CSE408 Fall 2006. Network Security

Lecturer:	Rob Johnson
TA:	George Iordache
Location:	Earth and Space Sciences 183
Time:	TuTh 2:20pm-3:40pm
Rob's Office Hours:	Tu 4-5pm, 2313D Computer Science Building
George's Office Hours:	Fri 3-4pm, 2110 Computer Science Building
Home page:	http://www.cs.sunysb.edu/~rob/teaching/cse408-fa06
Textbook:	Cryptography and Network Security: Principles and Practices. William Stallings.

Overview

This course will divide into roughly three parts. In the cryptography section, we will cover number theory, symmetric and public key cryptography, and other fundamental cryptographic constructs. In the protocols section, we will discuss applications of the basic cryptogrpaphic tools, such as authentication and secure e-commerce. Finally, we will talk about attacks and defenses for current network architectures.

Topics

Security basics: security goals, threat models, trust, policies, mechanism, security through obscurity
Symmetric cryptography: Block ciphers, stream ciphers, MACs, hash functions, random-number generators
Public-key crypto: RSA, El Gamal, Signatures, PKI
Protocols and applications: Kerberos, SSH, SSL, IPSec, PGP
Network attacks: DoS attacks, DNS attacks, BGP corruption, TCP hijacking, etc.
Network defenses: Firewalls, Intrusion-detection systems, software security
Advanced topics: Zero-knowledge proofs, e-cash, secret-sharing, identity-based crypto

Requirements and Grading

Subject to tweaks throughout the semester.

Homeworks (18%). I will assign 6-8 homeworks throughout the semester. They will not take long - two to four hours each.
Class project (18%). You will work in groups of 2-3 on a class project in computer security.
Class participation (5%). I strongly encourage discussion and debate in class. Please don't hesitate to ask questions if you don't understand or disagree with anything covered in this course.
Midterm exams (18% each).
Final exam (23%). The final is cumulative, so it will have questions covering topics from the entire semester.

Class Notes

If you would like to earn extra credit, you may volunteer to write up notes for a lecture. I will count one day's notes as equivalent to one homework problem. Only two people can submit notes for any given day, so check with me in advance. Notes should be submitted in PDF format, and should not just be a scan of your notebook. I will post the notes on the course web page.

Note: If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, please contact the staff in the Disabled Student Services office (DSS), Room 133, Humanities, 632-6748v/TDD. DSS will review your concerns and determine with you what accommodations are necessary and appropriate. All information and documentation of disability are confidential.

Course Schedule

Note: the schedule may change throughout the semester.

Date	Topic/optional reading assignment
9/7	Security goals, threat models, trust, security through obscurity, review of networks, classic crypto
9/12	Finite fields and modular arithmetic. (Chapter 4)
9/14	Finite fields and modular arithmetic HW: 4.13, 4.15, and 4.19, Due in class 9/21 Solutions
9/19	Euler's theorem (pg. 241) Block ciphers design: SPNs
9/21	Block cipher design: Feistel Networks, DES, AES (chapters 3,5, and 6.1)
9/26	Modes of operation (chapters 6.2 and 6.3) Homework 2, due Oct. 5 Solutions
9/28	MACs, hash functions, and RNGs (chapters 11.3, 11.4, 12.3) Public-key cryptography (chapter 9.1)
10/3	RSA encryption and signatures. Security of RSA (chapter 9 and 13.1)
10/5	Other public-key schemes: El gamal encryption and signatures, and the Discrete-log problem Diffie-Hellman key agreement (chapter 10.2) Public key infrastructures
10/10	Midterm 1 Solutions
10/12	Basics of authentication protocols: nonces, timers, counters (chapter 13.2)
10/17	Kerberos (chapter 14.1) Homework 3, due Oct. 26
10/19	Public-key key agreement protocols, certificates, DNSSEC, PKI (chapters 14.2-14.3)
10/24	PGP (chapter 15.1)
10/26	SSH (not in book)
10/31	SSL, Web password management, Cookie security (chapter 17.2)
11/2	Virtual private networks, link-level security vs. end-to-end security, routing security and the border-gateway protocol (BGP) (chapter 16)
11/7	Guest Lecture: Radu Sion
11/9	Guest Lecture: Radu Sion
11/14	Wireless security (not in book)
11/16	TCP hijacking, Denial-of-Service attacks (chapter 19.3)
11/21	Midterm 2
11/23	Thanksgiving
11/28	Software security: bugs and attacks Project description
11/30	Software security: defenses
12/5	Firewalls and Proxies
12/7	Intrusion-detection systems
12/12	Anonymity and Privacy
12/14	Side channel attacks
12/19	5pm-7:30pm Final Exam