CS/ECE 478 Introduction to Network Security Dr. Attila Altay Yavuz Course Overview and Organization Introduction to Network Security Dr. Attila Altay Yavuz Spring 2018

High-Level Objectives Cryptographic primitives and Net. Sec. foundations: Essential cryptographic building blocks Their properties and use Basic Service: Authentication and Handshakes Primitives Protocols Key Management and Establishment Protocols Network Security Protocols Selected Advanced Topics

Pre-reqs and Grading Required: Good C/C++ programming CS 372 and CS 321 Desirable but not required: Previous security courses CS 370 or CS 427 Grading: No mid-term or final! 5 Homeworks (10% each): 50% total HWs are research-oriented (10 days each) 3-4 Mini-projects in form of labs: 50% total You will have access to remote Virtual Machines (VMs) to work Implementation of network security protocols with crypto libraries Around 2-weeks duration each Extra credit quizzes (e.g., 7-8%)

Topics – Syllabi Outline – TENTATIVE TIMING Week 1-2: Hash-based primitives and Net. Sec. Tools Week 3-4: Preparation for Network Security Protocols Symmetric Primitives: DES and AES (not covered in CS 427) Key Exchange: DH and Certificates (quick recap with some number theory) Encryption/Authentication: Elgamal, Schnorr, DSA, (not covered in CS 427) Week 4-5-6: Net. Sec. Protocols Handshake principles, replay attacks, etc.. Needham-Schroeder, Otway-Rees, Kerberos, Station-to-Station protocol, common mistakes Week 6-7: Net. Sec. Protocols SSL/TLS IPSec, Basic Cloud Security Week 7-8: Key Management and Establishment: IoT Key Distribution Group Key Establishment: GDH protocols Group Key Management: Iolus, Logical Key Hierarchy, Key Trees Week 9: Privacy in Cloud and Emerging Wireless Systems Searchable Encryption for Cloud Storage: Privacy versus data utilization dilemma Location-Privacy in Cognitive Radio Networks Week 10: Selected Topics in Emerging Network Security

Pre-reqs and Grading Homeworks (5 HWs, each has generally 5-6 questions): Some asks you to dig deeper in topics covered in class Some complements topics not covered in class: Research-based questions Some involve a proof or algorithm analysis Mini-projects (3-4 lab assignments) ZeroMQ network package to connect processes, remote access for implementation MIRACL cryptographic library for protocol implementation Counter Denial of Service Tool Implement a client-server puzzle with client-server model Authentication at Post-Quantum Era Implement a simple multiple-time hash based signature A Secure Digital Forensic Tool: Loss/Compromise Resilient Logger Implement forward-secure and aggregate authentication for logs Compression and information dispersal for network resiliency Implement your mini TLS Implement an authenticated TLS handshake with certificates and ECC Crypto

Logistics and Notes Instructor Office Hours and Course Webpage: Tuesday 2:00 – 4:00 PM (to be updated), KEC 3065 http://web.engr.oregonstate.edu/~yavuza/ Class email (important!) and in-class announcement Your TA and Office Hours: Mr. Rouzbeh Behnia, John 125 Monday and Wednesday, 12:00 – 1:30 PMs (extra grading hours will be hold). Grading and assignment related questions go to TA, everything else is me. A protocol and cryptography oriented approach to network security This is not a system security course! No hacking, etc… Plenty of protocols, coding and cryptography! Instructor Travels 2 weeks of travel (out of state and out of US) 1 week will be covered by guest faculty 1 week will be covered by TA

Extra Resources (not required but optional) No textbook is required. Lecture slides and reading papers will be provided at course website.  However, some optional books that may be useful: Charlie Kaufman, Radia Perlman, and Mike Speciner, “Network Security: Private Communication in a Public World”, Second Edition, Prentice Hall. (some slides and assignments are from this book) Douglas R. Stinson, “Cryptography Theory and Practice, 3rd edition". Jonathan Katz & Yehuda Lindell , “Introduction to Modern Cryptography”. Free online cryptography resources: Lecture notes of Dr. Mihir Bellare: https://cseweb.ucsd.edu/~mihir/cse207/classnotes.html "The Joy Cryptography" from Dr. Mike Rosulek: http://web.engr.oregonstate.edu/~rosulekm/crypto/