CSE 571S: Network Security, Fall 2018

Instructor: Ning Zhang, zhang.ning@wustl.edu, public key
Meeting: TuThu 10:00 pm - 11:30 pm
Classroom: Lopata 202
Piazza: piazza.com/wustl/fall2018/cse571
Office Hour: Tuesday 3:00 pm - 5:00 pm

Course Description

---

This course covers principles and techniques in securing computer networks. Real world examples will be used to illustrate the rationales behind various security designs. There are three main components in the course, preliminary cryptography, network protocol security and network application security. Topics include IPSec, SSL/TLS, HTTPS, network fingerprinting, network malware, anonymous communication, and blockchain. The class project allows students to take a deep dive into a topic of choice in network security.

Textbook

---

There is no textbook for the class. We will use research papers for some of the topics. However, the following references can be helpful.

• Network Security: Private Communication in a Public World (2nd Edition) by Charlie Kaufman, Radia Perlman, and Mike Speciner


• Computer Security: A Hands-on Approach by Wenliang Du


• Bitcoin and Cryptocurrency Technologies by Arvind Narayanan , Joseph Bonneau , Edward Felten , Andrew Miller , Steven Goldfeder,


• A Graduate Course in Applied Cryptography by Dan Boneh and Victor Shoup

Grading

---

There is no exam in this class, evaluation will be based on class participation, lab reports and final projects.

Labs	55% (14 + 14 + 14 + 13)
Projects	40%
Class Participation	5%

Schedule

---

Slides, Lab Assignments and QA are in the WUSTL backboard system.

Date	Topics	Reading	HW/Lab Assignment
8/28/2018	Course Overview, Security Fundamentals	Reflections on Trusting Trust
8/30/2018	Network Protocol Attacks - Packet/IP/TCP	A Look Back at “Security Problems in the TCP/IP Protocol Suite” IP spoofing demystified
9/4/2018	Lab1 - TCP/IP Attack Studio
9/6/2018	Stream Cipher	BonehShoup Ch3,
9/11/2018	Block Cipher	Kaufman Ch 3, BonehShoup Ch 4	Lab 1 Due
9/13/2018	Block Cipher	Kaufman Ch 4
9/18/2018	Block Cipher
9/20/2018	Lab2 - Block Cipher Studio
9/25/2018	Message Integrity	Kaufman Ch 5, 6, 7
9/27/2018	Hash Functions		Lab 2 Due
10/2/2018	Lab 3 - Hash Collision
10/4/2018	Authenticated Encryption
10/9/2018	Key Exchange	Kaufman Ch 5, 6, 7
10/11/2018	Number Theory		Lab 3 Due, Class Project Assigned
10/16/2018	Fall Break - No class
10/18/2018	Public Key Crypto
10/23/2018	Public Key Crypto
10/25/2018	Digital Signature, PKI, CA	Kaufman Ch 15
10/30/2018	Lab 4 - PKI
11/1/2018	Network Protocol - Authentication	Kaufman Ch 9
11/6/2018	Term Project Lightning Talk		Class Project Proposal Due
11/8/2018	Network Protocol - IPSec	Kaufman Ch 17,18	Lab 4 Due
11/13/2018	Network Protocol - TLS, HTTPS	Kaufman Ch 19
11/15/2018	DNS, DDoS
11/20/2018	Firewall / Intrusion Detection	Kauffman Ch 23
11/22/2018	Thanksgiving Break - No class
11/27/2018	No Class - Invidividual meeting on projects
11/29/2018	Blockchain
12/4/2018	Final Project Presentation
12/6/2018	Final Project Presentation
12/19/2018	Project Report Due

Extra credit eval - https://goo.gl/forms/uWpsUwcSDJ6nSTqf1

Labs

---

• Lab1 - focus on replay attack, TCP/IP session hijacking, and more
• Lab2 - focus on experiencing frequency attack and cipher mode
• Lab3 - focus on expoloring hash function collision
• Lab4 - focus on deploying PKI and how it stops man-in-the-middle attack

Projects

---

The class project can be original research or survey on an existing topic in network security. Class project report should follow the IEEE conference template. The length of survey should sufficient to provide insight into a topic (It often requires more than 6 pages). The class project can also be improvement on an existing security tool. The development should be source controlled using tools, such as git. Students are expected to spend at least six to eight hours on the class labs and projects every week. Some of the ideas for projects are listed below

Project Proposal Evaluation Link - https://goo.gl/forms/3TPjIpjHG0AOOrOv2
class feedbacks: https://goo.gl/tNqpQy

• Build an IoT device locator in the Internet using tools from Zmap project
• Automatic vulnerability discovery using protocol specification
• Automatic context recovery of network services in operating system
• Adversarial learning on network systems
• Security Measurement on services on the Internet
• Build a covert channel over the network using various services
• Building physical communication covert channel by misuing IoT devices
• Automatic context recovery of network services in operating system
• Build specialized finger printing mechanisms to for a type of device
• Analyze security of a real world product, it can be cyber-physical systems like car or IoT devices like smart coffee machine.
• YOUR IDEA

Ethics

---

With greater power, comes greater responsibility. In this course, we will be learning about and exploring some vulnerabilities that could be used to attack systems. Students are expected to behave responsibly and ethically. You may not attack any system prior approval of the site owners, and may not use anything you learn in this class to disrupt services or harm others. If you have any doubts about whether or not something you want to do is ethical and legal, you should check with the course instructor.