CS558 : Network Security
Boston University, Computer Science, Spring, 2012
Instructor: Sharon Goldberg

Summary     Course Syllabus       Schedule

Official course description: Cryptographic tools: shared and public key cryptography, encryption, key exchange, and signature. Applying these tools in protocols and systems: confidentiality, authentication, data integrity (Kerberos; SSL/TLS, ISPEC; VPNs; certificates, PK). Firewalls, intrusions, viruses.

Prerequisites: CS455 or permission of the instructor. CS237 or equivalent is recommended but not required.

NOTE: Students who have not taken a networking course are responsible for understanding networking material on their own time; for example, the material in Kurose and Ross, "Computer Networking: A Top-Down Approach" in Sections 1.1 - 1.5, 2.1, 2.2, 2.5, 3.1, 3.5-3.7, 4.1, 4.4-4.6, 5.1-5.1. Students looking for a refresher in probability theory can refer to these notes notes or these notes (see Week 12-14).

Elaboration: The official course description is a little out-of-date; not all topics listed above will be covered, while some new topics will be introduced. This course will require both mathematical maturity (especially with probability, so CS237 is strongly recommended), programming maturity, and basic understanding of networking (so CS455 or permission of the instructor is required).

The course will be divided into three basic "units". The following is a tentative list of topics for each unit, subject to change. Prof. Goldberg will write down the relevant references at the beginning of each lecture.

  1. Data privacy. An understanding of data privacy, as well as mathematical definitions of privacy. Topics include: Attacks on privacy and anonymity. K-anonymity. Differential privacy. (1 month)
  2. Basic crypto. Basic crypto and techniques for rigorously arguing about the security of protocols. Topics include: block ciphers, message authentication, symmetric-key encryption, hash functions, public-key encryption, digital signatures. (2-3 weeks)
  3. Security in networks. The security issues at various network layers of the Internet, and the protocols proposed and deployed to deal with these security issues. For example: Public key infrastructures and why they are difficult to deploy in practice. DNS security. BGP security. Login security. IP and TCP security. etc. (Rest of the course.)

Grading. The grading scheme is as follows, subject to change:

Participation5 %
Assignments45 %
Midterm20 %
Poster20 %
News Presentation10 %

Security News Presentation. Each student will be required to give a 7 minute presentation on a topic related to security and privacy that has recently appeared in the popular news, the technical press, blogs, or advocacy websites (e.g., the EFF), with one student presenting every class. Presentations should be accompanied by a slide presentation. Unless you have an extraordinary presentation style (see, e.g., Ed Felten), no more than 5 slides should be used. Presentations should cover both the ``superficial'' issues presented in the press, and also explain the underlying technical issues. For instance, a story about a hacker issuing fake SSL certificates should also include an explanation of what an SSL certificate is, why hacking it matters, and details about how the attack was carried out. Notice that obtaining all this information will require you to dig deeper than just what was presented in the popular press. Condensing this information down to 7 minutes will require some effort, so please plan accordingly.

Presenters must email Prof. Goldberg with the topic of their presentation at least 1 week before their presentation dates. Presenters should arrive early on the day of their presentation to test the projector in the class room, and be ready to begin their presentation at exactly 1:30PM.


Poster. Students must work in pairs to prepare a poster on a topic in network security. Students must choose a topic in networking (examples from past years include Voice over IP, Vehicular Networks, text messaging, etc.), clearly state a security property that is important to that application, and either (a) present a protocol that guarantees that security property, or (b) present an attack on the application that breaks the security property. Protocols and attacks need not be original; students are welcome to present attacks or protocols that were published at technical conferences or that appear in Internet Standards.

Extra credit will be given for original work. If you plan to do original work, please email Prof. Goldberg with the description of what you plan to do by March 19, 2012 at 9AM.

Each pair must email Professor Goldberg by April 9, 2012 at 9AM with (a) the names of the people working on the poster (b) the topic of the poster, (c) the security property that you plan to study, and (d) a link to the source describing the protocol or attack you plan to present.

The course will culminate in a poster session that will be open to the entire department on May 4 2012, from 1:00-4:00 PM. You are welcome to invite colleagues and friends.