Instructor | Announcements | Course Info | Class Material | Schedule | Project | Grade | General Policy | Related Links

Instructor

Richard Sinn
Email: richardsinn@yahoo.com
Office Hours: After class, by appointment or email only

Richard Sinn specializes in development projects and consulting in security and identity management. He has been in the software industry for years as lead developer, architect and manager for projects ranging from secure network appliances, certificate management system, secure provisioning system, identity and access management system, IBM operating systems, kernel file system, network computer, Java desktop, IT development framework, and IBM DB2 database.

As an inventor, Richard holds the following patents (some pending, some issued):

• Security Provisioning Bridge Server
• Job Code Security Attribute in Provisioning
• Electronic Certificate Workflow
• Obtaining and Retaining Real Time Certificate Status
• Remote Log Based Replication Solution
• SQL Access to System Specific Data
• Rule Based Data Management
• Wrapper Profile

Richard has also been a part-time professor at the San Jose State University in both the Computer Science and Computer Engineering department for the last 6 years. He's the advisor for the CS department's senior independent studies and Engineering department's senior design project and master project. In 2003, Richard founded a new graduate level course titled "Software Security Technologies" at San Jose State University. The course is part of the computer engineering graduate program as well as part of the professional enterprise software certification program.

As a freelance writer, Richard authors multiple articles over the years for different magazines, books, and journals (such as Developer Connection Magazine, IBM Technology Journal, Developer Toolbox Magazine, Midrange Computing, IEEE computer society press, e-ProMag, Domino Professional Magazine, etc). He was an adjunct Professor at the University of Minnesota while he worked at IBM Rochester and IBM Silicon Valley Laboratory. Richard holds a Master of Science, major in computer science and minor in mathematics from University of Minnesota-Twin Cities, and Bachelor of Science with Honors from University of Wisconsin-Madison, double major in Computer Science and Mathematics.

Richard is currently working as the security architect for Yahoo Messenger.

Announcements

Update: Class start time is moved to 7:00pm !!!
Update: Room moved to Engr 341!!!

NO CLASS FEB 28, 2006!!! NEED TO STANDBY FOR Baby!!!

Add code:

1 902790 Not Used 02/13/2006 A 2 867840 Not Used 02/13/2006 A 3 212220 Not Used 02/13/2006 A 4 302850 Not Used 02/13/2006 A 5 841005 Not Used 02/13/2006 A 6 999540 Not Used 02/13/2006 A 7 850395 Not Used 02/13/2006 A 8 172557 Not Used 02/13/2006 A 9 586350 Not Used 02/13/2006 A 10 224328 Not Used 02/13/2006 A

Pick one that works.

Class time:

Every Tuesday

Class room:

MOVED TO Engineering Room 341

Initial creation.

Environment

Please consider how you set up your evaluation environments - be it homework, on-campus quizzes and exams, to minimize chances of (temptations to) cheating.

In particular:

During tests:

- Make sure there is plenty of space between students.

- Always proctor exams and tests, and preferably by sitting at the back of the room rather than at the front. Do not leave the testing room during the test. If you cannot proctor the class yourself, contact me and I will endeavor to find a proctor for you.

- If the test is closed-book, require all backpacks to be zipped shut, all PDAs, computers and phones to be handed in, and any access to either without explicit proctor permission should be an immediate F in the class.

For homework: We have started using on-line support systems to catch cheaters. So I would very strongly urge you:

- For code assignments: Run them all through MOSS

- For essays etc: Run them all through turnitin.com (SJSU has a site subscription, I have been told.)

- Make sure individual contributions are ensured in team projects. This can be done through various means: Sign-offs, quizzes on the content of common work, etc.

Remember: A grade reflects an evaluation of the individual student's achievements. Your evaluation system has to reflect that objective.

Course Information

Objectives

Implementation of protocols in current practice. TCP/IP, domain name systems, interactive data flow and network management protocols. Topics will cover FTP as well as NFS protocols. Prerequisite: CMPE 206 or instructor consent. Misc/Lab: Lecture 2 hours/lab 3 hours. This semester is an advanced survey class with network protocols. If you are into learning new things quickly, and have a sense of adventure, this class is for you. Topics could include:

• ARP
• RARP
• BOOTP
• DHCP
• IP
• IP routing
• IGMP
• UDP
• TCP
• rlogin
• telnet
• SNMP
• Security Concepts Introduction
• PKI Introduction
• Network Architecture Introduction
• HTTP
• BitTorrent
• ICE
• FTP
• DNS
• NFS
• Network Authentication
• Kerberos
• SSL/TLS
• VPN
• OCSP
• IKE
• IPSEC
• LDAP
• DHCP

Grading

Apart from big term project(s) and presentation, there are homework assignments, a mid-term exam and a final exam. Some exams might be take-home. The weightings for grading are: Term Project(s) 40%, Homework 20%, Midterm 10%, Final Exam 10%, and Team Presentation 20%.

