A Comparison of Cryptography Courses

The author taught two courses on cryptography, one at Duke University aimed at non-mathematics majors and one at Rose-Hulman Institute of Technology aimed at mathematics and computer science majors. Both tried to incorporate technical and societal aspects of cryptography, with varying emphases. This paper will discuss the strengths and weaknesses of both courses and compare the differences in the author's approach.Comment: 14 pages; to appear in Cryptologi

Underwater Hacker Missile Wars: A Cryptography and Engineering Contest

For a recent student conference, the authors developed a day-long design problem and competition suitable for engineering, mathematics and science undergraduates. The competition included a cryptography problem, for which a workshop was run during the conference. This paper describes the competition, focusing on the cryptography problem and the workshop. Notes from the workshop and code for the computer programs are made available via the Internet. The results of a personal self-evaluation (PSE) are described.Comment: 11 pages, 3 figures, uses amsrefs.sty v2.0 and cryptologiabib.sty (included); to appear in Cryptologi

Experiences and lessons learned in the design and implementation of an Information Assurance curriculum

In 2004, Dakota State University proposed a model for information assurance and computer security program development. That model provided a framework for developing undergraduate and graduate programs at DSU. This paper provides insight into experiences and lessons learned to further implement that model. The paper details modifications to both the undergraduate and graduate information assurance programs as a result of specific issues and challenges. Further, the paper highlights the introduction of a new terminal degree that includes an information assurance specialization. As a national center of excellence in information assurance education, we are confident that this paper will be helpful to universities around the world in either developing new or improving existing IA programs

Brief History of Quantum Cryptography: A Personal Perspective

Quantum cryptography is the only approach to privacy ever proposed that allows two parties (who do not share a long secret key ahead of time) to communicate with provably perfect secrecy under the nose of an eavesdropper endowed with unlimited computational power and whose technology is limited by nothing but the fundamental laws of nature. This essay provides a personal historical perspective on the field. For the sake of liveliness, the style is purposely that of a spontaneous after-dinner speech.Comment: 14 pages, no figure

Educational Requirement Analysis for Information Security Professionals in Korea

The IT industry in Korea, having recognized the importance of Information Security (IS), is in pressing need of IS Managers (ISMs) and IS System Developers (ISSDs). Many educational institutions, both universities and training organizations, are developing IS courses to meet this demand. For these educational programs to be successful, their design should address the specific knowledge required by IS professionals. In this paper, the authors first identify and rank the knowledge requirements of IS professionals using a simplified Delphi technique. They then, through refined analysis, come up with two sets of 15 specific educational requirements, one each for ISMs and ISSDs

Design and evaluation of a learning environment to effectively provide network security skills

Information system security and network security are topics of increasing importance in the information society. They are also topics where the adequate education of professionals requires the use of specific laboratory environments where the practical aspects of the discipline may be addressed. However, most approaches currently used are excessively static and lack the flexibility that the education requirements of security professionals demand. In this paper we present NEMESIS, a scenario generation framework for education on system and network security, which is based on virtualization technologies and has been designed to be open, distributed, modular, scalable and flexible. Finally, an example scenario is described and some results validating the benefits of its use in undergraduate computer security courses are shown.La seguridad de redes y sistemas de información es un área de importancia creciente en el ámbito de la sociedad de información. Además, constituye un tema en el que la adecuada formación de profesionales exige el uso de entornos de laboratorio específicos en los que abordar los aspectos prácticas de la disciplina. Sin embargo, la mayoría de las aproximación usadas en la actualidad son excesivamente estáticas y carecen de la flexibilidad que las exigencias de la formación de profesionales de seguridad imponente. En este artículo, presentamos NEMESIS, un entorno para la generación de escenarios para la formación en seguridad de redes y sistemas, basado en tecnologías de virtualización que ha sido diseñado para ser abierto, distribuido, modular, escalable y flexible. Finalmente, se describe un escenario de ejemplo y se muestran resultados que validan los beneficios de su uso en cursos de seguridad informática de grad

Design and evaluation of a learning environment to effectively provide network security skills

Information system security and network security are topics of increasing importance in the information society. They are also topics where the adequate education of professionals requires the use of specific laboratory environments where the practical aspects of the discipline may be addressed. However, most approaches currently used are excessively static and lack the flexibility that the education requirements of security professionals demand. In this paper we present NEMESIS, a scenario generation framework for education on system and network security, which is based on virtualization technologies and has been designed to be open, distributed, modular, scalable and flexible. Finally, an example scenario is described and some results validating the benefits of its use in undergraduate computer security courses are shown.La seguridad de redes y sistemas de información es un área de importancia creciente en el ámbito de la sociedad de información. Además, constituye un tema en el que la adecuada formación de profesionales exige el uso de entornos de laboratorio específicos en los que abordar los aspectos prácticas de la disciplina. Sin embargo, la mayoría de las aproximación usadas en la actualidad son excesivamente estáticas y carecen de la flexibilidad que las exigencias de la formación de profesionales de seguridad imponente. En este artículo, presentamos NEMESIS, un entorno para la generación de escenarios para la formación en seguridad de redes y sistemas, basado en tecnologías de virtualización que ha sido diseñado para ser abierto, distribuido, modular, escalable y flexible. Finalmente, se describe un escenario de ejemplo y se muestran resultados que validan los beneficios de su uso en cursos de seguridad informática de grad