CIS-5357: Network Security (Fall 2004)

Instructor	Breno de Medeiros (www.cs.fsu.edu/~breno)
Class time/location	TUE/THU 12:30 - 1:45pm, 103 James Love Bldg (LOV)
Office, Office Hours	TUE/THU 1:45 - 3:00pm, 105-D LOV
E-Mail
Phone	(850) 645-2356
Course Web page	www.cs.fsu.edu/~breno/CIS-5357/fall2004/net_sec.html

Announcements

Important announcements about the deadlines for the programming assignment, for the group/individual project final presentation date, and for the final exam have been posted.
This Webpage is the authoritative syllabus for this course. You should check this website often for updates, assignment postings, and announcements.
If you do not have a garnet account you should get one now. The free garnet account can be obtained from Academic Computing and Network Services (ACNS) If you want to read your garnet email on another ISP of your choice, go to ACNS eMail Forwarding make sure that you check your garnet account frequently or have it forwarded to an e-mail account you do check frequently. Important information pertinent to the course will be sent to your garnet account (and posted to this website as an announcement). E-mails sent before 1:45pm on Fridays are considered equivalent to class announcements made the day before, and may include ammendments to assignments and other grade-related material.
Some extra reading assignments will be available through the Library Reserves, as they are copyrighted material that cannot be legally posted in this website.

All Deadlines

TUE 09/28: Midterm exam.
THU 10/07: Project proposal due.
THU 11/11: Assignment due.
TUE 11/16: Project presentations: concept and execution plan.
12/02-08: Project due. (Group presentations by appt)
THU 12/09: Final exam date. Time 3:00-5:00pm. (As mandated by University Policy.)

Java requirement

This course will include programming assignments in Java. If you do not have previous Java experience, be aware that time constraints will not permit coverage of basic Java programming in the course. If you are concerned you may not reach an adequate proficiency level in Java in time to complete your assignments, talk to the instructor. You may have to reconsider your choice of taking this course at this time.

Textbook

Kaufman, Perlman and Speciner. Network Security: Private Communication in a Public World. Prentice Hall, 2nd edition. 2002.

Course expectations and assigned work

Your goals in this course are threefold:

Acquire conceptual understanding of network security issues, challenges and mechanisms. You will learn this by attending class presentations, and by independent reading of the class notes, of the textbook, and of the assigned research paper readings. Your achievement in this area will be assessed through the midterm and final exam, which together comprise 35% of the grade: 15% midterm, 20% final.
Develop basic skills of secure network development through a programming assignment/project. This will be worth a total of 25% of the total course grade.
Employ the acquired understanding and skill in a project of your choosing. The project may either include original design and implementation; empirical observation, measurement and analysis; or theoretical investigation. Any topic related to network security can be chosen. This project must contain an element of originality. The write-up should be of sufficient quality for submission to a workshop in the area. You will give a short presentation of your results to the class. This project corresponds to 35% of your grade.

Attendance and participation in class discussions will contribute 5% of your grade.

Letter grades will be based on numerical grades as follows:

A: 90 - 100
B: 75 - 89
C: 65 - 74
D: 58 - 64
F: 0 - 57

Plus/Minus letter grades will be assigned at the discretion of the instructor.

Slides

The lecture slides are posted here. You may print them and bring them to class and use the margins to keep class notes.

Syllabus slides
08/24: pdf, html
08/31: pdf
09/01: stream ciphers (pdf) and block ciphers (pdf)
09/14: authentication (pdf) and html
09/21: protocols (pdf) and html
10/05: Introduction to public key cryptography (pdf) and html
10/12: The RSA cryptosystem (pdf) and html
10/19: Public Key Infrastructures (pdf)
10/21: Kerberos (pdf)
10/28: SSL (pdf)
11/02: Timing attacks on a SSL implementation
11/04: IPSEC part 1.
11/09: IPSEC part 2.
11/23: firewalls and packet filtering.
11/30: Network Intrusion Detection

