ITEC 455: Applied Cryptography and
Network Security
Spring 2010
Dept. of Information Technology
Radford University
Note:
Students: Please use the WebCT site associated with
this course for up to date information as well as to download homework and
lecture notes.
Instructor: Prem Uppuluri
Class timings: 12:30 pm – 1:45 pm,
Tuesday, Thursday.
Office hours: TWR: 2:00 – 3:00 pm, M:
3:00 – 4:00 pm.
Textbooks (Required)
Primary:
1.
[PrivateComm] Network Security PRIVATE Communication in a PUBLIC World, 2nd
Edition, Charlie Kaufman, Radia Perlman and Mike Speciner, ISBN-13: 978-0-13-046019-6, Prentice Hall.
Secondary:
2. [CompleteReference] Network Security The
Complete Reference, Roberta Bragg, Mark Rhodes-Ousley,
Keith Strassberg, ISBN: 0-07-222697-8, McGraw Hills
Osborne.
Other References:
4.
[HACKING] Hacking: The Art of
Exploitation, Jon Erickson, ISBN: 1-59327-007-0
The
course provides a deeper understanding into cryptography, its application to
network security, threats/vulnerabilities to networks and countermeasures.
Attending
classes is strongly encouraged, but there is no direct penalty for not
attending.
Communication
Emails
will be sent to the class email list: ru-itec455-spring-01@radford.edu
. Lecture slides, assignments, solutions, syllabus and other
class-related material will be posted on WebCT. ALL HOMEWORKS MUST BE SUBMITTED USING
WEBCT. EMAIL submissions may not be accepted.
Topic Number |
Topics covered |
Lectures/Required
Readings/Supplementary Readings/Homework high level description. |
0. (~2 weeks) |
Introduction to
Communication Security. 0.1.
Review of Security Policy Development, Security Organization and
Physical Security Issues. 0.2.
Security Plan 0.3.
Primer on Networking 0.4.
Overview of Communication Security Threats (Network mapping, DOS,
Transmission Security threats etc.) and countermeasures. 0.5.
Roles and responsibilities of different personnel in security. 0.6.
Miscellaneous threats: voice security, technical surveillance. |
Lectures Based on: #0.1
Introduction (Chapter 1, Textbook#1) #0.2
Threats and Solutions (Chapter 1, Textbook#3). #0.3
Technical Surveillance Countermeasures Program http://www.fas.org/irp/doddir/dod/i5240_05.pdf #0.4
Data Link Layer Security http://www.javvin.com/networksecurity/NetworkSecurity.html #0.5:
Network Layer Security http://www.javvin.com/networksecurity/NetworkSecurityLayer3.html #0.6:
Transport Layer Security http://www.javvin.com/networksecurity/NetworkSecurityLayer4.html Required Readings (For
Homework): #0.1
ARMY Information Security Programhttp://www.fas.org/irp/doddir/army/ar380-5/ #0.2 Network and
Internet Security, Part III, Textbook#5. #0.3 Risk Analysis and
Defense Models (Chapter 2, Textbook#2) #0.4
Security Policy Development (Chapter 3, Textbook#2).
#0.5
Security Organization (Chapter 4, Textbook#2) #0.6
Physical Security (Chapter 5, Textbook#2) #0.7
Network Mapping (Class lecture notes) #0.8
Disaster Recovery and Business continuity plan (Chapter 27, Textbook #2) #0.9
Chapter 1 – Textbook#3 #0.10CNSS
policies http://www.cnss.gov/policies.html #0.11
Radford University Security Policies and Procedures (http://cio.asp.radford.edu/policy/policy.aspx) Recommended Reading #0.1 Voice Security in Military
Applications (Chapter 3, Textbook#3) #0.2 Telephone Security, (Chapter 4, Textbook#3) Homework(s): Given a network for a fictitious company, perform risk analysis and
apply a defense model. Identify physical security issues and list them. Also
develop security policies and identify the personnel involved as well as
their roles and responsibilities. Network Mapping. |
1. (~4 weeks) |
Applied Cryptography 1.1.
Secret Key Cryptography 1.2.
Public key algorithms 1.3.
Key Management (Key generation, storage, distribution, destruction,
sharing), PKI 1.4.
Authentication Systems and Security Handshake issues 1.5.
Kerberos V5 |
Lectures based on: #1.1
Introduction to Cryptography (Chapter 2, Textbook #1) #1.2
Secret Key Cryptography (Chapter 3, Textbook #1) #1.3
Modes of Operation (Chapter 4, Textbook #1) #1.4
Hashes and Message Digests (Chapter 5, Textbook #1) #1.5
Public Key Algorithms (Chapter 6, Textbook #1) #1.6
Key Management (Chapter 2, Section 2.4 Textbook#3) #1.7
PKI (Chapter 15, Textbook #1) Homework(s): Key Management issues, Authentication Issues. |
2. (~ 2 weeks) |
Authentication Issues 2.1.
Passwords as Cryptographic keys 2.2.
Trusted Intermediaries (Multiple) 2.3.
Security Handshake 2.4.
