ENEE 757: Security in Distributed Systems and Networks
UMCP ENEE 757 Indepth Course Description
The course will cover the following topics of security in distributed
computer systems and networks:
- Security threats in computer networks and
Attacks that lead to unauthorized release of information (e.g., message
contents, traffic analysis), to modification of information (e.g.,
message contents, message sequencing), and to denial of service (e.g.,
message delay, destruction) will be analyzed. Countermeasures will be
presented in the context of specific communication protocols.
- Communication security and basic encryption
Communication security techniques based on encryption will be presented.
Symmetric and asymmetric encryption techniques will be discussed including
examples such as the Data Encryption Standard and the RSA public-key
cryptosystem. Encryption modes will also be covered including
stream and block encryption, and cipher-block chaining.
- Authentication protocols;
Message origin and mutual authentication protocols will be presented and
analyzed. Third-party and inter-realm authentication protocols will be
discussed. Different policies for inter-realm authentication will also
be presented. Authentication of mobile users crossing different realms
will be illustrated and current standard protocols discussed.
Examples of practical authentication systems such as Kerberos, OSF DCE,
DEC Taos, and the X.509 framework will be discussed.
Authentication protocol flaws and their remedies will be illustrated.
- Data confidentiality and integrity;
Requirements for data confidentiality and integrity will be presented.
Several confidentiality and integrity protocols will be discussed,
including those of Kerberos, OSF DCE, and the internet Privacy-enhanced
Integrity flaws of the analyzed protocols will be illustrated. Remedies
for these flaws will be presented.
- Analysis of cryptographic protocols
Formal analysis of authentication protocols and message integrity
includes the use of modal logics and state-machine models. We present
two logics for authentication and one for message integrity analysis,
and discuss their advantages and limitations. The use of these
logics and models in the analysis of cryptographic protocols is
- Access Control
Access control problems in centralized systems will be reviewed. The added
complexities of access control in in distributed systems and networks
will be presented. Examples of different access control policies including
those implemented in firewalls, object managers of different applications,
and multilevel secure systems will be discussed.
- Case studies
Case studies will include MIT's Kerberos V5, OSF's DCE, SUN's Java,
Netscape's Secure Socket Layer (SSL) protocols, Microsoft's Internet Security
Framework, and Secure Electronic Transaction (SET) protocols.
ENEE 647; and permission of instructor.
Programming project using the Kerberos authentication system.