CS 1653 Syllabus

CS 1653: Applied Cryptography and Network Security

Spring 2008

-- Course Syllabus --

Instructor: Prof. José Carlos Brustoloni (jcb@cs.pitt.edu)

-- Classes: SENSQ 5129 – M W 4:30 – 5:45 p.m.

-- Office hours: SENSQ 6111 – T W H F 12:00 – 1:00 p.m.

Teaching Assistant: Ricardo Villamarin (rvillsal@cs.pitt.edu)

-- Office hours: SENSQ 5506 (LCNSI) – M 2 – 3:30 p.m. and F 4:30 – 6:00 p.m.

Course objectives

The goal of this course is to provide students the necessary conceptual background and hands-on experience to understand the most common cryptographic algorithms and protocols and how to use them to secure distributed applications and computer networks.

Pre-requisites

CS 449 (CoE 449) (Introduction to Systems Software)

CS 1501 (CoE 1501) (Algorithms Implementation)

Topics

1. Introduction

i. Primer on networking

ii. Sockets

iii. Attack types

iv. Defense objectives

v. SSH

2. Cryptographic primitives

i. Secret-key cryptography

ii. Public-key cryptography

iii. Hash algorithms

iv. Cryptographic attacks

3. Hashes

i. MD5

ii. SHA-1

4. User authentication

i. Passwords

ii. Tokens

iii. Biometrics

5. Secret-key cryptography

i. DES and 3DES

ii. AES

iii. RC4

6. Modes of operation

i. ECB

ii. CBC

iii. OFB

iv. CFB

v. CTR

vi. MACs and HMAC

7. Public-key cryptography

i. Modular arithmetic

ii. RSA

iii. PKCS

iv. Diffie-Hellman

v. DSS

8. Number theory, groups, and fields

i. Primes

ii. Euclid’s algorithm

iii. Chinese remainder theorem

iv. Euler’s theorem

v. Groups and fields

vi. Analysis of AES

9. Authentication

i. KDCs

ii. Needham-Schroeder

iii. Otway-Rees

iv. CAs

v. Certificate revocation

vi. Session key establishment

vii. Handshake pitfalls

10. SSL/TLS

i. Record protocol

ii. Handshake protocol

11. IPsec

i. Tunnel and Transport modes

ii. SAD and SPD

iii. AH

iv. ESP

v. IKE

12. PKI

i. X.509

ii. CRLs

13. Kerberos

14. Firewalls

15. PGP

Required textbook

· Kaufman, R. Perlman, and M. Speciner, “Network Security: Private Communication in a Public World,” 2^nd ed., Prentice Hall, ISBN 0-13-046019-2

Other recommended books, freely available online from Pitt’s library (http://pittcat.pitt.edu/)

· "SSH, the Secure Shell: The Definitive Guide" 2nd ed., by D. Barrett, R. Silverman, R. Byrnes, O'Reilly, 2005

· "Network Security with OpenSSL" by J. Viega, M. Messier, P. Chandra, O'Reilly, 2002

· "Demystifying the IPsec Puzzle" by S. Frankel, Artech House, 2001

· "Firewalls and Internet Security: Repeling the Wily Hacker" 2nd ed., by W. Cheswick,S. Bellovin, and A. Rubin, Addison Wesley, 2003

Experiments

Students will perform experiments in the Laboratory for Computer Network Security Instruction (SENSQ 5506). Experiments provide students hands-on instruction on how to secure computer applications and networks. In the experiments, students alternate between the roles of computer user, programmer, and system administrator. The experiments cover:

1. Password-based authentication, eavesdropping attacks, and application-layer defense with SSH

2. Dictionary attacks and defense with CrackLib and salting

3. Transport-layer defense with SSL

4. Man-in-the-middle attacks and certificate-based defense; setting up a simple certifying authority

5. Port-scanning and fingerprinting attacks and defense with firewalls and IPsec

Homework

Problems from the textbook will be assigned as homework. Collaboration among students for solving these problems is fine, but each student’s submission must be his or her own. Students will receive credit for turning in their solutions (handwritten or hardcopy) at the beginning of the class on the due date (no email or mailbox, please). Student submissions will not be individually graded, but preparing them is good practice for the exams. The instructor will solve the problems in class. Students may earn extra points by contributing to the solution or making insightful related questions in class.

Grading

20% first midterm exam

20% second midterm exam

20% final exam

7% each of 5 experiments (total 35%)

5% homework

Calendar

(Note: Subject to change)

Date	Topic	Readings	Homework problems
1/7	Introduction	1.2, 1.3, 1.4, 1.6, 1.8, 2
1/9	Primer on networking	1.5, 1.7
1/14	Authentication of people	9.1, 10
1/16	Secret-key cryptography	3.1, 3.2, 3.3, 4.4-4.4.1.3
1/21	(Martin Luther King day)
1/23	” , sockets, SSH	3.5, 3.6, slides	2.2, 2.3, 2.5, 2.6
1/28	Modes of operation	4.1-4.3, 4.4.2	3.8, 3.11, 3.12
1/30	Hashes	5.1, 5.2, 5.5, 5.6, 5.7	4.1, 4.2, 4.4, 4.6
2/4	Public-key cryptography	6.1-6.3	5.4, 5.6, 5.19
2/5	(Experiment 1 due 10 p.m.)
2/6	”	6.4-6.6	6.2, 6.3, 6.4
2/11	(Midterm 1)		Review: 3.1, 3.3, 3.4, 3.9, 3.14, 5.1, 5.2, 5.12
2/13	Number theory	7	6.5, 6.6
2/18	Math with AES	8.1-8.5	7.1, 7.2
2/20	Overview of authentication systems	9.2-9.9
2/21	(Experiment 2 due 10 p.m.)
2/25	Security handshake pitfalls	11	9.1, 9.2
2/27	Real-time communication security	16, slides	11.2, 11.3, 11.4
3/3	SSL/TLS	19	11.5, 11.6, 11.7
3/5	PKI	15	11.8, 11.11
3/10	(Spring Break)
3/12	(Spring Break)
3/17	IPsec	17, 18	11.12, 11.13
3/18	(Experiment 3 due 10 p.m.)
3/19	Firewalls	23	17.1, 17.3, 17.4, 17.5
3/24	Web security	25	17.7, 18.2, 18.7, 18.8
3/26	(Midterm 2)
3/31	LAN security: 802.1x, PAP, CHAP, EAP, RADIUS	Slides
4/2	Wireless security: WEP, captive portals, WPA, 802.11i	Slides
4/3	(Experiment 4 due 10 p.m.)
4/7	Strong password protocols	12
4/9