No Late Assignment Submission

Class Material

Lecture Notes

Textbook: TCP/IP Illustrated, Vol. 1, 1994, Stevens, ISBN: 0-20-163346-9. (Reading will be assigned in class).

Non-Textbook: Reading material will be online on this web site before every lecture. Please email sinn@openloop.com if you experience any download problem. Reading this semester:

• HTTP: http://www.w3.org/Protocols/, ftp://ftp.isi.edu/in-notes/rfc2616.txt
• FTP: http://www.ietf.org/rfc/rfc0959.txt
• BitTorrent: http://www.bittorrent.com/protocol.html
• DNS: http://www.faqs.org/rfcs/rfc1035.html, http://www.faqs.org/rfcs/dns-rfcs.html
• IKE: http://www.ietf.org/rfc/rfc2409.txt
• IPSEC Intro: http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23f/ipsec/ch01.htm
• XKMS: http://www.w3.org/TR/2005/REC-xkms2-20050628/
• ICE: http://www.w3.org/TR/1998/NOTE-ice-19981026
• LDAP: http://www.faqs.org/rfcs/rfc2251.html
• OCSP: http://www.faqs.org/rfcs/rfc2560.html
• SSL/TLS: http://wp.netscape.com/eng/ssl3/draft302.txt
• DHCP: http://rfc.net/rfc2131.html
• NFS: http://www.faqs.org/rfcs/rfc1813.html
• Kerberos: http://web.mit.edu/kerberos/www/

Reference

• RSA Security's Official Guide to Cryptography by Steve Burnett, Stephen Paine (Paperback)
• PKI: Implementing & Managing E-Security by Andrew Nash, Bill Duane, Derek Brink, Celia Joseph. McGraw-Hill Osborne Media; ISBN: 0072131233; (March 27, 2001).
• IPSec: Securing VPNs by Carlton Davis (Paperback)
• Security Architecture: Design, Deployment and Operations by Christopher King, et al (Paperback)
• Understanding the Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations by Carlisle Adams, et al (Hardcover)
• Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure by Russ Housley, Tim Polk (Hardcover)
• Openloop.com (http://www.openloop.com)

More will be added as the semester goes

Schedule

Term Project

Strength and weakness analysis of one of the following protocols.

• Typically a group of five students works on a single project
• One report per group: 10 pages (5000 words) in MS word format
• Must go beyond basic info and suggest possible improvement for the protocol
• Programming for prototyping is optional but recommended
• All topics must be approved by instructor
• Presentation is required at the end of the semester

Team Research Presentation (Lab)

Each team will be given one topic to research and present during the semester. Mid-term and final will contain some questions related to the topics presented. The team needs to prepare the following:

• PowerPoint Presentantion of the topic
• A 5 short-paper with detail reference on the topic
• Perform face-to-face presentation in class (15 min)
• The following are the topics:
  • RFID network protoco
  • SMTP
  • SNMPl
  • SSH
  • SCP
  • Kerberos
  • Radius
  • Network Intrusion Detection
  • SOAP
  • UDDI
  • XKMS
  • NAT
  • EAP
  • IPX/SPX
  • POP3/IMAP4
  • BGP
  • EGP
  • IGP
  • RIP
  • OSPF
  • Socks
  • (You can also pick your own topics upon approval from instructor)

Grade

Email sinn@openloop.com to check your grade if necessary.

General Policy

The university and departmental policies and deadlines for course drop will be applied. Makeup exams cannot be offered, except under exceptional conditions, such as documented serious illness/accident, etc., and only at the professor's discretion.

Each student is responsible for his/her individual assignment, and must not copy anyone else's work. Students who borrow solutions from others will find themselves unable to pass the course. The minimum penalty for every student involved in the duplication of individual assignments or exams will be receiving a zero score on the submitted work.

For group project, all the work has to be done by your OWN group. Do not try to download "free code" from the Internet and hand in as a project. WE WILL FIND OUT. Do not share your work with others. So DO YOUR OWN WORK and EARN your grade.

Related Links

Instructor | Announcements | Course Info | Class Material | Schedule | Project | Grade | General Policy | Related Links