CIS 331, Spring 2015
Introduction to Networks & Security


Instructor:
  Nadia Heninger (464 Levine GRW)
  Office Hours Tuesdays 1:00-2:00pm 464 Levine GRW

TAs:
Christian Barcenas Mon. 4:00-5:00pm Moore 100 Foyer
Terry Sun Tue.  3:00-4:00pm Moore 100 (B or C depending on where there are more seats)
Richard Roberts Wed. 6:00-7:00pm Moore 100C (for duration of project 3)
Shaanan Cohney Thu.  1:45-2:45pm Moore 100 Foyer

Lectures:
  Tuesday/Thursday 10:30am-12:00pm Moore 216

Tutorial Sessions:
  Friday 2:00-3:00pm DRL 2C4

Canvas

Piazza


Announcements


Course Overview

This course introduces principles and practices of computer and network security.

Prerequisites: CIS 160, CIS 240.

Grading will be based on homework (25%), projects (40%), a final (30%), and class participation (5%).


Lecture and Tutorial Schedule

Topic Assignments Resources
1/15 Introduction
Threat modeling, thinking like an attacker
Homework 1 available Wikipedia: Teufelsberg
Computer Fraud and Abuse Act
Wikipedia: Aaron Swartz
Wikipedia: Weev
1/20 Symmetric encryption
Pseudorandom functions, pseudorandom generators, stream ciphers, block ciphers
Homework 2 available Communication Theory of Secrecy Systems by Shannon
Wikipedia: Vigenère cipher
1/22 Message integrity
Block cipher modes of operation, message authentication codes
Homework 1 due at 6pm
1/23 Tutorial session: Python
Brief demo of Python syntax and examples.
Resources: LearnPython.org, Learn Python the Hard Way
1/27 Hash functions
Hash functions, birthday attacks, length extension attacks
Guest Lecture: Brett Hemenway
Project 1 available New Directions in Cryptography by Whitfield Diffie and Martin E. Hellman
1/29 Public-key cryptography
Diffie-Hellman key exchange, RSA encryption and signatures
Guest Lecture: Brett Hemenway
Homework 2 due at 6pm
1/30 Tutorial session: Python/Sage
2/3 Authentication
Textboook RSA gotchas, key management, authentication factors, usability
2/5 Social Engineering
Guest Lecture: Shaanan Cohney
2/6 Tutorial session: Cryptoparty 1
Password managers, two-factor auth, and SSH keys
2/10 Passwords and web overview
Password hygiene, challenge-response authentication, biometrics, web threat model, HTTP, HTML, Javascript
Homework 3 available Web technology for developers
Browser Security Handbook: Basic concepts behind web browsers
2/12 Web attacks and defenses
Same-origin policy, session management, cookies, SQL injection, CSRF
Project 1 due at 6pm
Project 2 is available
SQL Injection cheat sheet
Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
2/13 Tutorial session: Javascript + JQuery
JavaScript basics
Using jQuery Core
2/17 Web attacks and defenses; HTTPS and secure channels
XSS and defenses; RSA and DH key exchange, certificates, CAs, public-key infrastructure, trust model
XSS Filter Evasion Cheat Sheet
The First Few Milliseconds of an HTTPS Connection
2/19 Privacy
PGP, the crypto wars, key management, web of trust, usability, OTR
Homework 3 due at 6pm Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 by Alma Whitten and Doug Tygar
Bernstein v. United States
Off-the-Record Communication, or, Why Not To Use PGP by Nikita Borisov, Ian Goldberg, and Eric Brewer
2/20 Tutorial session: Cryptoparty 2
OTR, TextSecure, PGP
Off the Record Messaging
GnuPG Manual
Open WhisperSystems
2/24 Networking overview
OSI architecture, Ethernet, IP, ICMP, ARP, DHCP
The Design Philosophy of the DARPA Internet Protocols by Clark
Brief History of the Internet
Wikipedia: OSI Model
Wikipedia: Ethernet
Wikipedia: Internet Protocol
Wikipedia: Address Resolution Protocol
Wikipedia: Dynamic Host Configuration Protocol
Computer Networks: A Systems Approach by Peterson and Davie
2/26 Networking overview
Routing basics, UDP, TCP, congestion control, DNS
Wikipedia: Autonomous System
Wikipedia: OSPF routing
Wikipedia: Border Gateway Protocol
Wikipedia: User Datagram Protocol
Wikipedia: Transmission Control Protocol
Wikipedia: Domain Name System
2/27 Tutorial session: Wireshark, dpkt, socket programming Wireshark
dpkt Tutorial: Parsing a PCAP file
Beej's Guide to Network Programming
3/3 Network attacks
FREAK, TCP injection, denial of service, SYN flooding, SYN cookies
Attack of the Week: FREAK by Green
3/5 Network attacks
CAPTCHA, client puzzles, DNS hijacking, ARP spoofing
Project 2 due at 6pm
Homework 4 available
3/10 Spring Break
3/12 Spring Break
3/17 Network attacks and defenses
BGP routing issues, DNSSEC, IPsec, S-BGP, firewalls, packet filtering, application proxies, tunneling, VPNs, intrusion detection
Project 3 available
3/19 Anonymity
Anonymous remailers, Tor, Tor hidden services, data deanonymization
