# CPSC430A Senior Seminar

 Instructor: Dr. Ingram Time: MWF, 12:00 pm -- 1:00 pm Place: Trexler 374

### Assignments

Due Date Assignment
Wednesday, Jan. 19 Reading and Questions
Friday, Jan. 21 Read Chapter 2;
Do #2.1 and 2.2 on page 70. You will need to go to the textbook's Web site to download the file describing the cipher (the download link for files is on the left side of the page). For part (b), write the steps in the decryption algorithm.
Monday, Jan. 24 Decide which of Chapters 3 - 8 you would be interested in presenting. Each chapter will have 2 or 3 students that will work together to present the material to the class.

For problem 2.3 on page 70,

• Apply the algorithm on each of the following (assuming 4-bit blocks of plaintext and 8-bit key - the modulus for addition should be 2^4):
```      Plaintext: 0111   Key: 11011010
Plaintext: 1011   Key: 10010110
```
• Do part (a). Show that your algorithm works on the examples above.
Wednesday, Jan. 26
• Write the SDES algorithm in flowchart form.
• Do problem #6 on the back page. That is carry through the steps in computing f for each round in Example 5.1.1
CORRECTION: The subkeys and result of the Initial Permutation are incorrect on that example. The first round function result is correct (for the given input) but the second round function result should be f11111100(00011010) = 00101010. I am mainly interested in you understanding the round function.
Wednesday, Feb. 2
• Stream Cipher Program
• Some problems to think about: p. 71, #2.5, 2.6; p. 622, #19.6 (P21 should be P2), 19.7, 19.8
Friday, Feb. 4 Simplified DES Program
Wednesday, Feb. 9 Hand in the following problems:
• Pages 71-72, #2.7, 2.9
• Page 622, #19.6
• Pages 647-648, #20.3, 20.6 (a), 20.6 (d) (for these encrypt the message and find the decryption key d), 20.11, 20.12
Wednesday, Feb. 16
Friday, March 18 Program: SDES in CBC Mode
Monday, March 21
• Read the article "Problem Solved?" from the June 2005 issue of ACM's Queue magazine. You can access the article by going to queue.acm.org and click on Security under Browse Topics on the left of the window. Look through the list of articles to find "Problem Solved?".
• Write a brief summary (about one page single spaced with a blank line between paragrahs) of at least two points in the article that you find interesting or enlightening (something you hadn't thought of).
Wednesday, March 23
• Read the paper Abstract and first two sections (Introduction and Overview of Vulnerabilities) of the paper "Finding Security Vulnerabilities in Java Applications With Static Analysis" by V. Benjamin Levshits and Monica S. Lam (presented at the 2005 Usenix Security Conference).
• Test Review
• Write a brief summary describing the general problem of Java vulnerabilities and then describe one specific one. Include a brief broad, easy to understand, description of what the researcher's tool will do (in other words don't just lift the first sentence of the abstract!).
Friday, March 25 Test #2
Friday, April 1 Presentations - Project Outline: Mark, Paul, Chris, Dumar, Greg
Monday, April 4 Project Outline Presentations, Continued: Ben, Jon A., Jon O, Jared
Wednesday, April 6 Project Outline Presentations, Continued: Keith, Frank, Mike S., Mike R., Natalie
Friday, April 8 Project Outline Presentations, Continued: Justyn, Shawn
Monday, April 11 No class - work on projects!!
Wednesday, April 13 Guest Speaker
Friday, April 15 Ethics Positions: Write a brief 1-2 page (single spaced) thesis-driven paper addressing one of the following questions. Your paper should outline the issues involved, state your position with justification. For justification you must include references to the ACM Code of Ethics - what in the code applies, whether it supports your position or not (and if not, why not). In class you will be expected to give a brief outline of your position. This (paper plus presentation) will be part of the oral presentation component of your course grade.

The questions:

• Who should be responsible for software failure? (And under what circumstances?) In particular, to what extent should software designers and programmers be responsible?

• Under what circumstances should a computer professional "blow the whistle" on a company or advertise a problem with software? (A related issue you could focus on is when should a computer professional point out a security flaw or vulnerability in widely used software such as Windows? To what extent is it helpful (the flaw is quickly fixed) or harmful (it is exploited in a harmful way)?

• Should hackers be hired as security experts by companies or the government?

• An issue related to your project (clearly state the issue and your position).
Monday, April 18 Full draft of final paper due (the experiential component is not due unless it is a major part of your paper); Peer Review
Wednesday, April 20 No class
Friday, April 22 No class: Good Friday
Monday, April 25 No class
Tuesday, April 26 (11:00 am - 2:30 pm with lunch provided) Final Projects Due
Final Presentations
Monday, May 2 Exam Day (8:30 a.m. - 11:30 a.m.): Final Presentations