CS 4740 / CS 6740: Network Security

Syllabus

Networks security is a topic that requires as much attention to its real-world implications as its theoretical underpinnings. The CS 4740/6740 Network Security course allows the students to explore the practical elements of networks security and related design, and deployment decisions in a supervised laboratory, while simultaneously acquiring a strong conceptual knowledge of the underlying theory in the more traditional classroom environment. The combination of these elements provides students with a vivid picture of why and how networked systems and applications must be designed, implemented, deployed, and maintained in a secure fashion. The course goals are multi-fold:

Provide a solid understanding of the design and analysis of network security architectures, protocols, and services. Most of these protocols are based on cryptographic primitives and can be used as building blocks for more sophisticated networked systems. Such theoretical knowledge also provides the foundations to understanding attacks from password cracking to recent SSL/TLS BEAST and CRIME exploits.
Provide a in-depth coverage of today's network security standards, their functionality and limitations e.g., SSL/TLS, Kerberos, IPsec, OAuth, WPA.
The course covers how industry & international standards are used as part of state of the art systems such as in Single Sign On, email (e.g., S/MIME, DKIM), web (e.g., HTTPS), DNS (e.g., DNSSEC), online social networking platforms (e.g, facebook), streaming platforms (e.g., netflix). We will also discuss recent trends in network security attacks, and cyber-attacks in general, and analyze a variety of attacks from the analysis of worms spreading, to SSL/TLS session renegotiation/compression, DNS security, to spam and it's crypto-based countermeasures.
The course has a substantial hands-on component. In addition to the conceptual problem sets, each team of students is required to perform several laboratory assignments on a sandboxed network of virtual machines. Such labs include networks scanning, host/network intrusion detection, buffer overflow attacks, passwork cracking, sql injection, and cross site scripting. The course culminates in a project where the students apply the acquired conceptual and practical knowledge of network security protocols and applications to designing, prototyping and deploying a networked application (typically a secure instant messaging application). Each team is also required to analyze other teams designs and implementations, identify potential vulnerabilities and demonstrate exploits.

Staff

Instructor: Amirali Sanatinia (amirali ATA ccs DOTA neu DOTA edu)
Office: 208 West Village H

Class Information

Time/Location: Wednesday 5:30 pm - 8:50 pm, Behrakis Health Sciences Cntr 325
Recommended Textbook: Network Security: Private Communication in a Public World Charles Kaufman, Radia Perlman, Mike Speciner, Pearson Education, April 2002
Announcements, discussions, forums: All announcements and discussions will be through piazza : https://piazza.com/northeastern/summer2016/cs6740/.
Prerequisites: Knowledge of Internet networking protocols (e.g, a Networking course).
Laboratory: Laboratory assignments will be on the course sandboxed network of virual machines and infrastructure (See Laboratory 1).

Class Materials

[Slides] Review of Internet architecture and protocols
[Slides] Non-cryptographic network security: tools, etc.
[Slides] Review of cryptography concepts, algorithms, and security services
[Slides] Authentication Protocols I
[Slides] Authentication Protocols II
[Slides] Authentication Protocols III
[Slides] Kerberos
[Slides] Secure Socket Layer SSL/TLS
[Slides] Public Key Infrastructures (PKI)
[Slides] IPsec: AH, ESP, IKE
[Slides] DNS Security
[Slides] Email Security
[Slides] Privacy Infrastructures
[Slides] Viruses, Worms, etc.

Assignments

Problem Sets

PS1 [solution]
PS2 [solution]
PS3 [solution]
PS4 [solution]
PS5 [solution]

Lab Assignments

All laboratory assignments will be carried in virtual network environment accessible through a VPN connection.

Finals Project

The final project will build on the problem sets design and programming assignments. Each team of students will be required to design, implement, and deploy a secure instant messaging system. The student will practice developing secure networked applications, making use of cryptographic libraries, socket programming, and multi-threaded applications. The programming language of choice for this year is Python.

Notes

Late submissions will result in a 10% penalty per day (e.g.: 2.5 days late result in 25% penalty.)
Academic honesty: we will strictly enforce Northeastern’s academic integrity policy. Violatoins of academic integrity will be reported to OSCCR and will have a negative impact on your grade.
If a key idea is obtained from another person (other than the TA or the instructor) or from another book or paper (other than the course textbook), then the source of that idea should be cited. Solutions should be presented in a clear and concise manner.
Teams consist of two students. All the team member should participate actively to the labs and application development. For each laboratory each group member should document his contribution.
Graduate teams must complete 5 lab (including the Introduction Laboratory 1).

Grading

The course grade will be based on:

25%: 5 problem sets
25%: Midterm exam
15%: Laboratory assignments
30%: Presentations, final project report (design and analyis of other teams), code, and demonstrations
5%: Class participation