Jonathon Giffin

CS 6262: Network Security

Fall 2007

CS 6262 provides graduate students with basic training in network security. This is a fast-paced class covering a large collection of topics in a short period of time—we rarely spend longer than one lecture on a particular topic. This is a reading intensive course, so students should be prepared to read 50 or more pages of text per week in addition to time spent completing homework assignments, exams, and research projects.

Course contents: security threats; introduction to cryptography and its application to network security; secret key and public key cryptographic algorithms; hash functions; authentication; security for email; firewalls; intrusion detection. This course is suitable for first year graduate students, including Ph.D. students preparing to qualify in Security.

Course outcomes:

Learn fundamentals of cryptography.
Understand network security threats and countermeasures.
Acquire background for supporting electronic commerce.
Gain hands-on experience with programming techniques for security protocols.
Obtain background for original research in network security.

Prerequisites: Undergraduate courses in information security, computer networks, operating systems, and discrete math. Fluency in any of C, C++, or Java.

Instructor

Dr. Jon Giffin
Email:	`giffin@cc`
Phone:	4/385-1060
Office:	Klaus 3140
Office hours:	Tuesdays 4:00-5:00 Exceptions: No office hours on 04 Sep.

Teaching Assistants

Maria Konte
Email:	`mkonte@cc`
Office:	Klaus 3112 lounge area
Office hours:	Tuesdays 1:00-3:00

In addition, Mehul Sutariya will help Maria with homework evaluation.

Class Meetings

Klaus 1456
9:30–11:00 TTh

Textbook

Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security—Private Communication in a Public World, 2nd Edition. Prentice Hall, 2002. ISBN 978-0-13-046019-6.

In addition to the textbook, we will read research publications covering fundamental developments in network security. The class schedule below contains links to these papers when they will be included in class discussions. Discussion forums for papers are available at T-Square.

Assignments

This course has five homework assignments that should be completed individually by each student. Each assignment includes written responses and/or programming problems that are due by 5:00 p.m. local Atlanta time on the due date.

Assignments may be submitted online at T-Square.

Project

Each student must form a project group of two or three students. Each group will complete a significant research project, which includes a proposal, a final paper, and development of a poster to be presented during the end-of-semester final exam period.

Grading

Assignments 40%, project 25%, midterm 15%, final 20%. Grades will be posted at T-Square.

The Georgia Tech and College of Computing rules regarding academic honesty apply.

A student may contest a possible grading error by notifying a TA of the error. The student should contact Prof. Giffin with a contested grade only if they believe that the TA has not satisfactorily resolved the mark. Please note that Prof. Giffin highly regards the TAs in this course and will rarely overrule a TA's decision.

Class Schedule

This schedule may change as the semester progresses. All changes will be made on this page, so the grid below will always show the current schedule. Changes will also be announced at the start of class sessions.

Date	Topic	Reading	Assignment
21 Aug	Administrative matters & overview
23 Aug	Introduction to network security	Chapter 1	Homework 1 assigned
28 Aug	Security threats [Slides]	[Spa89] [Bel89]
30 Aug	Web vulnerabilities	Chapter 25	Homework 1.1 due
04 Sep	Viruses and worms Guest lecturer: Bryan Payne [Slides]	[SPW02] [MSV+03]
06 Sep	Botnets Guest lecturer: Guofei Gu [Slides]	[CJM05] [GSN+07]	Homework 1.2 due
11 Sep	Introduction to cryptography	Chapter 2	Homework 2 assigned
13 Sep	Secret key cryptography [Slides]	Chapters 3, 4
18 Sep	Hashes & message digests	Chapter 5	Homework 2 due
20 Sep	Public key cryptography	Chapter 6	Homework 3 assigned
25 Sep	Key distribution and management	Chapter 9.7
27 Sep	Authentication	Chapters 9, 10	Homework 3 due Projects assigned
02 Oct	Guest lecture: Vinton G. Cerf 10:00 GTRI Conference Center, 250 14th St NW
04 Oct	Exam
09 Oct	No class
11 Oct	Kerberos	Chapters 13, 14
16 Oct	Security handshake pitfalls	Chapters 11, 12	Project proposals due
18 Oct	PKI	Chapter 15	Homework 4 assigned
23 Oct	IP	Chapter 17
25 Oct	IP	Chapter 18
30 Oct	Web	Chapter 19	Homework 4 due
01 Nov	Internet Telephony Guest lecturers: Vijay Balasubramaniyan and Takehiro Takahashi [Slides 1] [Slides 2]	[SWW+06]
06 Nov	Wireless	[BK03] [BGW01]	Homework 5 assigned
08 Nov	Email	Chapter 20
13 Nov	Intrusion detection systems	[Den87]
15 Nov	Intrusion detection systems Guest lecturer: Kapil Singh	[PN98] [RJM06]
20 Nov	Writing Secure Code	[LH03], Pages 17–24 and 33–86 from [App06]	Homework 5 due (extended to Nov 26)
22 Nov	No class
27 Nov	Firewalls	Chapter 23
29 Nov	Exam
04 Dec	Fault tolerant computing	[Sha79] [MR98]
06 Dec	Lasting lessons	Chapter 26
14 Dec	Project poster presentations		Project reports due

