CS5285 Information Security for eCommerce
Semester A 2009-2010 (Fall 2009)
Duncan Wong (duncan AT cityu), 2788 8020, Y6425
Tutor: Qiong Huang (CYC 2211 / csqhuang AT student.cityu)
Class Schedule: Tuesdays 1830-2120 at G4302 (Sep 1 - Nov 24)
News
- Final Exam Schedule: Dec 17 (Thu) 1830-2030 @
LT-11.
- Problem Set 2 is out. Due date: November 17, 2009
(Tue) 9:30pm.
- Quiz Schedule: Oct 20 (week 8) 1930-2100.
- Problem Set 1 is out. Due date: September 29, 2009
(Tue) 9:30pm.
- Password for downloading course materials has been
sent to all students via email.
Course Information
Aims and Objectives
CILOs (Course Intended Learning Outcomes):
- Identify the organizational requirements of eCommerce systems on
data protection.
- Demonstrate knowledge of the factors which have impacts upon the
security of eCommerce systems.
- Make realistic assessment on the security of eCommerce systems.
- Design and analyze security measures to protect organizational
data against various attacks.
There will be two take-home problem sets, one in-class quiz and one
final examination.
The final grade will be determined from the total weighted score obtained in
the coursework and the examination. Below is the weighting.
| Problem Set 1 | 10% |
| Problem Set 2 | 10% |
| Quiz | 20% |
| Exam | 60% |
To pass the course, a student should have the total weighted score
of each CILO be at least 30%. The weighting is given as follows.
| CILO 1 | CILO 2 | CILO 3 | CILO 4 |
| Problem Set 1 | 40% | 30% | 20% | 10% |
| Problem Set 2 | 10% | 20% | 30% | 40% |
| Quiz | 25% | 25% | 25% | 25% |
| Exam | 25% | 25% | 25% | 25% |
A problem set is usually due at the end of a class on the due date
(e.g. 9:20pm). As a general rule, any problem set turned in up to one week
late will be penalized by 20%, and no homework will be accepted beyond one week
past its due date.
Textbook
Cryptography and Network Security: Principles and Practice
(Third or Fourth Edition)
William Stallings
Prentice Hall
Third Edition:
http://williamstallings.com/Crypto3e.html
Fourth Edition:
http://williamstallings.com/Crypto/Crypto4e.html
References
Materials and Schedule
- Cryptographic Tools: Encryption, Authentication, Signature
(4 weeks)
- Symmetric Key Encryption
- Public Key Encryption
- Digital Signatures
- Hash Functions and Message Authentication
- Public Key Infrastructure, Digital Certificates
- Authentication and Key Establishment Protocols
(2 weeks)
- Challenge-Response Authentication Mechanism
- SSL
- IPSec and IKE
- Computer Security
(2 week)
- Password-based Systems
- Two-factor Authentication, One-time Password
- Malicious Software
- Network Security (2 weeks)
- Firewall
- Email Security (S/MIME, PGP)
- Wireless Security (1 week)
- Mobile Security
- Wi-Fi Security
- Payment Systems (1 week)
Download Area
Problem Sets:
- Problem Set 1
(Sep 21, 2009) Question 3 has one sentence added:
If your name contains less than 8 characters,
append sufficient number of letter `Z' to the end of your name so that
it contains exactly 8 characters.
Solutions
- Problem Set 2
(Nov 18, 2009) In the statement of question 4(c), it should be referring
to IKE Phase 1.
Academic
Calendar