1

Computer Engineering DepartmentIslamic University of Gaza

ECOM 6321Network Security

Spring 2013-2014(Graduate course)

Lecture 1

Syllabus

2

Prof. Mohammad A. MikkiProfessor of Computer Engineering

ECE Department , Faculty of Engineering

Office Location: I215 (IT Building)Tel. +970-8-2860700  Ext. 2876

Skype: mohammad.mikkiemail: mmikki@iugaza.edu.ps

Homepage: http://site.iugaza.edu.ps/mmikki/

Instructor Contact Information

Instructor’s Office hours

3

Sat. ,Sun. , Mon. ,Tue. , Wed. 11:00 am – 12:00 noon

and by appointment

Outside of office hours call or e-mail to insure that I am available, especially before going over the IT Building

Course Information

Course Code: ECOM 6321 Course Name: Advanced Computer Networks Number of credits: 3 Class hours:

4

Section Lecture Time Location

101 Tue.2:00 pm – 5:00 pm

K402

Course Description and Overview

This course focuses on basic concepts in network security. It aims to introduce students to the fundamental techniques used in implementing secure network communications, and to give them an understanding of common threats and attacks, as well as some practical experience in attacking and defending networked systems.

The course covers selected areas in network security, with particular focus on critical security services such as authentication and access control, firewalls, domain naming service and other real-time protocols for the Internet, traffic monitoring and intrusion detection, malware propagation and detection, web security, anonymity and privacy, securing web browsers, among others. Where appropriate, we examine threats and vulnerabilities to specific architectures and protocols.

There will be a course project requiring an in-class presentation. Several topics areas will be suggested for projects, though students are encouraged to explore ideas of their own. Students will carry out the course project with the goal of publication in a conference.

Class will combine lectures, discussions of reading, and presentations of recent research papers by students.

5

Course Topics

Basics of cryptography: cryptographic hash functions, symmetric and public-key encryption

Authentication and key establishment Buffer overflow attacks Web security Internet worms, viruses, spyware Spam, phishing, botnets, denial of service TCP/IP and DNS security Firewalls and intrusion detection systems Wireless security

6

Course Objectives

The goal of this course is to expose students to recent advances in network security.

All students, and most of the general population, use computers and computer-based systems everyday, and entrust those systems with life-critical and cost-critical functions.

In spite of the high level of trust placed in computer-based systems, even advanced computer users have little awareness of their exposure to security threats.

The general lack of understanding of basic computer security concepts leads to increased risk and costs involved in using computers.

This course will introduce computer security basics in a practical way and give students the understanding that they need to protect themselves, and their data, from malicious attack. Students will learn about the mechanisms behind most computer attacks and they will learn about standard defense tools including firewalls and anti-virus programs.

In the process of learning computer network security, students will be exposed to reading, presenting, and discussion of research papers in the advanced topics of computer networks.

7

Course Outcomes

At the end of this course, you should be able to 

Explain common security threats, including malware. Analyze security vulnerabilities in computer systems. Apply authentication and cryptography to secure computer systems. Use open source tools to improve system security. Understand the fundamentals of network security. Describe the processes of auditing and incident response. Understand ethical and legal considerations encountered when working in information security. Improve your network security research, writing, and presentation skills

8

Course Website

http://moodle.iugaza.edu.ps

I will post: lecture notes, project suggested topics, quiz solutions, exam solutions, announcements, etc.

Couse on moodle will also include: forum(s), project reports submission tools, paper review submission tools, etc.

Please check this webpage at least once a week for lecture notes, quiz and exam solutions, supplementary material, announcements, etc.

9

Required Material

- There is no official text for the course.

- Students will be assigned research papers for reading, review, and presentation.

10

Readings and reviews

All classes will have two assigned readings, which we will all read prior to class and discuss during the class. Reading the papers is essential to get the most out of this course!

A quiz is given at beginning of class on papers to be presented in the class.

11

Readings and reviews

Write a short 1 paragraph review for each paper before beginning of the class. A one-paragraph review is sufficient (longer is usually not better!). Your reviews should not summarize the paper or repeat the abstract — we all read the paper already.

Goal: synthesize main ideas/conceptsCritique the reading, do not summarizeAlso list questions you had about the paper, and ask them in class discussionyour review should comprise at least two comments on the paper. Your comments should supply information that is not in the paper itself. For example, a comment might be: - an advantage of the paper's design that was not discussed in the paper - a suggestion of a way to extend or build on the paper in future work -Post your review on moodle

12

Readings and reviews

Submit your review by 12:00 noon on the day of the lecture for which the paper was assigned, by posting it on the moodle site.

You are encouraged to read, think about, and comment on the other students' reviews, so that our time will be productive when we are all together discussing the papers.

However, it would be wise to at least write down notes on your own thoughts independently, before you read the other students' comments. Your reviews should contain material that doesn't appear in the other students' reviews. (If you independently produce the same idea, that's fine. Copying other students' reviews, however, is obviously plagiarism.)

Reviews that are submitted on time and meet the guidelines above will be given full credit. The overall review grade for the course may be determined based on all the of reviews over the semester.

