thursday classes.

12–12:50 PM: Instructor’s In-person (KAIS 4047) office hours.

Mid-term exam

The exam is on all the material studied until the exam.

Topic: Authentication and Key Establishment Over Insecure Networks

Before the class:

1. Study Stamp Chapter 9  (except for Sections 9.5, 9.8). Feel free to supplement the reading with Stamp video lectures on Chapter 9.
2. Bonus Material: Stamp Section 9.5 on Zero Knowledge Proofs.

Learning Objectives: Simplified Authentication and Key Establishment Protocols

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:
1–2 PM: Instructor’s In-person (KAIS 4047) office hours.

Topic: Real World Security Protocols, part I

Before the class:

1. Study Stamp Sections 10.1-10.3, 10.5. You can compliment your reading with Stamp video lectures on Chapter 10.

Learning Objectives: Real World Security Protocols

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Topic: Real World Security Protocols, part II

Before the class:

1. Study Stamp Sections 10.6 – 10.8. You can compliment your reading with Stamp video lectures on Chapter 10.
2. Study WEP vs. WPA explanation.

Learning Objectives: Real World Security Protocols

During the class:

1. Quiz on the study material for the class.
2. Midterm anonymous feedback for the teaching staff.
3. Work on practice problems and questions on the material studied for this class.

After the class:
2–3 PM: Instructor’s In-person (KAIS 4047) office hours.

Topic: Authentication of Humans to Computers

Before the class:

1. Study all sections of Stamp Chapter 6 “Authentication” (Feel free to compliment your reading with Stamp video lectures on the chapter).
2. Study “After-action report – learning from the mistakes we’ve made with passwords” by Dr. Cormac Herley (length: 1h13m).

Learning Objectives: Authentication of Humans to Computers

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Topics: Designing and Building (More) Secure Software

Before the class:

1. Study the following parts of Software Security Lecture 4:
   1. Security Requirements and Abuse Cases (26m46s-30m14s).
   2. Design Flaws (30m20s-32m46s).
   3. Top Design Flaws (1h07m18s-1h16m30s).
   4. VSFTPD case study (1h16m30s-1h27m45s).
2. Bonus Material: study Web (in)Security.

Learning Objectives: Designing and Building (More) Secure Software

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:
2–3 PM: Instructor’s In-person (KAIS 4047) office hours.

Due: Term Paper Pre-final Draft Due (optional for non-Analysis Term Papers). See Canvas for submission instructions and deadline details.

Topic: Economic,  Organizational, and Political Aspects of Cybersecurity

Before the class:

Optionally refresh your memory of Part 1 (the same as for the Entrance Quiz): Basics (42m)

1. Study A brief history (8m).
2. Study Introduction to economics (10m).
3. Study The economics of information goods (13m).
4. Study Security from an economic perspective (11m).

Study the following video lectures on the economics of cybersecurity:

Part 2: Security Metrics (39m)

1. Study What to measure? (9m).
2. Study Measuring security levels (9m).
3. Study Metrics in practice (9m).
4. Study Metrics from incident data (12m).

Part 3: Security Investment and Risk Management (47m)

1. Study Information security strategy (11m).
2. Study Information security investment (10m).
3. Study Risk management (13m).
4. Study Operational security management (13m).

Learning Objectives: Economic,  Organizational, and Political Aspects of Cybersecurity

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Topic: Economic,  Organizational, and Political Aspects of Cybersecurity

Before the class:

Study video lectures on the economics of cybersecurity (continued):

Part 4: Market Failures (43m)

1. Study Market failures (12m).
2. Study Policy interventions (13m).
3. Study Case study 1: Information sharing in incident response (8m).
4. Study Case study 2: payment card security (10m).

Part 5: Behavioural research into security & Policy Implications (38m)

1. Study Prospect Theory (10m).
2. Study Heuristics and social persuasion (16m),
3. Study Behavioural economics of privacy (12m).
4. Optionally: Consumer behaviour and deception,
5. Optionally: Security economics and policy.

Learning Objectives: Economic,  Organizational, and Political Aspects of Cybersecurity

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:
2–3 PM: Instructor’s In-person (KAIS 4047) office hours.

Midterm Break, No Classes

Remembrance Day, UBC closed.

Midterm Break, No Classes

Midterm Break, No Classes

Topic: Usable Privacy and Security

Before the class:

1. Study 1 — Introduction (56m).
2. Optionally, watch 2 — Design.
3. Study 3 — Evaluating usable security design (1h13m).
4. Study Neilsen’s Usability Heuristics.

Learning Objectives: Usable Privacy and Security

During the class: 

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:
2–3 PM: Instructor’s In-person (KAIS 4047) office hours.

Topic: Usable Privacy and Security

Before the class:

1. Study 4 — Guidelines for Secure Interaction Design (58m).
2. Study 5 –Usable Authentication (49m)
3. Optionally: Read Section 3 (“Design Principles”) of User Interaction Design for Secure Systems by Ka-Ping Yee.

Learning Objectives: Usable Privacy and Security

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Topic: Case Study: Bitcoin

Before the class:

1. Study 1. Introduction to Bitcoin and Blockchain Cryptography (from 20th minute of the video to the end) (38 minutes).
2. Study 2. How Bitcoin Achieves Decentralization (1h14m).

Learning Objectives: Case Study: Bitcoin

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

After the class:
2–3 PM: Instructor’s In-person (KAIS 4047) office hours.

Topic: Case Study: Bitcoin

Before the class:

1. Study 3. Mechanics of Bitcoin (1h20m).
2. Study 4. How to Store and Use Bitcoins (1h22m).

Learning Objectives: Case Study: Bitcoin

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.

Topic: Case Study: Bitcoin

Before the class:

1. Study 6. Bitcoin and Anonymity (1h52m).
2. Optionally, watch 7. Bitcoin Community, Politics, and Regulation.
3. Optionally, watch 10. Altcoins and the Cryptocurrency Ecosystem (1h5m).
4. Optionally: watch 5. Bitcoin Mining

Learning Objectives: Case Study: Bitcoin

During the class:

1. Quiz on the study material for the class.
2. Work on practice problems and questions on the material studied for this class.
3. Tips on giving presentations of the term papers.
4. Where to go from here.
5. Mini-conference, term project reports, and final exam Q&A.
6. Course anonymous feedback survey.

After the class:
2–3 PM: Instructor’s In-person (KAIS 4047) office hours.

During the class:
Term project presentations. 

Term Paper Final Version Due (See Canvas for time and submission instructions).

Final exam 12:00-2:30 PM