ENTS 650 - Network Security

• Syllabus
• Glossary
• Project

Topics:

• 25 January: Introduction to Security.
  • Stallings: Chapter 1.
  • Class slides.
  • Common Criteria
  • Recommended Security Controls for Federal Information Systems and Organizations. NIST SP 800-53 rev 3, August 2009. Especially sections 2-3.
  • Richard Kissel, Kevin Stine, Matthew Scholl, Hart Rossman, Jim Fahlsing, and Jessica Gulick. Security Considerations in the System Development Life Cycle. NIST SP 800-64 rev 2, October 2008. Especially section 3.
  • Minimum Security Requirements for Federal Information and Information Systems. FIPS 200, March 2006. Especially section 3.
• 1 February: Introduction to Cryptography.
  • Homework, submitted by email prior to 5:30 on 1 February:
    • Problem 1.1
    • Explain how the principle of least privilege might be applied to the class web page.
  • Stallings: Chapter 2.
  • Dr Lawrie Brown. Lecture Notes for Use with Cryptography and Network Security by William Stallings. Classical Cryptography.
  • Mark Vandenwauver. Introduction to Cryptography.
  • Typical signed and encrypted message.
• 8 February: Secret Key Cryptography; DES and AES; Modes of Operation.
  • Stallings: Chapters 3, 5, and 6.
  • NIST. Advanced Encryption Standard. FIPS 197, November 2001.
• 15 February: No class, organize your group.
• 22 February: Number Theory; Secret Key Cryptography: RSA and Diffie-Hellman; Zero-Knowledge Proofs.
  • Homework, submitted by email prior to 5:30 on 22 February: Problems 5.6, 6.5, 6.8, 8.3.
  • Stallings: Chapters 4.2, 4.3, 8-10.
  • Mod arithmetic slides.
  • Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21,2 (Feb. 1978), 120--126.
  • E. Rescorla. Diffie-Hellman Key Agreement Method. IETF RFC 2631, June 1999.
• 1 March: Public Key Infrastructure (PKI); Cryptographic Hashes; Digital Signature Standard (DSS).
  • Stallings: Chapters 11-14.
  • D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF RFC 5280, May 2008.
  • Dr Lawrie Brown. Lecture Notes for Use with Cryptography and Network Security by William Stallings. Authentication, Hash Functions, Digital Signatures. Includes RSA, DSA, X.509, Needham-Schroeder, Kerberos.
  • NIST. Secure Hash Standard (SHS). FIPS PUB 180-3, October 2008. Includes SHA-1.
  • Quynh Dang. Recommendation for Applications Using Approved Hash Algorithms. NIST SP 800-107, February 2009.
  • NIST. Digital Signature Standard (DSS). FIPS PUB 186-3, June 2009.
  • R. Rivest. The MD5 Message-Digest Algorithm. IETF RFC 1321, April 1992.
• 8 March: Cryptographic Protocols, Kerberos.
  • Homework, submitted by email prior to 5:25 on 8 March: Problems 11.5, 13.2, 15.3, 15.4.
  • Stallings: Chapters 15 and 19.
  • Dr Lawrie Brown. Lecture Notes for Use with Cryptography and Network Security by William Stallings. Authentication, Hash Functions, Digital Signatures. Includes RSA, DSA, X.509, Needham-Schroeder, Kerberos.
  • C. Neuman, T. Yu, S. Hartman, and K. Raeburn. The Kerberos Network Authentication Service (V5). IETF RFC 4120, July 2005.
• 15 March: IPSec. Midterm exam due.
  • Stallings: Chapter 19.
  • S. Kent and K. Seo. Security Architecture for the Internet Protocol. IETF RFC 4301, December 2005.
  • S. Kent. IP Authentication Header. IETF RFC 4302, December 2005.
  • S. Kent. IP Encapsulating Security Payload (ESP). IETF RFC 4303, December 2005.
  • D. Eastlake. Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH). IETF RFC 4305, December 2005.
  • C. Kaufman, Ed. Internet Key Exchange (IKEv2) Protocol. IETF RFC 4306, December 2005.
  • M. Murhammer, T. Bourne, T. Gaidosch, C. Kunzinger, L. Rademacher, and A. Weinfurter. A Comprehensive Guide to Virtual Private Networks, Volume I, Chapter 3: Description of IPSec. IBM Redbook SG24-5201-00, June 1998.
• 22 March: Spring break, no class.
• 29 March: Review midterm exam; TLS (SSL); SSH.
  • Stallings: Chapter 16.
  • T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol. IETF RFC 5246, August 2008.
  • T. Ylonen and C. Lonvick. The Secure Shell (SSH) Protocol Architecture. IETF RFC 4251, January 2006.
  • T. Ylonen and C. Lonvick. The Secure Shell (SSH) Authentication Protocol. IETF RFC 4252, January 2006.
  • T. Ylonen and C. Lonvick. The Secure Shell (SSH) Transport Layer Protocol. IETF RFC 4253, January 2006.
  • T. Ylonen and C. Lonvick. The Secure Shell (SSH) Connection Protocol. IETF RFC 4254, January 2006.
• 5 April: S/MIME, Secure Electronic Transaction, Firewalls.
  • Stallings: Chapter 18.2, 22.
• 12 April: Intrusion Detection, DNSSec.
  • Stallings: Chapter 20.
  • Karen Scarfone and Peter Mell. Guide to Intrusion Detection and Prevention Systems (IDPS). NIST SP 800-94, February 2007.
  • Ramaswamy Chandramouli and Scott Rose. Secure Domain Name System (DNS) Deployment Guide. NIST SP 800-81r1, April 2010.
  • R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. IETF RFC 4033, March 2005.
  • R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. IETF RFC 4034, March 2005.
  • R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS Security Extensions. IETF RFC 4035, March 2005.
• 19 April: Wireless Security, Virtual Machines.
  • Stallings: Chapter 17.
  • Sheila Frankel, Bernard Eydt, Les Owens, and Karen Scarfone. Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i. NIST SP 800-97, February 2007.
  • Class slides.
• 26 April: Software Assurance, Supply Chain Risk Management.
  • Class slides.
  • Department of Homeland Security, National Cyber Security Division. Build Security In.
  • Robert J. Ellison, John B. Goodenough, Charles B. Weinstock, and Carol Woody. Evaluating and Mitigating Software Supply Chain Security Risks. Software Engineering Institute Technical Note CMU/SEI-2010-TN-016, May 2010.
• 3 May: Group presentations.
• Davis, Jonak, and McManuels. Malware.
• Rohan. AES Modes of Operation.
• Mokkarala, Shenoy, and Ved. VoIP Security.
• 10 May: Group presentations.
• Cedeno, Klipstein, and Li. Smart Phone Vulnerabilities.
• Ali. FPGA Implementation of AES.
• Gordon and Vakili. Bluetooth Security.
• 17 May: Final exam, due at 8:15.

Information Security references:

• Cipher. An electronic newsletter from the IEEE Technical Committee on Security and Privacy.
• Annual Computer Security Applications Conference. This site includes past proceedings and an electronic bookshelf.
• Network and Distributed System Security Symposium. This conference publishes their proceedings online.