CE 40-817: Advanced Network Security

Saturday/Monday 1330:1500
Room: 103

Office Hours: TBA

Description:

Networking technologies have had enormous growth in the past decade, and increasingly our daily lives depends on them. As this dependence grows further, the security of these networks becomes more critical and important. To that end, this course is a continuation of the “Data and Network Security” course which is being offered at the undergraduate level. Building on the topics covered there, the aim of this course is to introduce advanced concepts and mechanism in network security and familiarize the student with current day issues in the field. Topics which will be covered to various extends include Firewalls, IDS/NIDS, DoS/DDoS, Routing Security, Wireless Security, Web Security (i.e. Cookies, Phishing, etc.), Privacy/Traffic Analysis, Anonymity, Worms/Malware, Honeypots, Network Forensics, and VoIP Security.

References: There will be many research papers used as reference for this course.

Policies:

Grading policy is as follows. This is tentative.
- 50% Homework
- 50% Final
There will be no exceptions to the following rules:
- If you turn in your assignment one day late you will loose 25% of the grade, two days will cost you 50% and three days 75% of the grade. No submissions will be accepted after the third day.
- Cell Phones must be turned off when you are in class.
- There will be a zero tolerance policy for cheating/copying HWs. The first time you are caught, you will receive a zero for the task at hand. If you are caught for a second time, you will fail the course.
- Providing your assignment to someone else is considered cheatingon your behalf.

Important Info:

Grades: [PDF]

Homeworks:

Homework 0: Watch this ~~presentation~~ on scientific ethics made by Dr. Kiarash Bazargan, a local copy is available here.

Homework 1: [PDF] Due Mehr 28th, 11:59 PM. vuln file

Homework 2: [PDF] Due Aban 24th, 11:59 PM. Botnet.pcap

Homework 3: [PDF] Due Azar 17th, 11:59 PM. Trace Files: HW3-Traffic-Analysis.zip

Homework 4: [PDF] Due Dey 12th, 11:59 PM., VM Image (1GB), Wireless Traffic (20MB)

Course Material:

-6/28:

Lecture 1-Introduction [PDF]
We talked about Buffer Overflows in class, here are some references/animated examples:
- Smashing The Stack For Fun And Profit, by Aleph1
- How do buffer overflow attacks work? Go through the following examples:
  - Jumps: How stacks are used to keep track of subroutine calls.
  - Stacks: An introduction to the way languages like C use stack frames to store local variables, pass variables from function to function by value and by reference, and also return control to the calling subroutine when the called subroutine exits.
  - Spock: Demonstrates what is commonly called a "variable attack" buffer overflow, where the target is data.
  - Smasher: Demonstrates a "stack attack," more commonly referred to as "stack smashing."

-6/30:

Lecture 2- Threats and Attacks [PDF]
Reading material:
- Security Problems in the TCP/IP Protocol Suite,S.M. Bellovin, Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989.

-7/4:

Lecture 3- Firewalls I [PDF]
Reading material:
- Textbook, Chapters 9-11
- Recommended -

-7/6:

Lecture 4- Firewalls II [PDF]

-7/11:

Lecture 5- IDS I [PDF]
Reading material:
- An Introduction to Intrusion-Detection Systems, Hervé Debar, Proceedings of Connect’2000, Doha, Qatar, April 29th-May 1st, 2000.
- Attack/Threat modeling:
  - Threat Modeling
  - Attack Trees, by Bruce Schneier

-7/18:

Lecture 6- IDS II [PDF]
Reading material:
- Attack/Threat modeling:
  - Threat Modeling
  - Attack Trees, by Bruce Schneier

-7/20:

Lecture 7- DoS I [PDF]
Reading material:
- Stopping the Flood, Avi Freedman. ISP Tech Talk, March 1997.
- SYN Cookies, Dan Bernstein.

-7/25:

Lecture 8- DoS II [PDF]
Reading material:
- Exploiting P2P Systems for DDoS Attacks, N. Naoumov, and K.W. Ross, International Workshop on Peer-to-Peer Information Management, Hong Kong, May 2006.
- Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications, Ion Stoica, Robert Morris, David Liben-Nowell, David R. Karger, M. Frans Kaashoek, Frank Dabek, Hari Balakrishnan, Transactions on Networking, Vol 11, 2003.
- Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants), A. Kuzmanovic and E. Knightly, in Proceedings of ACM SIGCOMM 2003, Karlsruhe, Germany, August 2003.
- Low-Rate TCP-Targeted Denial of Service Attacks and Counter Strategies, A. Kuzmanovic and E. Knightly, IEEE/ACM Transactions on Networking, 14(4):739-752, August 2006.

-7/27:

Lecture 9- Worms I [PDF]
Reading material:
- How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson, and Nicholas Weaver, 11th USENIX Security Symposium (Security 02).

-8/4:

Lecture 10- Worms II [PDF]
Reading material:
- Automated Worm Fingerprinting, Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage, Proceedings of the ACM/USENIX Symposium on Operating System Design and Implementation, San Francisco, CA, December 2004.
- Fingerprinting by Random Polynomials, Michael O. Rabin. Center for Research in Computing Technology, Harvard University. Tech Report TR-CSE-03-01
- Bitmap Algorithms For Counting Active Flows on High Speed LinksC. Estan, G. Varghese, M. Fisk, Internet Measurement Conference 2003
- Polygraph: Automatic Signature Generation for Polymorphic WormsJames Newsome, Brad Karp, Dawn Song. In IEEE Security and Privacy Symposium, May 2005.