13

Class Schedule

14

Week Topic Readings and notesAdmin

Week 1 Class cancelled

Week 2Course overview/Security basics

Syllabus/Course introduction and overview

01-Symantec: Internet Security Threat Report

01-Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

Week 3

Vulnerabilities and Network malware (Types of Security Attacks)

02-Malware- A View on Current Malware Behaviors

02- Malware- Practical Malware Analysis

Project ideas/suggested topics

Week 4

Operating System Security

03-OS Security- Operating System Security and Secure Operating Systems-2003

03-OS Security-Understanding Android Security

Quiz #1 on this week’s papers

 Project proposals due

Class Schedule

15

Week 5

Network security/Security problems in network protocols

04- Network security - A Technical Comparison of IPSec and SSL- 2005

04- Network security-A Survey of BGP Security- 2010

 Quiz #2 on this week’s papers

Week 6Network firewalls and related technologies

05- Firewalls- Network Firewall Technologies – 2009

05- Firewalls-network firewalls- IEEE 1994

 Quiz #3 on this week’s papers

Week 7 Web security

06- Web security-The Security Architecture of the Chromium Browser

06- Web security-Third-Party Web Tracking Policy and Technology

 Quiz #4 on this week’s papers

Week 8SQL injection, cross-site scripting

07- Web security- Next Generation Clickjacking - white paper

07- Web security-Cross Site Scripting Explained

 Quiz #5 on this week’s papers

Week

Topic Readings and notesAdmin

Class Schedule

16

Week 9Application security

08- Appl. Security- Database Security – 2008

08- Appl. security-What e-mail hackers know that you don’t

 Quiz #6 on this week’s papers

Week 10

Cryptography/Authentication Protocols and Authenticated Key Management

09- Cryptography- Kerberos An Authentication Service for Open Network Systems- 1988

09- Cryptography-Ten Risks of PKI

Quiz #7 on this week’s papers

Week 11Project intermediate report presentations   

Week 12Wireless Security

10- Wireless security-WIRELESS LAN SECURITY AND IEEE 802.11I – 2005

10- wireless security-Wireless Network Security and Interworking

 Quiz #8 on this week’s papers

Week Topic Readings and notes Admin

Class Schedule

17

Week 13

 Project final report presentations

Week 14Course conclusion and discussion

Project final report due 

 

 

Week Topic Readings and notes Assigned Presenter

Class Expectations

Class participation – Your input is needed for good discussion

Keep up with reading research papers

Complete project on time

Submit clean, organized, and concise reading papers reviews,

and project reports

Identify potential project partners early (in one week, if possible)

Follow academic integrity code

20

Grading Scheme

Course research project:Proposal 3%Midterm report 6%Midterm presentation 3%Final paper/report 18%

20%

Class participation (attendance, class discussion, forums through moodle)

10%

Paper presentation 20%

Quizzes 20%

Final Exam 30%

21

Your final grade for the course will be based on the following weights:

Research project

The research project is the highlight of the course. The goal is to produce novel research related to network security that, by the end of the semester, would be publishable as a short paper in a top quality workshop, and when expanded to a full paper would be publishable in a top-quality conference.

You may work alone or in groups of two. Larger groups should discuss with the instructor first.

The main steps in the research project are as follows:– During the first two weeks of the course, you should think about

projects you might like to do. The instructor will suggest some topics, but it's even better if you have ideas of your own.

22

Research project Proposal

Project proposal: Submit a project proposal to the instructor via moodle in the beginning of the third week (the exact date will be posted on moodle).

Your group should submit a single proposal. Microsoft Word format is required.

The proposal should be at most one page of text, informally describing – the problem you plan to address, – what will be your first steps to attack the problem, – what is the most closely related work, and why it has not addressed your

problem, and – if there are multiple people on your project team, who they are and how

you plan to partition the work among the team.

Remember ... the proposal can be short and informal as long as it demonstrates that you have a reasonable project and know how to attack it. The instructor will either approve the project or ask for a revision.

23

Research project

Midterm presentation: Give a 15-minute presentation in class describing what problem you are solving, why existing approaches will not solve your problem, your solution approach, and your progress in your solution. You must demonstrate progress in your solution and the midterm presentation is worth 10% of your project grade, so it would be good to start work on the project early.

Midterm paper: This is a short paper suitable for submission to a workshop. It should clearly state the problem being solved, importance of problem, Related work, Your approach, what work has been done, work to be done, and partial results. The paper should be at most 8 pages for one-person projects, and at most 12 pages for two-person projects. But you will be judged on approach, not page-count!

Final paper: This is a short paper suitable for submission to a conference. It should clearly state the problem being solved, importance of problem, Related work, Your approach, evaluation, and results, Summary of conclusions, discussion of limitations, and future work. The paper should be at most 8 pages for one-person projects, and at most 12 pages for two-person projects. But you will be judged on results, not page-count!

24

Research project

Dates for the above steps will be announced on the moodle. In general, you are encouraged to meet with the instructor and seek advice on the project as often as you like.

Can a project be shared with another course's project or independent research? It is OK, and often a good idea, to work on a class project that complements your other ongoing projects and has a related topic. However, you should identify the piece of the larger project that you are working on for ECOM 6321, with separate pieces for other courses.

25

26

any questions

¿