CS 1653: Applied Cryptography and Network Security

Spring 2009

 

-- Course Syllabus --

 

Instructor: Prof. José Carlos Brustoloni (jcb@cs.pitt.edu)

-- Classes: SENSQ 6110 – M W 3:00 – 4:15 p.m.

-- Office hours: SENSQ 6111   M W 11:15 a.m. – 12:45 p.m. and 2:30 – 3 p.m.

Teaching Assistant: Miao Zhou (miaozhou@cs.pitt.edu)

-- Office hours: SENSQ 5506 (LCNSI) – T H 3:00 – 4:30 p.m.

 

Course objectives

 

The goal of this course is to provide students the necessary conceptual background and hands-on experience to understand the most common cryptographic algorithms and protocols and how to use them to secure distributed applications and computer networks.

 

 

Pre-requisites

CS 449 (CoE 449) (Introduction to Systems Software)

CS 1501 (CoE 1501) (Algorithms Implementation)

 

 

Topics

 

1.      Introduction

                           i.      Primer on networking

                         ii.      Sockets

                        iii.      Attack types

                       iv.      Defense objectives

                         v.      SSH

 

2.      Cryptographic primitives

                           i.      Secret-key cryptography

                         ii.      Public-key cryptography

                        iii.      Hash algorithms

                       iv.      Cryptographic attacks

 

3.      Hashes

                           i.      MD5

                         ii.      SHA-1

 

4.      User authentication

                           i.      Passwords

                         ii.      Tokens

                        iii.      Biometrics

 

5.      Secret-key cryptography

                           i.      DES and 3DES

                         ii.      AES

                        iii.      RC4

 

6.      Modes of operation

                           i.      ECB

                         ii.      CBC

                        iii.      OFB

                       iv.      CFB

                         v.      CTR

                       vi.      MACs and HMAC

 

7.      Public-key cryptography

                           i.      Modular arithmetic

                         ii.      RSA

                        iii.      PKCS

                       iv.      Diffie-Hellman

                         v.      DSS

 

8.      Number theory, groups, and fields

                           i.      Primes

                         ii.      Euclid’s algorithm

                        iii.      Chinese remainder theorem

                       iv.      Euler’s theorem

                         v.      Groups and fields

                       vi.      Analysis of AES

 

9.      Authentication

                           i.      KDCs

                         ii.      Needham-Schroeder

                        iii.      Otway-Rees

                       iv.      CAs

                         v.      Certificate revocation

                       vi.      Session key establishment

                      vii.      Handshake pitfalls

 

10.  SSL/TLS

                           i.      Record protocol

                         ii.      Handshake protocol

 

11.  IPsec

                           i.      Tunnel and Transport modes

                         ii.      SAD and SPD

                        iii.      AH

                       iv.      ESP

                         v.      IKE

 

12.  PKI

                           i.      X.509

                         ii.      CRLs

13.  Kerberos

14.  Firewalls

15.  PGP

 

 

Required textbook

 

·        Kaufman, R. Perlman, and M. Speciner, “Network Security: Private Communication in a Public World,” 2nd ed., Prentice Hall, ISBN 0-13-046019-2

 

 

Other recommended books, freely available online from Pitt’s library (http://pittcat.pitt.edu/)

 

·        "SSH, the Secure Shell: The Definitive Guide" 2nd ed., by D. Barrett, R. Silverman, R. Byrnes, O'Reilly, 2005

 

·        "Network Security with OpenSSL" by J. Viega, M. Messier, P. Chandra, O'Reilly, 2002

 

·        "Demystifying the IPsec Puzzle" by S. Frankel, Artech House, 2001

 

·        "Firewalls and Internet Security: Repeling the Wily Hacker" 2nd ed., by W. Cheswick,S. Bellovin, and A. Rubin, Addison Wesley, 2003

 

 

Experiments

 

Students will perform experiments in the Laboratory for Computer Network Security Instruction (SENSQ 5506). Experiments provide students hands-on instruction on how to secure computer applications and networks. In the experiments, students alternate between the roles of computer user, programmer, and system administrator. The experiments cover:

 

1.      Password-based authentication, eavesdropping attacks, and application-layer defense with SSH

2.      Dictionary attacks and defense with CrackLib and salting

3.      Transport-layer defense with SSL

4.      Man-in-the-middle attacks and certificate-based defense; setting up a simple certifying authority

5.      Port-scanning and fingerprinting attacks and defense with firewalls and IPsec

 

 

Homework

 

Problems from the textbook will be assigned as homework. Collaboration among students for solving these problems is encouraged, but each student’s submission must be his or her own. Students will receive credit for turning in their solutions (handwritten or hardcopy) at the beginning of the class on the due date (no email or mailbox, please). Student submissions will not be individually graded, but preparing them is good practice for the exams. The instructor will solve the problems in class. Students may earn extra points by contributing to the solution or making insightful related questions in class.

