ITEC 455: Applied Cryptography and Network Security

Spring 2010

Dept. of Information Technology

Radford University


Note: Students: Please use the WebCT site associated with this course for up to date information as well as to download homework and lecture notes.



Instructor/Class timings

Schedule/List of topics and readings

Textbooks (Primary and secondary)


Academic integrity policy

Disability Resources


Attendance Policy




Instructor: Prem Uppuluri

Class timings: 12:30 pm – 1:45 pm, Tuesday, Thursday.

Office hours: TWR: 2:00 – 3:00 pm, M: 3:00 – 4:00 pm.



Textbooks (Required)


1.       [PrivateComm] Network Security PRIVATE Communication in a PUBLIC World, 2nd Edition, Charlie Kaufman, Radia Perlman and Mike Speciner, ISBN-13: 978-0-13-046019-6, Prentice Hall.


2.        [CompleteReference] Network Security The Complete Reference, Roberta Bragg, Mark Rhodes-Ousley, Keith Strassberg, ISBN: 0-07-222697-8, McGraw Hills Osborne.

  1.  [SecureComm] Secure Communication, Roger Sutton, John Wiley and Sons ISBN-13: 978-0471499046


Other References:

4.       [HACKING] Hacking: The Art of Exploitation, Jon Erickson, ISBN: 1-59327-007-0

  1. [PracticalUNIX] Practical UNIX and Internet Security, 3rd Edition, Simson Garfinkel, Gene Spafford and Alan Schwartz., O’Reilly publishing, ISBN-13: 978-0-596-00323-4.
  2. Securing Networks Systematically  - the SKiP method,



Evaluation (Tentative):



Course Objectives

The course provides a deeper understanding into cryptography, its application to network security, threats/vulnerabilities to networks and countermeasures.



Attending classes is strongly encouraged, but there is no direct penalty for not attending.



Emails will be sent to the class email list: . Lecture slides, assignments, solutions, syllabus and other class-related material will be posted on WebCT. ALL HOMEWORKS MUST BE SUBMITTED USING WEBCT. EMAIL submissions may not be accepted.




List of topics/Schedule

Topic Number

Topics covered

Lectures/Required Readings/Supplementary Readings/Homework high level description.



(~2 weeks)

Introduction to Communication Security.

0.1.            Review of Security Policy Development, Security Organization and Physical Security Issues.

0.2.            Security Plan

0.3.            Primer on Networking

0.4.            Overview of Communication Security Threats (Network mapping, DOS, Transmission Security threats etc.) and countermeasures.

0.5.            Roles and responsibilities of different personnel in security.

0.6.            Miscellaneous threats: voice security, technical surveillance.




Lectures Based on:

#0.1 Introduction (Chapter 1, Textbook#1)

#0.2 Threats and Solutions (Chapter 1, Textbook#3).

#0.3 Technical Surveillance Countermeasures Program

#0.4 Data Link Layer Security

#0.5: Network Layer Security

#0.6: Transport Layer Security



Required Readings (For Homework):

#0.1 ARMY Information Security Program

#0.2 Network and Internet Security, Part III, Textbook#5.

#0.3 Risk Analysis and Defense Models (Chapter 2, Textbook#2)

#0.4 Security Policy Development (Chapter 3, Textbook#2).

#0.5 Security Organization (Chapter 4, Textbook#2)

#0.6 Physical Security (Chapter 5, Textbook#2)

#0.7 Network Mapping (Class lecture notes)

#0.8 Disaster Recovery and Business continuity plan (Chapter 27, Textbook #2)

#0.9 Chapter 1 – Textbook#3

#0.10CNSS policies

#0.11 Radford University Security Policies and Procedures (


Recommended Reading

#0.1 Voice Security in Military Applications (Chapter 3, Textbook#3)

#0.2 Telephone Security, (Chapter 4, Textbook#3)


Homework(s): Given a network for a fictitious company, perform risk analysis and apply a defense model. Identify physical security issues and list them. Also develop security policies and identify the personnel involved as well as their roles and responsibilities. Network Mapping.







(~4 weeks)

Applied Cryptography

1.1.            Secret Key Cryptography

1.2.            Public key algorithms

1.3.            Key Management (Key generation, storage, distribution, destruction, sharing), PKI

1.4.            Authentication Systems and Security Handshake issues

1.5.            Kerberos V5



Lectures based on:

#1.1 Introduction to Cryptography (Chapter 2, Textbook #1)

#1.2 Secret Key Cryptography (Chapter 3, Textbook #1)

#1.3 Modes of Operation (Chapter 4, Textbook #1)

#1.4 Hashes and Message Digests (Chapter 5, Textbook #1)

#1.5 Public Key Algorithms (Chapter 6, Textbook #1)

#1.6 Key Management (Chapter 2, Section 2.4 Textbook#3) 

#1.7 PKI (Chapter 15, Textbook #1)


Homework(s): Key Management issues, Authentication Issues.



