The spectacular growth of the Internet has spawned an increased awareness of and interest in security issues. Although security has been considered in the design of the basic Internet protocols, many applications have been and are being designed with minimal attention paid to issues of confidentiality, authentication, and privacy. As our daily activities become more and more reliant upon data networks, the importance of an understanding of such security issues will only increase.
This course provides an introduction to the topic of security in the context of computer networks. It is intended for graduate students who have some understanding of networks, but not necessarily any background in security. The goal of the course is to provide students with a foundation allowing them to identify, analyze, and perhaps solve network-related security problems in computer systems. The course covers fundamentals of number theory, authentication, and encryption technologies, as well as the practical problems that have to be solved in order to make those technologies workable in a networked environment, in particular in the wide-area Internet environment.
The of the course will be lecture-discussion. Students are strongly encouraged to participate actively in class discussions and to ask questions.
Instructor: Ken Calvert, GCATT 218, +1 404 894 9107 calvert@cc.gatech.edu.
The text for the class is
Charlie Kaufman, Radia Perlman and Mike Speciner, Network Security, Prentice-Hall PTR, 1995.
An optional, and highly recommended, text is
William R. Cheswick and Steven M. Bellovin, Firewalls & Internet Security, Addison-Wesley Professional Computing Series, 1994
We'll also be reading some IETF Request For Comments (RFC) Documents, as well as the occasional handout:
There is an oceanic amount of material on network security available over the Internet. The following list is just a sample to get you started:
You can read or post messages of interest to the class in git.cc.class.8113b, a GT local newsgroup. Readers should beware: Netscape versions 1.1N and 1.12 don't display all articles available in the newsgroup. Mosaic 2.6 does (seems to) display all articles.
Knowledge objectives: At the conclusion of the course, the student should have an understanding of:
Application objectives: The project and homework portions of the course are intended to help you apply your understanding, for example by
Students are expected to have a solid grasp of the fundamentals of computer networking, including a basic understanding of the operation of the protocols in the TCP/IP suite, especially IP. (CS 6380 is an adequate prerequisite.) In addition, students are expected to have a level of mathematical maturity that includes basic algebra and the ability to learn and use new mathematical notations. Some C programming ability will be helpful, as we will be looking at implementations of encryption algorithms.
The project may be done individually or in groups of up to three people. I will provide suggestions for project topics, but you are encouraged to choose something that interests you. The project may be theoretically-oriented (e.g., analyze the security of RC5; come up with an efficient method of computing discrete logarithms) or more practical, involving design and implementation of a piece of security-related software, for example.
Following is a list of the student projects from Winter 1996, in no particular order. Please contact the authors if you want more information.
- Byte-Stream Security; Zongmei Fei and Ting Zhou.
- Implemented a secure sockets library using DES encryption and Needham-Schroeder authentication (with KDC).
- Encrypting Telnet Proxy; David Aylesworth.
- A proxy that uses SSL encryption and session key distribution on one side, supported by the Telnet AUTHENTICATION option of RFC~1416.
- A Secure Talk Implementation; Rob Coleman.
- A talk application based on encrypted (DES) communication between clients via a trusted server.
- Internet Firewalls; Al Leach and Daranee Payattakool.
- Comparison of available internet firewall products plus an evaluation of security of a portion of the campus network using SATAN.
- SOS: Security On-top-of Sockets; Yusuf Goolamabbas, Lokesh Srinivas, and Ami Feinstein.
- A plug-in replacement for socket communication, providing secure communication using IDEA and Diffie-Hellman key exchange (uses RSAREF).
- Modified Internal Chaining DES; Scott Harris.
- A modified encryption facility that does chaining on the inside, and uses a 64-bit key.
- A Secure Protocol for Client/Server Applications; Tianji Jian and Jing Lei.
- Another secure sockets layer that uses DES and Otway-Rees (with KDC) for mutual authentication.
- Probabilistic Methods for Primality Testing; Mary Chamlee.
- A discussion of the Soloway-Strassen and Miller-Rabin yes-biased Monte Carlo algorithms for COMPOSITE.
- Analyze the Security of Java; Chang-tien Lu.
- A discussion of all aspects of Java security, from compiler through byte-code verifier to run-time system.
- Analyze the Security of RC5; Liqin Shi.
- A statistical analysis of the characteristics of RC5 with variable numbers of rounds.
- Secure DNS Client Implementation; Alex Snoeren.
- Modification of the host program to conform to the Security Extensions to DNS, as described in the draft by Eastlake and Kaufman.
- Analysis of Network Security for a Public Safety Department; Craig Scott Smith.
- A look at the security implications and alternatives for the use of wireless data networks by a municipal Police/Fire department.
In addition to the usual expectations regarding academic honesty, this course presents some particular ethical and even legal problems.
First, while this is not a course in how to crack systems, it is practically impossible for us to avoid discussing concrete security weaknesses in existing systems. Any attempt to use such information to gain unauthorized access to any system is a violation of the Georgia Tech Policy on Computer and Network Usage, and will be dealt with harshly. You are expected to read and understand the policy. Note particularly Section 4.7, which proscribes "attempting to circumvent or subvert any system's security measures".
Second, it is possible that in this course you may encounter software that is under export restriction. You are responsible for obeying all applicable laws. Third, many of the algorithms we will discuss are protected by patents, which makes it illegal to make and sell (or give away) computer programs that use those algorithms. Finally, any work you turn in is to be your own, written up by you personally. Honest behavior is expected at all times.
This page last modified on Jan 7 1997.