 

 

Grading

 

20% first exam

20% second exam

20% third exam

7% each of 5 experiments (total 35%)

5% homework

 

 

Calendar

(subject to change; please check latest version on CourseWeb)

 

 

Date

Topic

Readings

Homework problems

1/5

Introduction

1.2, 1.3, 1.4, 1.6, 1.8,  2

 

1/9

Primer on networking, sockets, SSH

1.5, 1.7, slides

 

1/12

Authentication of people

9.1, 10

 

1/14

Secret-key cryptography

3.1, 3.2, 3.3, 4.4-4.4.1.3

 

1/19

(Martin Luther King day)

 

 

1/21

3.5, 3.6

2.2, 2.3, 2.5, 2.6

1/23

(Experiment 1 due 5 p.m.)

 

 

1/26

Modes of operation

4.1-4.3, 4.4.2

3.8, 3.11, 3.12

1/28

Hashes

5.1, 5.2, 5.5, 5.6, 5.7

4.1, 4.2, 4.4, 4.6

2/2

Public-key cryptography

6.1-6.3

5.4, 5.6, 5.19

2/4

6.4-6.6

6.2, 6.3, 6.4

2/9

(First exam)

 

Review: 3.1, 3.3, 3.4, 3.9, 3.14, 5.1, 5.2, 5.12

2/11

Number theory

7

6.5, 6.6

2/13

(Experiment 2 due 5 p.m.)

 

 

2/16

Math with AES

8.1-8.5

7.1, 7.2

2/18

Overview of authentication systems

9.2-9.9

 

2/23

Security handshake pitfalls

11

9.1, 9.2

2/25

Real-time communication security

16, slides

11.2, 11.3, 11.4

3/2

SSL/TLS

19

11.5, 11.6, 11.7

3/4

PKI

15

11.8, 11.11

3/6

(Experiment 3 due 5 p.m.)

 

 

3/9

(Spring Break)

 

 

3/11

(Spring Break)

 

 

3/16

IPsec

17, 18

11.12, 11.13

3/18

(Second exam)

 

 

3/23

Firewalls

23

17.1, 17.3, 17.4, 17.5

3/25

Web security

25

17.7, 18.2, 18.7, 18.8

3/26

(Experiment 4 due 10 p.m.)

 

 

3/30

LAN security: 802.1x, PAP, CHAP, EAP, RADIUS

Wireless security: WEP, captive portals, WPA, 802.11i

Slides

 

 

4/1

Strong password protocols

12

 

4/6

Kerberos 4, 5

13, 14

12.1, 12.2, 12.3, 12.5

4/8

Email security

20

13.1, 13.2, 13.4, 14.5

4/13

PEM, S/MIME, and PGP

21, 22

20.2, 20.3, 20.4, 20.5

4/15

(Third exam)

 

Review: 12.11, 12.13,  20.6, 20.7, 20.9, 20.10, 20.11, 21.11

4/17

(Experiment 5 due per assigned slot)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

Policies

·        Class attendance is required.

·        You should check daily for course announcements on http://courseweb.pitt.edu

·        All your answers to experiments and exams must be your own.

·        Do discuss course materials and homework with other students at a conceptual level, but:

o        do not copy answers from others, and

o        do not allow others to copy your answers.

·        Students caught cheating will fail the course.

·        Late laboratory experiments will be penalized 5% per day up to two days and 10% per day up to another 5 days. They are unacceptable after that.

·        Except in case of documented emergency, there will be no make-up exams. All related documentation must be produced to the instructor no later than a week after the emergency.

 

Religious observances

If a scheduled class or exam conflicts with a religious observance you have, please alert the instructor as early as possible in the term for rescheduling or other accommodation.

 

Students with disabilities

If you have a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services, 216 William Pitt Union, (412) 648-7890/(412) 383-7355 (TTY), as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.