Syllabus - C653

20-ECES-653, Section 001

Network Security

Fall, 2007

Meets: T/Th in Baldwin 645, 9:30-10:45PM.

Instructor: John Franco

Office: 821 Rhodes (Office Hours: T/Th 11:00-12:00AM)

Phone: 556-1817

Email: franco@gauss.ececs.uc.edu (among other things for an account on helios)

Web: http://gauss.ececs.uc.edu/Courses/C653.html for the course page

Grader: Xxxx Xxxxxxx (Office: XX x:00-x:00 ERC xxx)

Description:

Treats current concerns, trends, and techniques to insure security and safety of data on computers and over networks. Topics include PGP, RSA, Diffie-Hellman, Authentication, Integrity, Confidentiality, Denial of Service, Security Policy Enforcement and management techniques, Symmetric Keys, Public Keys, IPSec, formal methods. A chief systems architect at MicroSoft said: "I am so proud of my boys, there is nothing that you security guys throw at us that they cannot get around." Of course, there are over 50,000 computer viruses which are designed to attack MicroSoft products. If a MS engineer can get around security, then so can a computer virus. And of course if you are vulnerable to computer viruses, then you have no security.

There will be a class team project instead of final exam. If a team's project can be attacked by a computer virus or a Trojan horse, or if team secrets can be stolen, or modified, then that team fails the class. It is hoped that every one fails the exercise, learns from it, and passes the project with flying colors. Computer security is always a team sport.

Prerequisites:

The usual programming courses that a senior will have taken including 20-ECES-229 and 15-MATH-263. The student is expected to know what Object Oriented Programming is and is expected to have significant programming experience in OOP, especially using C++.

Grading (approx):

Distribution of credit: Midterm exam - 30%; Homework - 30%; Project - 40%. Grades are assigned on an informal "curve". Homeworks may not raise your course grade more than one letter grade, and if you fail the project you fail the course. The project will be assigned by the middle of the quarter and will be due on the last day of class of this quarter. When it becomes finalized and available, the project will appear on the official course home page.

Reading Materials:

"Network Security: Private Communication in a Public World", Kaufman, Perlman & Speciner, 2nd Edition, 2002 (Official text for the course).
"IPSec: the new security standard for the Internet, intranets, and virtual private networks" Doraswamy, Neganand, 1999.
"Cryptography and Data Security", Denning, 1982.
"Network and Internetwork Security", William Stallings, 1995.
"Building Internet Firewalls" Chapman & Zwicky, 1995.

"The Rijndael Block Cipher", Daemen & Rijmen.
"Password Security: A Case History", Robert Morris and Ken Thompson, CACM Nov.1979, Vol. 22, Num. 11.
"UNIX Password Security - Ten Years Later", David Feldmeier and Philip Karn, Crypto89
"The Keyed-Hash Message Authentication Code (HMAC)"

Accounts:

You will have the opportunity to get an account on my machine. You must request an account from me by sending email to franco@gauss.ececs.uc.edu. It might be convenient to specify a desired account name which matches that of a machine you have access to. You will also have your normal university accounts. However, note that unless you do something to protect it, all students and most faculty have access to your department account. For the sake of efficiency, I will wait until I have received quite a few requests before setting up accounts. The first batch will probably be ready after the first weekend.

The name of the machine holding the account is helios.ececs.uc.edu.

Homework Policy:

Up to five homeworks may be assigned this quarter. It is expected that most if not all of these will be rigorously graded. It is hoped that the student will be self-motivated and complete all the assignments for his/her own benefit.
Solutions will be graded on a scale of 0-10 by the grader.
Solutions to assignments must be completed no later than two weeks after the assignment is given. No credit will be given for late solutions. No solutions will be accepted after the last day of class (just before finals commence).
Of course, students may discuss homework assignments with each other, may write solutions together, copy, or cheat in any way they can think of (except on the exams or any other graded component of the course). However, it is customary that any significant help from another student or book should be acknowledged in a comment when you ask me to review what you have.

Schedule: (approximate, SUBJECT TO CHANGE)

Week Class Material Reading (Kaufman...)
1 Introduction: Firewalls, Viruses, Hashes, Message Digests, etc. Chapters 1, 2
2 Cryptography: Secret Key Algorithms (DES...) Chapters 3, 4
3 Cryptography: Hashes and Message Digests Chapters 4, 5
4 Cryptography: Public Key Algorithms: (RSA,...) Chapters 5, 6
5 Crypto Math, Authentication, Handshake Pitfalls Chapters 7,9-12
6 Review and Exam -
7 Kerberos/PKI Chapters 13, 14, 15
8 IPSec+IKE Chapters 17, 18 + notes
9 SSL/TLS Chapter 19
10 PEM, PGP, GPG, etc. Chapters 20-22

Week	Class Material	Reading (Kaufman...)
1	Introduction: Firewalls, Viruses, Hashes, Message Digests, etc.	Chapters 1, 2
2	Cryptography: Secret Key Algorithms (DES...)	Chapters 3, 4
3	Cryptography: Hashes and Message Digests	Chapters 4, 5
4	Cryptography: Public Key Algorithms: (RSA,...)	Chapters 5, 6
5	Crypto Math, Authentication, Handshake Pitfalls	Chapters 7,9-12
6	Review and Exam	-
7	Kerberos/PKI	Chapters 13, 14, 15
8	IPSec+IKE	Chapters 17, 18 + notes
9	SSL/TLS	Chapter 19
10	PEM, PGP, GPG, etc.	Chapters 20-22