Tor: The Second-Generation Onion Router by Roger Dingledine, Nick Mathewson, and Paul Syverson
Robust De-anonymization of Large Sparse Datasets by Arvind Narayanan and Vitaly Shmatikov
3/20 Tutorial session: Networking Topics & Tools
Review of networking concepts; demos of useful network tools
3/24 Control hijacking
Normal control flow, buffer overflow, integer overflows, format string vulnerabilities, DEP, ASLR
Homework 4 due at 6pm Smashing the stack for fun and profit by Aleph One
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade by Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole
Low-level Software Security by Example by Ulfar Erlingsson, Yves Younan, and Frank Piessen
Return-Oriented Programming: Systems, Languages, and Applications by Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage
3/26 Control hijacking, defenses, and malware
Stack canaries, heap spraying, malware
3/27 Tutorial session: gdb
3/31 Access control and OS security
ACLs, capabilities, unix file privileges, confinement
Project 4 available Operating System Security by Trent Jaeger
4/2 OS security, DRM
Isolation, sandboxing, virtual machines, digital rights management
Project 3 due 6pm Lessons from the Sony CD DRM Episode by J. Alex Halderman and Edward W. Felten
4/3 Tutorial session: gdb
4/7 The underground economy
Spam, phishing, botnets, measurement studies
Measuring the cost of cybercrime by Ross Anderson et al.
Spamalytics: An empirical analysis of spam marketing conversion by Chris Kanich et al.
PharmaLeaks: Understanding the business of online pharmaceutical affiliate programs by Damon McCoy et al.
4/9 Advanced threats
Government-sponsored malware, spearphishing, advanced persistent threats
W32.Stuxnet Dossier Symantec Report
APT1: Exposing one of China's cyber espionage units Mandiant Technical Report
Counter-cryptanalysis by Marc Stevens
4/10 Tutorial session: gdb
4/14 Ethics, law, and policy
Privacy and the Limits of Law by Ruth Gavison
Cyber-security Research Ethics Dialog & Strategy Workshop (CREDS 2013)
Going Bright: Wiretapping without Weakening Communications Infrastructure by Steve Bellovin, Matt Blaze, Sandy Clark, and Susan Landau
4/16 Entropy
Shannon entropy, min-entropy, cryptographic and non-cryptographic pseudorandomness, software RNGs, Netscape, Debian OpenSSL, Linux
Project 4 due at 6pm
Homework 5 out
Exploiting Poor Randomness lecture slides
Randomness and the Netscape Browser by Ian Goldberg and David Wagner
Mining your Ps and Qs: Detection of Widespread Weak Keys in Network Devices by Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
4/21 Emissions security and side channels
TEMPEST/van Eck phreaking, timing attacks, power analysis, fault attacks, remanence, cold boot attack
Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? by Wim van Eck
Electromagnetic Eavesdropping Risks of Flat-Panel Displays by Markus Kuhn
Compromising Electromagnetic Emanations of Wired Keyboards by Martin Vuagnoux and Sylvain Pasini
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems by Paul Kocher
Timing Analysis of Keystrokes and Timing Attacks on SSH by Dawn Song, David Wagner, and Xuqing Tian
Cache-timing attacks on AES by Daniel Bernstein
Cross-VM Side Channels and Their Use to Extract Private Keys by Yinqian Zhang, Ari Juels, Michael Reiter, and Thomas Ristenpart
Differential Power Analysis by Paul Kocher, Joshua Jaffe, and Benjamin Jun
Using Memory Errors to Attack a Virtual Machine by Sudhakar Govindavajhala and Andrew Appel
Lest We Remember: Cold Boot Attacks on Encryption Keys by J. Alex Halderman, Seth Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph Calandrino, Ariel Feldman, Jacob Appelbaum, and Edward Felten
4/23 Hardware Security
Guest Lecture: Shaanan Cohney
4/28 Current events, etc.
Shamir secret sharing and crypto "front doors", disclosure of vulnerabilities, more ethics, Bitcoin and the blockchain
Homework 5 due at 6pm
5/8 Final exam
12pm-2pm DRLB A1

Assignments

There will be five homework assignments to be done individually and five projects to be done in teams of two.

Homework

Projects

Late Work: You will have a budget of five late days (24-hour periods) over the course of the semester that you can use to turn assignments in late without penalty and without needing to ask for an extension. Late pair projects will be charged to both partners. Once your late days are used up, extensions will only be granted in extraordinary circumstances.


Additional Resources

No textbook is required, but if you would like additional resources the following may be useful:

Course materials have been adapted from J. Alex Halderman and are available under a Creative Commons License.