CS 285 Network Security

Course Information

When and Where

 Tuesday/Thursday 11am-12:15pm

 209 Featheringill Hall

Instructor: Yuan Xue (

yuan.xue@vanderbilt.edu

)

 Office: 383 Jacobs Hall, Phone: 615-322-2926

 Office hours: Monday/Thursday 2pm-3pm or by appointment.

Web:

Books and References

Textbook



[WS] Cryptography and Network Security: Principles

and Practice (4th Edition) by William Stallings

Reference books



[KPS] Network Security: Private Communication in a

Public World (2nd Edition), by Charlie Kaufman,

Radia Perlman, Mike Speciner



[CSP] Security in Computing (3rd Edition), by

Charles P. Pfleeger, Shari Lawrence Pfleeger



[MB] Computer Security: Art and Science, by

Course Component

Lecture



Slides + white board



Take note



Online digest/slides

Participation



Discussion



Presentation

Homework



5 assignments

Midterm

Project

Grading Policy



Participation:

10%



Homework: 35%



Midterm: 25%

What you will learn from this

course

What is

“

Security

”

?

Where the security problems come from?



_{Potential threats to a system}

What are the solutions?

 Apply an appropriate mix of security measures (protective, defensive, etc)

 Knowing what has worked, what has failed. Security involves many aspects

-Operating system, programming language, administration and policy

Our Focus

Course Topics

Security Basics and Principles

 Symmetric/ Asymmetric Cryptography  Basic concept, algorithm, mechanism,  Design principles

Security Practices

 Secure protocols, systems and applications  Hand-on experiences

 Secure network programming

Hot Topics and Recent Development

Survey and Feedback

Your input is important



Online Survey

 _{http://www.zoomerang.com/Survey/?p=WEB22873V62}

YWQ

What is security?

In general, security is the condition of

being protected against danger or loss.

(Wikipedia)

In computer security and network

security



What are the subjects that need to be

protected?

Let’s start with some terms



System

 _{computer, network, application, data, resource}



Principal: an entity that participate in a

system

What is security?

Computer Security



Confidentiality

means that only authorized people

or system can access the data or resource.



Integrity

refers to the trustworthiness of data or

resources.

 _{Data integrity means that data can only be modified by}

authorized people or system in authorized ways

 _{Origin integrity means that the source of the data is}

trustworthy, also called authentication.

 _{Message authentication means messages received are}

exactly as sent (i.e. no modification, insertion, deletion, or replay), and the ID of the sender is valid.

 _{Note: timing information}



Availability

means that people has the ability to

Where the security problem comes

from?

Let’s look at some example systems:

Bank



Bookkeeping

 _{Core operations}

 customer account, journals recording the transactions

 _{Who has the access to the information?}

 Bank’s own staff – what if they cheat?



ATM

 _{Authenticate users based on card and ID number}



Let’s go Internet

 _{The user – how do we know they are the “real” (authenticate)}

user?

Where the security problem comes

from?

Hospital



Patient record system

 _{Who can access the record? –}

 Many parties – insurance company, care giver, researcher, etc  Complicated -- role can change

 Privacy issue – HIPPA



Anonymize the record for research

 _{Is it sufficient?}

 Show me all records of 59-year-old males who were treated for

a broken collarbone on September 15, 1966



Drug management



Let’s go to Web

Issues that will be

Network Security Issues

From a Computer to Internet



Single computer



Networking environment

 _{Secure communication in a public environment}  _{Computer system security with remote access}

Some Simple Scenarios

Internet Lin k IP TCP/UDP Application Lin k IP TCP/UDP Application Lin k IP Lin k IP

Bob

Alice

Darth

Some Simple Scenarios

Internet Lin k IP TCP/UDP Application Lin k IP TCP/UDP Application Lin k IP Lin k IP

Bob

Alice

Darth

Some Simple Scenarios

Internet Lin k IP TCP/UDP Application Lin k IP TCP/UDP Application Lin k IP Lin k IP

Bob

Alice

Darth

Some Simple Scenarios

Internet Lin k IP TCP/UDP Application Lin k IP TCP/UDP Application Lin k IP Lin k IP

Bob

Alice

Darth

Pretend to be Bob to

Some Simple Scenarios

Internet Lin k IP TCP/UDP Application Lin k IP TCP/UDP Application Lin k IP Lin k IP

Bob

Alice

Darth

Why many solutions fail?

Protect wrong things

What are the solutions?

Security Basics and Principles



Symmetric/ Asymmetric Cryptography



Basic concept, algorithm, mechanism,

Security Practices



Secure protocol designs

How to study network security?

Principle of Easiest Penetration



An intruder are expected to use any available

means of penetration.



Computer security specialists must consider all

possible means of penetration.

Learning methodology