(~ 2 weeks)

Authentication Issues

2.1.            Passwords as Cryptographic keys

2.2.            Trusted Intermediaries (Multiple)

2.3.            Security Handshake

2.4.            Kerberos system




 Lectures based on:

 #2.1 Authentication Systems (Chapter 9, Textbook #1)

 #2.2 Security Handshake Pitfalls (Chapter 11, Textbook #2)

 #2.3 Kerberos v5 (Chapter 13, Textbook #3)



Homework (s): Kerberos, Authentication system installation.



(~5-7 weeks)

Securing Networks

3.1.            SKIP method (CERT)

3.2.            Defense in Depth.

3.3.            Network Device Security

3.4.            Perimeter Security (Firewalls, VPN, IDS)

3.5.            Backups etc.

3.6.            Role based security (DNS,  Proxy servers, Web Servers, IP Telephony, Credit Card, Printers, Faxes

3.7.            Modems/dialup security

3.8.            IPSec, SSL/TLS

3.9.            Transmission/Emission Security Controls.

3.10.        End to end access control

3.11. Wireless and portable device security

3.12. Electronic Mail Security

3.13: Web Issues


Lectures based on:

#3.1 Network Architecture (Part III, Textbook #2)

#3.2 Electronic Protection Measures (Chapter 7, Textbook #2)

#3.3 IPSec (Chapter 18, Textbook #1)

#3.4 SSL/TLS (Chapter 19, Textbook #1)

#3.5 Securing Networks Systematically  - the SKiP method,

#3.6 Modems and Dialup Security (Chapter 10, Textbook#3).

#3.7 Access control – Security Management Architecture (Chapter 8, Textbook#2).

#3.8: Virtual Private network Security (Chapter 12, Textbook#2)

#3.9: Email security (Chapter 20, Textbook#1).

#3.10: Wireless network security (Chapter 13, Textbook#2).

#3.12: Role based security (Chapter 16, Textbook#2).

#3.13: Chapter 25, Web Issues Textbook#1.

Supplementary Reading (to enhance an understanding of topics listed above):

#3.1 Firewalls (Chapter 23, Textbook #1)

#3.2 Application layer security protocols: Secure Electronic Transactions Secure RPC

#3.3 DoDD 8500.1 (


Homework (s): Perimeter hardening.



(~ 1 week)

Miscellaneous topics:

4.1.            COMSEC procedures/accounting

4.2.            Incident Response and Forensic Analysis

4.3.            Legals Issues (Laws)

4.4.            Other issues: TRANSEC/EMSEC/TEMPEST.

4.5:  IT Asset Management: Hardware and software

4.6: Recommended reading: Security Compliance Tool: Case study: Tripwire Enterprise.

Required Readings (Lectures cover the material briefly):

#4.1 National COMSEC procedures

#4.2 Safeguarding and control of COMSEC Materials (

#4.3 COMSEC Briefing (

#4.4 Incident Response and Forensic Analysis (Chapter 29, Textbook#2)

#4.5 The Laws Affecting Information Security Professionals (Chapter 30, Textbook#2)

#4.6 PDS


Recommended Readings:

#4.6 Smart Card Requirements, TRANSEC/EMSEC/TEMPEST, presentation at

#4.7 Reporting Fraud, Waste and Abuse

#4.8 An (Unofficial) TEMPEST reference:

#4.9 EMSEC countermeasures:

#4.10: Internal controls and security.






Disability resources


I will accommodate students with disabilities as per the policies and procedures of the Disability Resource Office (DRO). Please contact the DRO at: for more information.


Important: Academic Integrity Policy


The Radford University honor code (, provides clear guidelines on what constitutes honesty. However, often times it is hard to distinguish between collaboration and cheating.  The following guidelines will help clarify what type of collaboration is allowed or prohibited in t his course.

      Discussion related to understanding a problem is allowed. Any discussion of the solution is however prohibited. Though problems may have similar solutions, there are different ways to formulate the solutions. In fact, in a classroom if students do the assignments individually, the solutions have differences. Any suspiciously similar assignments will be considered as copied.

      Copying from the Internet sources (including Wikipedia) is prohibited.

      Permitting any other student to copy your work either willingly or due to improper protection of your files is prohibited. In case your files are copied without your permission you must demonstrate that you have taken adequate security measures to prevent others from viewing or copying them. If you are not sure what permissions to associate with your files, please contact me – I will be happy to help. Examples of unacceptable security measures are:

(i)                   Printing out your assignments on a lab printer without taking adequate precautions to reach the printer before some one else does.

(ii)                 Not making your files unreadable to anyone except yourself.


Finally, the library has a good tutorial on the academic dishonesty policy at the following URL: Please take the time to read this tutorial.