Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

703902 Computer Network Security 712908 Computer and network

advertisement 
703902 Computer Network Security
712908 Computer and network Security Management
Course Description
Course Coordinator: Prof. Reuven Aviv, reuvenaviv@gmail.com
Prerequisite: 703901 Data Networking
1. Introduction
This course focuses on deep understanding of the algorithms and techniques used to overcome potential
security threats to computer network systems in both closed organizations and in open networked
environment like the Internet. Topics covered are described in section 4, 5, and 6.
2.
Goals:
By successfully passing this course you will:
a. Recognize the internal working of security protocols and systems, their design considerations,
and the way they are employed in organizations and in the Internet.
b. Have deep understanding of application level attacks and defense mechanism against them
c. Able to learn and master security topics in now being researched
The first goal will be achieved by class discussions and solving and submitting problem-sets. The second
goal will be achieved by submitting Attack Code Analysis Report. The third goal will be achieved by
Research Project, which will include submission of Research Report and Presentation in class.
3. Final Mark
The final mark will consist of the following components:
a. 15% Active participation in class discussions
b. 15% problem-sets (2 or 3)
c. 15% Attack code analysis report (will be done by teams of 2)
d. 15% Research Project – Research Report and Presentation (will be done by teams of 2)
e. 15% Term Test
f.
25% Final Exam
1
4. Class Discussions
Topics to be discussed include:
PART 1: FOUNDATION
a. Introduction – Attacks, Risks and defense
b. Introduction to Buffer Overflow attack – code construction and analysis1
c. Introduction to Classic cryptography, Encryption schemes
d. Introduction to Public Key cryptography, hash systems, digital signature, key distribution
e. The Public Key Infrastructure, certificates
PART 2: PROTOCOLS
f.
Security with Strong Password Protocols
g. Securing Web and other Internet applications – the SSL protocol
h. Securing Intra organization services with KERBEROS
i.
Securing Internet Access with IPSEC, Virtual Private Networks
j.
Securing electronic mail with PGP
PART 3: SYSTEM WIDE SECURITY
k. Security at the Operating System level – SE Linux
l.
Firewalls
m. Multi-layer security – SAFE
5. Attack Code Analysis Report
This report (4-5) pages, done in teams of 2 students each, will summarize coding techniques used
in one of the most dangerous attacks - the Buffer Overflow Attack - over a network, and methods
of defense against them. The report will be based on careful reading of code examples (parts of
the code are in Assembly language). Students have to identify the main issues that an attacker has
to solve, the methods an attacker uses to solve them, the issues a defender has to solve, and
methods used to solve them. Pointers to relevant literature are listed in section 10.
1
You will have to refresh your knowledge of the basics (not details) of Assembly Language to understand this topic.
2
6. Research Projects
Research Projects are done in teams of 2 students each. Students have to study a particular topic
from the literature, summarize it in a Word or PDF report of 4-5 pages, and make a 45 min
presentation (15 slides) in class on one sub-topic. Students have to identify the main problems
dealt with in the topic, and their solutions. The report will deal with technical issues, not cultural
or social. Suggested topics and sub-topics are listed in the table below. Students can suggest other
topics and sub-topics. Relevant literature should be searched for in the Internet.
7.
Sub-topic (To be presented in class)
Topic (to be reported in writing)
Fingerprints
Biometric Authentication
Octopus Card
Smart Cards
Nimda
Viruses
Back Orifice
Trojan Horses
Steghide
Steganography
Group Signing
Group Signature
snort
Intrusion Detection
DigiCash
Electronic Payments
WAP or WPA or EPA
Wireless Security
Java Security Manager Class
Java Security Model
Achilles Man in the Middle
Proxy Servers
NBTScan
Netbios Vulnerabilities
Fiat-Shamir Protocol
Zero Knowledge Protocols
BB84 Protocol for key exchange
Quantum Cryptography
SIS Model
Virus Propagation Models
Submission:
Problem Sets must be submitted, individually, in writing (not via electronic mail) to the Course
Coordinator. Note that these docs might have formulas there, so handwritten documents are OK.
