CS 5490/6490: Network Security Fall 2015

Transcription

1 CS 5490/6490: Network Security Fall 2015 Professor Sneha Kumar Kasera School of Computing 1 What is this course about? Comprehensive introduction to network security Ø learn principles of network security Ø learn practice of network security Ø Internet security architecture/protocols as case study Goals: Ø learn a lot (not just factoids, but principles and practice) Ø have fun (well, it should be interesting, at least) 2 1

2 Course Information Ø Who is this course for? q MS/PhD students, undergrads juniors/seniors Ø Prerequisites: q Computer networks class, and/or good practical experience with networking Socket programming required, some understanding of TCP/IP (protocol functions, header structure) 3 Course Materials Ø Primary text: Networks Security: Private Communication in a Public World, 2 nd Edition, Kaufman, Perlman & Speciner, PH Ø Secondary texts: q Cryptography and Network Security: Principles and Practice, Stallings, 6 th edition, Pearson q Security in Computing, Pfleeger, Pfleeger, & Margulies, Pearson Ø Other sources q Internet Denial-of-service by Mirkovic et al q SSL by Rescorla q IEEE Security and Privacy Magazine q Ø Class notes (no slides, most of the time) 4 2

3 Course Information (more) Ø Class WWW site (same for cs5490 and cs6490): Ø everything will be posted on this site! q topics and schedule q assignments nothing will be handed out in class :-) Ø working on having this class on canvas 5 Course Information (more) Ø Mailing Lists: [email protected], [email protected] q announcements, discussions, questions q join by going to Coursework approx approx % written HW 5 25% Ø Workload: programming assigns. 2 15% programming questions (in written HW) 5% midterm exams 2 35% course project 20% Ø Cheating policy: Please read, sign academic misconduct acknowledgment form 6 3

4 Course Information (more) Ø cs5490 vs cs6490 same lectures cs6490 more questions in HW & Exams, extra credit for cs5490 Ø TA: Shishir Bhargav, Office hour: TBA Ø Professor s meeting hour: Tuesday AM Ø could also ask questions by sending to the class mailing list, meet (briefly) after class 7 Course Information (more) Ø Grading guidelines: q A q A- q B-, B, B+ q C-, C, C+ q D-, D, D+ q < 50 (or caught cheating) E The ranges as well as the thresholds could be shifted/changed depending on the overall performance of the class in the midterm exams, home works, programming assignments, and final project Ø in-class style: interaction, questions (please!) Ø please read Chapter 8 from Kurose and Ross > = 4 th edition 8 4

5 Networked Systems Cellular Access Network Public Switched Telephone Network voice Wireless LAN data Gateway Mobile Adhoc Network Sensor Network Internet Home Network 9 Course Overview: Part 1: Cryptography Ø Introduction Ø Secret key crypto q permutations & substitutions, block ciphers q stream ciphers, one time pads Ø Modes of operation q encrypting large messages (CBC), multiple enc/dec (3DES) 10 5

6 Course Overview: Part 1: Cryptography Ø Hashes and message digests q birthday paradox, Unix password hash, MD*, SHA, HMAC Ø Public key crypto q elementary number theory, RSA, Euclid s theorem, Chinese remainder theorem q Diffie Hellman key exchange q zero knowledge proof systems q finite fields, elliptic curves 11 Course Overview: Part 2: Authentication Ø Overview Ø Authentication of people q reliably verifying identity of someone (or something) Ø Security handshake pitfalls q minor variants of authentication protocols can have security holes, e.g., timer-based & reflection attacks q mediated authentication SOJZKXS KDGS I 12 6

7 Course Overview: Part 2: Authentication Ø Strong password protocols q Lamport s hash q secure even when password broken by offline dictionary attacks 13 Course Overview: Part 3: Standards Ø Kerberos, PKI (Certificates) Ø SSL - handshake, data exchange, export rules Ø IPsec q AH, ESP q IKE q IPsec over NAT q firewall friendliness Mary had a little key (It s all she could export) And all the that she sent Was opened at the Fort. Ø Wireless security 2G/3G/4G, WiFi, M2M 14 7

8 Course Overview: Part 4: Topics in Security Ø Denial-of-service q general concepts, formulations q Pushback q IP traceback find attacker locations q KillBots distinguish flash crowds from DDoS, Bloom filters q new Internet architectures 15 Course Overview: Part 4: Topics in Security Ø Anonymity, End-point hiding Midterm Exam II Ø Digital Pests: Viruses, Buffer overflow, worms Ø Software Defined Networks Ø Firewalls, Intrusion detection (if time permits) No Final Exam 16 8

9 Ø looked at several courses offered elsewhere q Radia Perlman s course at Harvard q security courses offered at U. Delaware, Virginia, Columbia U., Purdue U. Ø those with security experiences please provide your input to the class Ø very hot, constantly evolving field - will need everybody s help Questions, comments,??? 17 9