Acknowledgements

The lecture notes used in this course have incorporated course materials developed by Dr. Wenke Lee (Georgia Tech), Dr. S. Felix Wu (UC Davis), Dr. Fengmin Gong (IntruVert), Dr. Henning Schulzrinne (Columbia), and Dr. Matt Bishop (UC Davis).

References

[Spa89]
E.H. Spafford. Crisis and aftermath. Communications of the ACM, 32(2), June 1989.
[Bel89]
S.M. Bellovin. Security problems in the TCP/IP protocol suite. ACM SIGCOMM Computer Communications Review, 19(2), April 1989.
[SPW02]
S. Staniford, V. Paxson, and N. Weaver. How to 0wn the Internet in your spare time. 11th USENIX Security Symposium, San Francisco, California, August 2002.
[MSV+03]
D. Moore, C. Shannon. G. Voelker, and S. Savage. Internet quarantine: requirements for containing self-propagating code. IEEE Infocom 2003, San Francisco, California, April 2003.
[CJM05]
E. Cooke, F. Jahanian, and D. McPherson. The zombie roundup: understanding, detecting, and disrupting botnets. Steps to Reducing Unwanted Traffic on the Internet (SRUTI), Cambridge, Massachusetts, July 2005.
[GSN+07]
J.B. Grizzard, V. Sharma, C. Nunnery, B.B. Kang, and D. Dagon. Peer-to-peer botnets: overview and case study. Hot Topics in Understanding Botnets (HotBots), Cambridge, Massachusetts, April 2007.
[SWW+06]
H. Sengar, D. Wijesekera, H. Wang, and S. Jajodia. VoIP intrusion detection through interacting protocol state machines. Dependable Systems and Networks (DSN), Philadelphia, Pennsylvania, June 2006.
[BK03]
S. Byers and D. Kormann. 802.11b Access point mapping. Communications of the ACM 46(5), May 2003.
[BGW01]
N. Borisov, I. Goldberg, and D. Wagner. Intercepting mobile communications: The insecurity of 802.11. Seventh Annual International Conference on Mobile Computing and Networking (Mobicomm), July 2001.
[Den87]
D.E. Denning. An intrusion-detection model. IEEE Transactions on Software Engineering, 13(2), February 1987.
[PN98]
T.N. Ptacek and T.N. Newsham. Insertion, evasion, and denial of service: eluding network intrusion detection. Technical Report, Secure Networks, January 1998.
[RJM06]
S. Rubin, S. Jha, and B.P. Miller. Protomatching network traffic for high throughput network intrusion detection. ACM Conference on Computer and Communications Security (CCS), Alexandria, Virginia, November 2006.
[LH03]
D. LeBlanc and M. Howard. Writing secure and hack resistant code. Presentation from Black Hat Windows Security 2003, Seattle, Washington, Feburary 2003.
[App06]
Apple Computer, Inc. Secure coding guide. Technical Manual, Apple, Inc, May 2006.
[Sha79]
A. Shamir. How to share a secret. Communications of the ACM 22(11), November 1979.
[MR98]
D. Malkhi and M. Reiter. Byzantine quorum systems. Journal of Distributed Computing 11(4), 1998.