-------------------------------------------------------------------------- Mohamed G. Gouda Network Protocol Security Spring 2008 CS 386S -------------------------------------------------------------------------- This course covers the foundations for the protocols that are currently being used to provide security to the Internet. We also cover some of the protocols that are being used to provide security to the Internet: SSL and TLS, PKI and Certificate Systems, Passwords and Secure Cookies, IPsec, Ingress filtering, and Firewalls. The list of topics we plan to cover in this course is as follows. 1. Abstract Protocols 2. Protocol adversaries 3. Security keys, nonces, and message digests 4. Correctness of public key protocols. 5. Assignment of symmetric keys 6. Certificate systems 7. Certificate dispersal 8. Authentication protocols 9. SSL or TLS 10. Phishing and Pharming attacks 11. Password and secure cookie protocols 12. Privacy and integrity protocols 13. Antireplay protocols 14. Nonrepudiation protocols 15. Anonymity protocols 16. IP Security (IPsec) 17. Denial of Service Attacks 18. Firewall analysis 19. Firewall design 20. Secure routing 21. Secure group communication There is no textbook for this course but there are references that I will mention during the lectures and suggest that you study. A list of these references is below. Attending the lectures is very important. You also need to cultivate friends among your classmates so that they can come to your rescue when you happen to miss a class. ---------------------------------------------------------------------------- Grade: Ten Quizes, each is worth 3 points. Two Midterms, each is worth 20 points. One Project is worth 30 points. ---------------------------------------------------------------------------- Midterm and project due dates: First midterm is on March 12 in class. Last midterm is on May 7 in class. The project is due on May 8 - by noon. ---------------------------------------------------------------------------- Instructor: Name: Mohamed G. Gouda (gouda@cs.utexas.edu) Office: Taylor Hall 3.112 Office Hours: Wednesdays: 13:00 - 14:00 Office Phone: 512 - 471 - 9532 Home Phone: 512 - 345 - 6134 (before 21:00) ---------------------------------------------------------------------------- Teaching Assistant: Name: H. B. Acharya (acharya@cs.utexas.edu) Office: TA station in ENS basement. Office Hours: Monday: 13:00 - 14:00 Friday: 12:00 - 13:00 ---------------------------------------------------------------------------- Course References: Correctness of Public Key Protocols: 1. D. Dolev and A.C. Yao, "On the Security of Public Key Protocols", IEEE Transactions on Information Theory, Vol. 29, No. 2, pp. 198-208, 1983. Assignment of Symmetric Keys: 2. A. Aiyer, L. Alvisi, and M.G. Gouda, "Key Grids: A Protocol Family for Assigning Symmetric Keys", in Proceedings of the 14th IEEE International Conference on Network Protocols (ICNP-06), 2006. 3. E. Elmallah, M. G. Gouda, and S. Kulkarni, "Logarithmic Keying", to appear in the ACM Transactions on Autonomous and Adaptive Systems. Certificate Systems: 4. E. Jung, E. S. Elmallah, and M. G. Gouda, "Optimal Dispersal of Certificate Chains", IEEE Transactions on Parallel and Distributed Systems, Vol. 18, No. 4, pp. 474-484, April 2007. Authentication Protocols: 5. R. Needham and M. Schroeder, "Using Encryption for Authentication in Large Networks of Computers", Communications of the ACM, Volume 21, Number 12, pp. 993-999, 1978. 6. G. Lowe, "An Attack on the Needham-Schroeder Public Key Authentication Protocol", Information Processing Letters, Volume 56, Number 3, pp. 131-136, 1995. SSL or TLS: 7. T. Dierks and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2" , RFC 5246. Password and Secure Cookie Protocols: 8. T. Li Gong, Mark A. Lomas, Roger M. Needham, and Jerome H. Saltzer, "Protecting Poorly Chosen Secrets from Guessing Attacks", IEEE Journal on Selected Areas in Communications, Volume 11, pp. 648-656, 1993. 9. L. Lamport, "Password Authentication with Insecure Communication", Communications of the ACM, Volume 24, Number 11, pp. 770-772, 1981. 10. M. G. Gouda, A. X. Liu, L. M. Leung, M. A. Alam, "SPP: An Anti-Phishing Single Password Protocol", Computer Networks, Volume 51, Number 13, pp. 3715-3726, 2007. 11. J. S. Park and R. Sandhu, "Secure Cookies on the Web", IEEE Internet Computing, July-August 2000, pp. 36-44, 2000. 12. K. Fu, E. Sit, K. Smith, and N. Feamster, "Dos and Don'ts of Client Authentication on the Web", USENIX Security 2001, pp.251-268, 2001. Antireplay Protocols: 13. M. G. Gouda, C. T. Huang, and E. Li, "Anti-Replay Window Protocols for Secure IP," Proceedings of the IEEE International Conference on Computer Communications and Networks, 2000. Anonymity Protocols: 14. D. Chaum, "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms", Communications of the ACM, Volume 24, Number 2, 1981. IP Security: 15. S. Kent and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, 1998. Denial of Service Attacks: 16. M. G. Gouda, E. N. Elnozahy, C. T. Huang, T. M. McGuire, "Hop Integrity in Computer Networks", IEEE Transactions on Networking, Volume 10, Number 3, pp. 308-318, June 2002. Firewall Analysis and Design: 17. H. B. Acharya and M. G. Gouda, "Linear Time Verification of Firewalls", Technical Report, Department of Computer Sciences, the University of Texas at Austin, 2009. 18. M. G. Gouda and A. X. Liu, "Structured Firewall Design", Computer Networks, Volume 51, pp. 1106-1120, 2007. Secure Routing: 19. S. Kent, C. Lynn, and K. Seo, "Secure Border Gateway Protocol (S-BGP)", IEEE Journal on Selected Areas in Communications, Volume 18, Number 4, pp. 582-592, 2000. Secure Group Communications: 20. C. K. Wong, M. G. Gouda, and S. S. Lam, "Secure Group Communications Using Key Graphs," IEEE/ACM Transactions on Networking, Volume 8, Number 1, pp. 16-30, 2000.