In this semester one USYD course, we start by examining the basic cryptographic building blocks of security, working through to their applications in authentication, key exchange, secret and public key encryption, digital signatures, protocols and systems. We then examine these applications in the real world, analysing practical cryptosystems, the assumptions with which they were designed, their limitations, failure modes, and ultimately why most end up broken.
Connectivity is ubiquitous; we are immersed by the Internet, wireless, personal area, RFID and social networks.
It's 2018, where gaining access from "any computer on the network" suddenly means every computer on any network. Where "computer" means your mobile phone, your watch, your wallet, your refrigerator, your pacemaker, your passport, your printer and your photo frame; and nobody makes antivirus for any of this stuff. It's a brave new world. Communications and technology stitch together every facet of our lives, enabling everyone to strap themselves into their own personal silicon curve, driven by the network effect.
The problem is that in the digital world everything is made of bits. However, bits have no uniqueness. Bits are easy to copy. Everything you have that is stored in bits, whether it be information, privileges, identity, media or digital money - can be replicated with perfect accuracy. Pretty much all of information security revolves around making bits hard to copy; which is like trying to make water not wet. The result? All systems are insecure in the digital world, to some degree.
While we've seen a lot of security issues over the last few decades, the problems that face engineers who design for security have only just begun. Despite "security engineering" being a relatively new field, the issues involved within the the field are vast; they touch on business processes, politics, the law, psychology, management, computer science and engineering. Conficker, DMCA, SDMI, Botnets, De-CSS, Echelon, DES, PRISM, Heartbleed, the Storm Worm. The future of many industries and organisations depends upon embracing new technologies; the Internet, wireless, social networks and new forms of content distribution. We've learnt so much over the years, yet the problems we see end up always being the same. When will we learn?
ELEC5616 does not teach practical hacking skills, but instead provides the deep knowledge and understanding that forms a necessary foundation for further studies in security. The follow-on course for ELEC5616 is COMP5618 - Applied Cybersecurity which takes place in semester two at USYD. COMP5618 builds on the topics covered in ELEC5616 by examining the real-world tools and techniques used by digital attackers and defenders. The course includes a number of classes which are run by external industry experts. These specialist courses cover fields such as digital forensics, incident response, red team testing and network intrusion. While ELEC5616 is not a compulsory prerequisite for COMP5618, it is certainly assumed knowledge. More information on how to enrol in COMP5618 will be discussed during the ELEC5616 course.