Reading Assignments

For Thursday, 08/26:
Victor L. Voydock and Stephen T. Kent. Security Mechanisms in High-Level Network Protocols. In ACM Computing Surveys, (CSUR), vol.15, issue 2, June 1983. Pp. 135--146 (stop before chapter 3). DOI: http://doi.acm.org/10.1145/356909.356913
Textbook, chapter 1, sections 1.3 through 1.7 (including).
For Tuesday, 08/31:
Voydock and Kent (link above). Pp. 146--158 (stop before chapter 6).
Textbook, chapter 2, sections 2.1 -- 2.4. Also do exercise 6 on 2.7.
Textbook, chapter 4, sections 4.1 -- 4.2. Try exercises 2 and 6 on 4.5
For the week of 09/07:
Textbook, chapter 4, section 4.3
Textbook, chapter 11, except for sections 11.1.2, 11.2.3, 11.3.2, 11.3.3. Also try exercises 2, 3, 5, and 7 on pages 288--289.
Roger M. Needham and Michael D. Schroeder. Using Encryption for Authentication in Large Networks of Computers. In Communications of the ACM, Vol. 21, issue 12, December 1978. DOI: http://doi.acm.org/10.1145/359657.359659
For the week of 09/14:
Textbook, chapter 9, sections 9.1 through 9.7.1, and 9.7.4 through 9.8
Assignments, section 9.10, exercises 1 through 3.
Textbook, chapter 10, sections 10.1 through 10.7.
Assignments, section 10.11, exercises 1 and 2.
For the week of 09/21:
M. Abadi and R. Needham. Prudent Engineering Practice for Cryptographic Protocols. IEEE Transactions on Software Engineering, 1996, vol.22, No. 1, pp. 6--15. Find it on Martin Abadi's webpage.
Bill Bryant. Designing an Authentication System: A Dialogue in Four Scenes. Original 1988, added afterword by Theodore Ts'o on changes in Version 5 of the Kerberos protocol in 1997. web.mit.edu/kerberos/www/dialogue.html
G. Steiner, B. Clifford Neuman, and J.I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proceedings of the Winter 1988 Usenix Conference. February, 1988. (Version 4) ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS
For the week of 10/12:
Textbook, chapter 6, sections 6.1 through 6.7.
Assignments, section 6.9, problems 2, 5, 7, 10.
For the week of 10/19:
Assignments, section 6.9, problems 3, 4, and 8.
Textbook, chapter 15.
Assignments, section 15.9, problems 1, 2, 3, 5, and 8.
Textbook, chapter 13.
For the week of 10/26:
Assignments, section 13.13, problems 1, 2. 4.
Textbook, chapter 19.
Assignments, section 19.16, problem 2, section 19.17, problem 3.
For the week of 11/02:
David Brumley and Dan Boneh. Remote Timing Attacks are Practical. 12th Usenix Security Simposium. http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html.
Textbook, chapter 17.
Assignments, section 17.7, problems 1 and 2.
Assignments, section 17.8, problems 1, 2, 5, 6, 7.
For the week of 11/09:
Textbook, chapter 18
Assignments, section 18.8, problems 1, 2, 3, 7, 8.
For the week of 11/23:
D. Brent Chapman. Network (In)security Through IP Packet Filtering. Proceedings of the Third USENIX UNIX Security Symposium. 1992. http://www.greatcircle.com/pkt_filtering.html
For the week of 11/30:
Thomas Ptacek and Timothy Newsham. Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection. http://www.securityfocus.com/data/library/ids.ps
Textbook, chapter 26.
Assignments, section 26.27, problems 1, 2, 3, 4.

Programming Assignment

Description of the assignment.
Extra instructions and code download for the assignment.

Project

The course project will comprise the largest part of your grade. Your deliverables will consist of a project proposal, a preliminary results presentation, and a final project report and presentation.

Project Proposal

You will need to form groups of 2 or 3 members and write a project proposal. (Individual projects are possible, but not encouraged.) The project proposal should include at least four sections:

A title.
List of group members. If the group members will have different responsibilities, please list those.
Project description -- what you intend to do.
References.

The project description itself should be one to two pages. Suitable project topics include any topic related to network security, whether or not covered during the class. If you are unsure whether the topic you picked is appropriate, please contact me before the deadline for project proposal submission: October 7th. The proposal must be typeset, and a paper copy brought to class, while the original e-mailed directly to me. Acceptable file formats are HTML, PDF, and TXT.
The project may take several formats:

Theoretical analysis (suitable for individual project): Critique of algorithms or techniques used in network security, analysis or design of network security protocols, etc. If you choose a theoretical approach, a higher degree of originality. will be expected. Your final deliverable will be in the form of a research paper, suitable for presentation at a workshop.
Implementation (groups only): Implementation of network security protocols and algorithms. Examples of suitable topics are special purpose VPNs, algorithms for security in overlay and ad-hoc networks.
Empirical analysis/simulation: Study the performance of various security measures under different types of threats/attacks. If you are implementing an attack, you must take every measure to ensure it does not present a threat to the Computer Science computing community of the world at large. You need to inform me, and the CS systems group of the techniques you will be employing beforehand. You must ensure that you abide by all the policies that govern use of FSU and CS computing resources during the execution of this project.

Premilinary Results Presentation

On November 16th, you will give a class presentation on your project and intermediate progress you have achieved. You should explain the concept of your project, provide details of your methodology and/or design, and any preliminary results. You should be prepared to answer questions that your classmates or I may have about your project.

Final Report and Presentation

The final deliverable of the project will be a write-up (5-10 pages). You will give a 20-minute presentation or demo of the project, and make an appointment with me during the week of finals to present your project and answer questions: (Dec. 6th-10th).

Policies

I expect students to arrive on-time for the class. Students arriving late for exams will not be allowed extra time to complete their work.

There will be no make-up midterm exam. If you cannot take the midterm exam because of a documented, legitimate condition, the final exam will be substituted for the mid-term grade (and therefore will count for 35% of your grade). Similarly, homework assignment deadlines will not be extended, unless in documented, legitimate situations. Same for the project and presentation deadlines.

An example of adequate documentation of a medical reason for missing an exam is a discharge notice from the Student Health Center.

All students registered in this course (and all courses throughout the University) are bound by the Academic Honor Code. Plagiarism (use of somebody else's work without proper acknowledgment) will not be tolerated.

Honor Code

The Academic Honor System at The Florida State University is based on the premise that each student has the responsibility:

To uphold the highest standards of academic integrity in the student's own work;
To refuse to tolerate violations of academic integrity in the University community, and;
To foster a high sense of integrity and social responsibility on the part of the University community.

A copy of the University Academic Honor Code can be found in the current Student Handbook.

Disabilities Act

Students with disabilities needing academic accommodations should register with and provide documentation to the Student Disability Resource Center (SDRC), and bring a letter from the SDRC to the instructor indicating their needs.This should be done within the first week of class.