Kerberos system |
Lectures based on: #2.1 Authentication Systems (Chapter 9, Textbook
#1) #2.2 Security Handshake Pitfalls (Chapter
11, Textbook #2) #2.3 Kerberos v5 (Chapter 13, Textbook #3) Homework (s): Kerberos, Authentication system installation. |
3. (~5-7 weeks) |
Securing Networks 3.1.
SKIP method (CERT) 3.2.
Defense in Depth. 3.3.
Network Device Security 3.4.
Perimeter Security (Firewalls, VPN, IDS) 3.5.
Backups etc. 3.6.
Role based security (DNS, Proxy
servers, Web Servers, IP Telephony, Credit Card, Printers, Faxes 3.7.
Modems/dialup security 3.8.
IPSec, SSL/TLS 3.9.
Transmission/Emission Security Controls. 3.10.
End to end access control 3.11. Wireless and portable device
security 3.12. Electronic Mail Security 3.13: Web Issues |
Lectures based on: #3.1
Network Architecture (Part III, Textbook #2) #3.2
Electronic Protection Measures (Chapter 7, Textbook #2) #3.3
IPSec (Chapter 18, Textbook #1) #3.4
SSL/TLS (Chapter 19, Textbook #1) #3.5
Securing Networks Systematically - the SKiP
method, http://www.cert.org/archive/pdf/SKiP.pdf. #3.6
Modems and Dialup Security (Chapter 10, Textbook#3). #3.7
Access control – Security Management Architecture (Chapter 8, Textbook#2). #3.8:
Virtual Private network Security (Chapter 12, Textbook#2) #3.9: Email security
(Chapter 20, Textbook#1). #3.10:
Wireless network security (Chapter 13, Textbook#2). #3.12:
Role based security (Chapter 16, Textbook#2). #3.13:
Chapter 25, Web Issues Textbook#1. Supplementary Reading (to
enhance an understanding of topics listed above): #3.1
Firewalls (Chapter 23, Textbook #1) #3.2 Application layer security
protocols: Secure Electronic Transactions http://www.informit.com/articles/article.aspx?p=26857.
Secure RPC #3.3
DoDD 8500.1 (https://acc.dau.mil/CommunityBrowser.aspx?id=37475) Homework (s): Perimeter hardening. |
4. (~ 1 week) |
Miscellaneous topics: 4.1.
COMSEC procedures/accounting 4.2.
Incident Response and Forensic Analysis 4.3.
Legals Issues (Laws) 4.4.
Other issues: TRANSEC/EMSEC/TEMPEST. 4.5: IT Asset Management: Hardware and software 4.6:
Recommended reading: Security Compliance Tool: Case study: Tripwire
Enterprise. |
Required Readings
(Lectures cover the material briefly): #4.1 National COMSEC
procedures #4.2
Safeguarding and control of COMSEC Materials (http://www.cnss.gov/Assets/pdf/cnssp_1.pdf) #4.3
COMSEC Briefing (http://www.easc.noaa.gov/Security/webfile/erso.doc.gov/briefings/COMSEC_BRIEFING.pdf #4.4
Incident Response and Forensic Analysis (Chapter 29, Textbook#2) #4.5
The Laws Affecting Information Security Professionals (Chapter 30,
Textbook#2) #4.6
PDS http://www.cnss.gov/Assets/pdf/nstissi_7003.pdf Recommended Readings: #4.6
Smart Card Requirements, TRANSEC/EMSEC/TEMPEST,
presentation at
isis.poly.edu/courses/cs996-management-s2005/Lectures/EMSEC-TEMPEST.ppt #4.7
Reporting Fraud, Waste and Abuse http://www.radford.edu/auditor/reporting.htm #4.8
An (Unofficial) TEMPEST reference: http://www.eskimo.com/~joelm/tempestintro.html
#4.9
EMSEC countermeasures: http://cryptome.org/afssm-7011.htm #4.10:
Internal controls and security. |
|
|
|
I
will accommodate students with disabilities as per the policies and procedures
of the Disability Resource Office (DRO). Please contact the DRO at: https://php.radford.edu/~dro/about_us.php
for more information.
Important: Academic Integrity Policy
The Radford University
honor code (http://www.radford.edu/~ruadmiss/honor.html), provides clear guidelines on what constitutes honesty.
However, often times it is hard to distinguish between collaboration and
cheating. The following guidelines will
help clarify what type of collaboration is allowed or prohibited in t his
course.
Discussion related to understanding a
problem is allowed. Any discussion of the solution is however prohibited.
Though problems may have similar solutions, there are different ways to
formulate the solutions. In fact, in a classroom if students do the assignments
individually, the solutions have differences. Any suspiciously similar
assignments will be considered as copied.
Copying from the
Internet sources (including Wikipedia) is prohibited.
Permitting any
other student to copy your work either willingly or due to improper protection
of your files is prohibited. In case your files are copied without your
permission you must demonstrate that you have taken adequate security measures
to prevent others from viewing or copying them. If you are not sure what
permissions to associate with your files, please contact me – I will be happy
to help. Examples of unacceptable security measures are:
(i)
Printing out your assignments on a lab printer without taking adequate
precautions to reach the printer before some one else
does.
(ii)
Not making your files unreadable to anyone except yourself.
Finally, the library has a
good tutorial on the academic dishonesty policy at the following URL: http://lib.radford.edu/tutorial/X/index.asp
Please take the time to read this tutorial.