ENEE 757: Security in Distributed Systems and Networks

UMCP ENEE 757 Indepth Course Description The course will cover the following topics of security in distributed computer systems and networks:

  1. Security threats in computer networks and countermeasures;

    Attacks that lead to unauthorized release of information (e.g., message contents, traffic analysis), to modification of information (e.g., message contents, message sequencing), and to denial of service (e.g., message delay, destruction) will be analyzed. Countermeasures will be presented in the context of specific communication protocols.

  2. Communication security and basic encryption techniques;

    Communication security techniques based on encryption will be presented. Symmetric and asymmetric encryption techniques will be discussed including examples such as the Data Encryption Standard and the RSA public-key cryptosystem. Encryption modes will also be covered including stream and block encryption, and cipher-block chaining.

  3. Authentication protocols;

    Message origin and mutual authentication protocols will be presented and analyzed. Third-party and inter-realm authentication protocols will be discussed. Different policies for inter-realm authentication will also be presented. Authentication of mobile users crossing different realms will be illustrated and current standard protocols discussed. Examples of practical authentication systems such as Kerberos, OSF DCE, DEC Taos, and the X.509 framework will be discussed. Authentication protocol flaws and their remedies will be illustrated.

  4. Data confidentiality and integrity;

    Requirements for data confidentiality and integrity will be presented. Several confidentiality and integrity protocols will be discussed, including those of Kerberos, OSF DCE, and the internet Privacy-enhanced Electronic Mail. Integrity flaws of the analyzed protocols will be illustrated. Remedies for these flaws will be presented.

  5. Analysis of cryptographic protocols

    Formal analysis of authentication protocols and message integrity includes the use of modal logics and state-machine models. We present two logics for authentication and one for message integrity analysis, and discuss their advantages and limitations. The use of these logics and models in the analysis of cryptographic protocols is illustrated.

  6. Access Control

    Access control problems in centralized systems will be reviewed. The added complexities of access control in in distributed systems and networks will be presented. Examples of different access control policies including those implemented in firewalls, object managers of different applications, and multilevel secure systems will be discussed.

  7. Case studies

    Case studies will include MIT's Kerberos V5, OSF's DCE, SUN's Java, Netscape's Secure Socket Layer (SSL) protocols, Microsoft's Internet Security Framework, and Secure Electronic Transaction (SET) protocols.

Prerequisites

ENEE 647; and permission of instructor.

Optional

Programming project using the Kerberos authentication system.