CS-243: Network Security Protocols
Dr. Radia Perlman
Catalog Number: 9584
Meeting: Friday 2-5
Maxwell-Dworkin G-115
Announcements
- Please submit all homework in PS, PDF, or plain text format to cs243-submit@eecs.harvard.edu by 1:59 PM (immediately before class) on the deadline date indicated, unless otherwise posted.
- Please send general class-related questions to cs243-staff@eecs.harvard.edu.
- The TF's will hold section on Wednesdays in MD-319 from 2-3 pm. The
section will be informal Q and A style, so bring your questions.
- The first two quizzes for the course will be February 21 and March 14.
- Chapter 2 of Network Security: Private Communication in a Public World [ PDF ].
- Jonathan Ledlie's slides on SPKI from April 11 [ PDF ].
- Chaitra Chandrasekhar's slides on TCPA from April 25 [ PS | PDF ].
- Review questions for the third quiz [ TEXT ].
- The vulnerability in cross-realm authentication for Kerberos 4.
Resources
Week
|
Slides
|
Homework
|
Deadline
|
Value
|
Median
|
Mean
|
St Dev
|
| 1 |
[ PS | PDF ] |
HW1 [ PS | PDF ] |
2003.02.07 |
14 |
11 |
10.93 |
2.40 |
| 2 |
[ PS | PDF ] |
HW2 [ PS | PDF ] |
2003.02.14 |
25 |
18 |
18.28 |
3.95 |
| 3 |
[ PS | PDF ] |
HW3 [ PS | PDF ] |
2003.02.21 |
15 |
13 |
12.17 |
2.69 |
| 4 |
[ PS | PDF ] |
HW4 [ PS | PDF ] |
2003.02.28 |
27 |
24 |
23.23 |
4.03 |
| 5 |
[ PS | PDF ] |
HW5 [ TEXT ] |
2003.03.07 |
11 |
10 |
9.60 |
1.28 |
| 6 |
[ PS | PDF ] |
|
|
|
|
|
|
| 7 |
[ PS | PDF ] |
HW6 [ HTML ] |
2003.03.21 |
26 |
22 |
20.83 |
3.74 |
| 8 |
[ PS | PDF ] |
HW7 [ TEXT ] |
2003.04.11 |
22 |
18 |
17.25 |
2.11 |
| 9 |
[ PS | PDF ] |
HW8 [ TEXT ] |
2003.04.18 |
16 |
13 |
12.71 |
1.98 |
| 10 |
[ PS | PDF ] |
HW9 [ TEXT ] |
2003.04.25 |
17 |
15 |
14.44 |
2.09 |
| 11 |
[ PS | PDF ] |
|
|
|
|
|
|
Quiz
|
Date
|
Value
|
Median
|
Mean
|
St Dev
|
| 1 |
2003.02.21 |
100 |
73 |
72.33 |
13.56 |
| 2 |
2003.03.14 |
100 |
79 |
77.10 |
12.74 |
| 3 |
2003.05.02 |
100 |
75 |
74.80 |
14.46 |
Course Description
A study of what it takes to make a network secure, starting
with an analysis of the sometimes conflicting goals (e.g.
anonymity vs. traceability) through the mechanisms that
can be used to achieve these goals. Covers in depth both
the design options available and the design decisions made
in various deployed systems, including Kerberos, IPsec, SSL,
and X.509.
What You Will Learn
The focus of this course is understanding cryptographic-based
network security protocols. Cryptography will be reviewed, but
more from the point of view of understanding the properties
of various algorithms and the practical issues in their use,
rather than the math behind them. General networking will also
be covered in order to understand the implications of various
approaches, for instance, implementing IPsec ("layer 3") vs
SSL ("layer 4") vs link layer protection. System issues will
be covered, such as what trust models would make organizational
sense, and how many components need to be reachable for
communication to be possible.
Course Logistics
Lectures will be 2-5 PM on Fridays. Students are expected to
come to lectures, and to take part in discussions. When interesting
issues come up, such as whether a particular standard or implementation
of a protocol has a particular quirk, part of "class participation"
is volunteering to research the issue and report back to the class.
There will be near-weekly problem sets, assigned at one lecture
and due at the next lecture. You can work with other students,
but writeups must be independently done, and you should say
who you worked with.
The textbook for the course is the second edition of Network Security:
Private Communication in a Public World. Students are encouraged
to get a copy of the textbook as soon as possible. The cheapest way
to get it is through bookpool.com. You can find a link to the
textbook here.
There will be periodic quizzes, perhaps 4. These will be during
the first hour of class.
There will be no final exam, no programming projects, and no required
papers.
Grading will be based 1/3 homework, 1/3 quizzes, and 1/3 class participation.
Contact Information
My email is radia.perlman@sun.com.
The subject line of any course-related email must contain the string CS243
if you want me to notice it.
My office phone number is 781-442-3252.
The TFs for the course are Rachel Greenstadt and Geoff Goodell. They can often be found in
their office, MD-207. Rachel will hold office hours on Thursdays, 8-9 pm, and
Geoff will hold them Tuesdays, 2-3 pm.
To contact each other, or possibly TFs, you can use the irc channel #cs243
on irc.eecs.harvard.edu
Topics Covered
This is a new course, and the details of the content are subject
to change, but the following list captures the spirit of the course:
- Introduction: meaning of "security", threats, general networking
overview
- Introduction to cryptography; public keys, secret keys, digests,
- Details of some algorithms such as Diffie-Hellman and RSA
- Modes of operation; CBC, triple DES, OFB, CFB, CTR, and their
implications
- Authentication; special issues with people, algorithms such
as Lamport's hash, issues with using passwords as keys
- Getting private keys to people
- Key distribution with secret key schemes, e.g., Kerberos
- Details of Kerberos, and analysis
- Key distribution with public keys
- Analysis of PKI models
- Authorization, groups, attributes
- Security handshakes; properties such as PFS, identity hiding,
DOS protection, pitfalls such as reflection attacks
- Strong password protocols
- Overview and analysis of various standards; PKI, SSL, IPsec
- Email; potential features, methods of obtaining them
- Routing resistant to Byzantine failure