CS558 : Network Security
(Privacy, Anonymity, and Online Censorship).

Boston University, Computer Science, Spring, 2013
Instructor: Sharon Goldberg

Summary      Course Syllabus     Schedule      Google Calendar for this Course      Link to websubmit     


Schedule

System security: Lectures taught by David Seidman (January 28-31)

A note on ethics:In these classes you learned a number of web and software exploits. Please read the statement of ethics, law, and university policy here and do NOT try these on any site where you do not have explicit permission to do so!

Fuzzing Lab. Due Feb 22. Instructions.      testfile      testprogram.c      Link to websubmit.

System security homework. Due February 12. ho1

Extra security related reading recommended by David:

Reference books: "Writing Secure Code", or see also this site. The book "Windows Internals".


Hashing and Entropy (Week of Feb 4)

Speaker: Adam. flame presentation

Speaker: Yieli. password cracking presentation


Encryption and authentication ( Feb 12-21)

Speaker: Sachin. red october presentation

Speaker: Marc. java facepalm presentation

Encryption. Definitions: perfectly secure encryption (Katz Lindel page 30-34), CPA secure encryption (Katz Lindel page 82-85) . Schemes: one time pad (Katz Lindel page 34-36), stream ciphers (Katz Lindel page 69-80). Public key encryption.

Authentication. Message authentication codes (Katz Lindel page 114-118), digital signatures.

Basic crypto homework. Due March 1. Deadline extended to March 6. ho2 ho2 solution


IPsec: Symmetric Encryption and Authentication. (Feb 26 - March 5)

Speaker: Allan. presentation
Speaker: David. presentation
Speaker: Zhouqun. presentation

We discuss how IPsec and TLS/SSL are used, covering both the high-level issues about where in the Internet each protocol is used, as well as the underlying cryptographic issues related to encryption and authentication.

Reading. Please read sections 1-3 and 7 from this EuroCrypt'2006 paper on attacks on encryption-only uses of IPsec; email me a 200 word summary of the attack described in the paper in time for class on February 28. Email subject should be: CS558 Reading 1.


IKE: Internet Key Exchange. (March 7 - )

We discuss SigMA protocols used for IKE (internet key exchange) for IPsec using Hugo Krawcyzk's excellent slides. The corresponding paper may also be useful pdf.

IPsec and IKE homework. Due March 20. ho3. ho3 solution


TLS and PKI (March 18)

We discuss SSL/TLS and public key infrastructures.

Lab 2: SSL certificates. Due April 11. Lab 2


DDoS and Amplification attacks (March 28)

We discussed the DDoS attack on spamhaus that is happened this week.


Routing security and BGP attacks (March 28-April 2)


Midterm information (April 4) The following topics will be covered on the midterm:


DNS security
Speaker: Emily. presentation
Speaker: Brian. presentation
Speaker: Jeff. presentation
Speaker: Dan. presentation
Speaker: Mateus. presentation
Speaker: Richard. presentation

Homework 4: BGP, DNS and TLS. Due April 22. Homework 4


History: Why was the Internet designed without security in mind?


Anonymity and Tor

We discuss the Tor protocol using these slides.


Data privacy