-8/9:

Lecture 11- Botnets [PDF]

-8/11:

Lecture 12- Honeypots I [PDF]
- A Virtual Honeypot Framework, Niels Provos, 13th USENIX Security Symosium, San Diego, CA, August 2004.
- Honeyd Manual Page, Niels Provos, Honeyd Man Page, November 2003.
- Sebek

-8/16:

Lecture 13- Honeypots II [PDF]
Reading material:
- Anti-Honeypot Technology, Neal Krawetz of Hacker Factor Solutions, IEEE Security and Privacy, 2004.
- Honeycomb — Creating Intrusion Detection Signatures Using Honeypots, C. Kreibich and J. Crowcroft. 2nd Workshop on Hot Topics in Networks (HotNets-II), 2003, Boston, USA.

-8/18:

Lecture 14- Spyware [PDF]
Reading material:
- A Crawler-based Study of Spyware on the Web Alexander Moshchuk, Tanya Bragin, Steven D. Gribble, and Henry M. Levy. Proceedings of the 13th Annual Network and Distributed Systems Security Symposium (NDSS 2006), San Diego, CA, February 2006.

-8/23:

Lecture 15- Phishing I [PDF]
Reading material:
- Anti-Phishing Game

-8/25:

Lecture 16- Phishing II [PDF]
Reading material:
- CANTINA: A Content-Based Approach to Detecting Phishing Web Sites, Yue Zhang, Jason Hong, Lorrie Cranor, WWW 2007.
- An Inquiry into the Nature and Causes of the Wealth of Internet Miscreantsason Franklin, Vern Paxson, Adrian Perrig, and Stefan Savage, Proceedings of 14th ACM CCS, November 2007.

-:

Lecture 17- Traffic Analysis [PDF]
Reading material:
- Introduction to Traffic Analysis, Richard Clayton, George Danezis, Digital Privacy: Theory, Technologies, and Practices, 2007, ISBN 9781420052176.
- Timing Analysis of Keystrokes and Timing Attacks on SSH, D. Song, D. Wagner, and X. Tian,10th USENIX Security Symposium, 2001.
- Devices That Tell On You: Privacy Trends in Consumer Ubiquitous Computing, T. Scott Saponas , Jonathan Lester, Carl Hartung, Sameer Agarwal , Tadayoshi Kohno, 16th USENIX Security Symposium, 2007.

-

Lecture 17 continued

-:

Lecture 18- Anonymity I [PDF]
Reading material:
- Networks without user observability, Pﬁtzaman, A. and Waidner, Computer Security, 1987.
- Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, David L. Chaum, Communication of the ACM, Vol. 24, No. 2, Feb 1981.
- Anonymity, Unobservability, and pseudonymity- A Proposal for Terminology, Marit Kohntopp, and Andreas Pﬁtzman, Draft v.012 June 17, 2001.
- The dining cryptographers problem: unconditional sender and recipient untraceability, David L. Chaum, journal of cryptology, 1:56-75, 1988.
- Crowds: Anonymity for Web Transactions, Reiter M.K. and Rubin A.D., ACM Transactions for on Information and System Security, 1(1):66-92, November 1998.
- Anonymous connection and onion routing, Syverson P., Goldshlag D., and Reed M., IEEE Journal on Selected Areas in Communications, VOL. 16, NO. 4, MAY 1998.

-:

Lecture 19- Anonymity II [PDF]
Reading material:
- Tor: The Second-Generation Onion Router, Roger Dingledine and Nick Mathewson, The Free Haven Project; Paul Syverson, Naval Research Lab, Usenix Security 2004.
- Low-Cost Traffic Analysis of Tor, Steven J. Murdoch and George Danezis, Proceedings of the 2005 IEEE Symposium on Security and Privacy.
- Low-resource routing attacks against tor, Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker, Workshop on Privacy in the Electronic Society, 2007.

-:

Lecture 20- Routing Security I [PDF]
Reading material:
- A Survey of BGP Security, K. Butler, T. Farley, P. McDaniel, and J. Rexford, Technical Report TD-5UGJ33, AT&T Labs - Research, Florham Park, NJ, Feb. 2004.

-:

Lecture 21- Routing Security II [PDF]
Reading material:
- Visual-based Anomaly Detection for BGP Origin AS Change (OASC) Events, Soon-Tee Teoh, Kwan-Liu Ma, S. Felix Wu, Dan Massey, Xiao-Liang Zhao, Dan Pei, Lan Wang, Lixia Zhang, Randy Bush, DSOM 2003.

-:

Lecture 22- Network Forensics [PDF]
Reading material:
- Toward a Framework for Internet Forensic Analysis, V. Sekar, Y. Xie, D. Maltz, M. Reiter, H. Zhang, HotNets-III, 2004.
- Payload Attribution via Hierarchical Bloom Filters, Kulesh Shanmugasundaram, Hervé Brönnimann, and Nasir Memon. ACM Computer Communications and Security (CCS 04), Washington, DC, 2004.

-:

Lecture 24- Wireless Security I [PDF]
Reading material:
- Intercepting Mobile Communications: The Insecurity of 802.11, Nikita Borisov, Ian Goldberg, and David Wagner, Proceedings of the 7th annual international conference on Mobile computing and networking, 2001.

-:

Lecture 25- Wireless Security II [PDF]
Reading material:
- 802.11 Denial of Service Attacks: Real Vulnerabilites and Practical Solutions, J. Bellardo, and S. Savage, Usenix Security 2003.
- Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting, J. Franklin, D. McCoy, P. Tabriz, V. Neagoe, J. Randwyk, D. Sicker, Usenix Security 2006.

-:

Lecture 26- VoIP Security [PDF]
Reading material:
- Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting, J. Franklin, D. McCoy, P. Tabriz, V. Neagoe, J. Randwyk, D. Sicker, Usenix Security 2006.