3
Clear handwriting is mandatory – remember that the course coordinator must read these
documents!. The name of the student subitting the problem-set must be written at the top of the
document. Submission dates will be published elsewhere.
Attack Code Analysis Report file (submitted by a team of 2) must have the students full names at
the top of the file. The file must be in WORD or PDF format, sent via electronic mail to the
course coordinator. The name of the file must be a concatenation of the Fist Names of the two
students and the string CodeAnalysis (e.g. John-Rebbeca-CodeAnalysis.pdf). The subject line
of the email must be identical to the name of the file concatenated with KMUTNB (e.g.
KMUTNB-John-Rebbeca-CodeAnalysis.pdf)
Research report and Research Presentation files (submitted by teams of 2) must have the
students full names at the top of the files. The files (WORD or PDF, and PPT, respectively) must
be sent together as an attached ZIP file via electronic mail to the course coordinator. The name of
the file must be a concatenation of the Fist Names of the two students and the name of the Topic
(e.g. John-Rebbeca-Steganography.zip). The subject line of the email must be identical to the
name of the zip file concatenated with KMUTNB (e.g. KMUTNB-John-RebbecaSteganography.zip)
8. Authenticity Policy
All written materials in the assignments, project report, research report and,
presentation, term test and final exam must be original. Cut & Paste are strictly
forbidden and will not be tolerated.
Figures from publicly available sources (but not from other students works) can be
used; each must have a full reference.
Failing to follow this policy will lead to a failure in the course and also to
administrative actions
9. Term Test and Final Exam
The schedule of the Term Test and the Final Exam will be published elsewhere. Term test and
Final Exam are open book. Students are allowed to bring any written or printed material to the
examination room.
4
10.Literature
The main source for topics discussed in class could be any one of the
textbooks a, b, c listed below2:
a. W. Stallings: Cryptography and Network Security Prentice Hall, New Jersey.
b. W. Stallings: Network Security Essentials, Prentice Hall, New Jersey.
c. C. Kaufman, R. Perlman, M. Speciner: Network Security: Private Communication in a public
world, Addison Wesley
Schnier’s book is “the bible” on cryptography
d. B. Schnier: Applied Cryptography, Wiley, New York
Resources for the Attack Code Analysis Report are listed below
Aleph One: Smashing the stack for fun and profit http://insecure.org/stf/smashstack.html
Smiler: The art of writing Shell Code http://www.phiral.net/other/art-shellcode.txt
Cowan: Protecting Systems from Stack Smashing Attacks
http://www.cs.jhu.edu/~rubin/courses/sp03/papers/stackguard.pdf
with
StackGuard.
Resources for the Research Projects should be looked at the Internet.
2
Textbook b is a part of textbook a. For the purpose of this course textbook b is sufficient. Textbook a includes an
expanded discussion on cryptography, beyond what is covered in this course
5
Related documents
plaintext version
plaintext version
Syllabus - החוג למדעי המחשב
Syllabus - החוג למדעי המחשב
Abstract: Chen-Mou Cheng, Post
Abstract: Chen-Mou Cheng, Post
Course outline Data security and Cryptography
Course outline Data security and Cryptography
Tutorial 3 - Prince Sultan University
Tutorial 3 - Prince Sultan University
CS 2813 - Loyola College
CS 2813 - Loyola College
Side-Channel Resistant Cryptography on FPGAs
Side-Channel Resistant Cryptography on FPGAs
COURSES OFFERED IN FOREIGN LANGUAGES
COURSES OFFERED IN FOREIGN LANGUAGES
MATH 404, Discrete Math and Cryptography Fall 2005
MATH 404, Discrete Math and Cryptography Fall 2005
Download
advertisement