COMS W4180 — Network Security: Lectures

Chapter 1 of Kaufman et al.
Chapter 1 of Cheswick et al.

Chapters 4-6 of Kaufman et al.
Appendix A of Cheswick et al. or section 13.1 of that part of the first edition.

Reading:

• Whitfield Diffie and Martin E. Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory IT-22:6, November 1976. Use this link to find the journal, then navigate to the issue.
• W. Diffie, "The First Ten Years of Public Key Cryptography", Proceedings of the IEEE 76:5, May 1988. Navigate from here.
• R. L. Rivest, A. Shamir, L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems", Communications of the ACM 21:2, February 1978. (Recommended) Use this link from campus, or navigate from here.
• John Gordon, "The Story of Alice and Bob", excerpt from after-dinner speech at the Zurich Seminar, April 1984. (Recommended, and very funny in a geeky sort of way...)

Robert H. Morris and Ken Thompson, Password security: a case history, Communications of the ACM 22:11, November 1979

Readings:

• Designing an Authentication System: a Dialogue in Four Scenes
• Kaufman et al., chapters 13-14

Reading:
Chapter 19 of Kaufman et al.

Readings:

• Chapter 25 of Kaufman et al.
• Chapter 4 of Cheswick et al.

Readings:

• Chapter 20-22 of Kaufman et al.
• Secure Email

Reading:
Chapter 17 of Kaufman et al.

Reading:
Chapter 18 of Kaufman et al.

Readings:

• SSH --- Secure Login Connections over the Internet, Tatu Ylönen, Proceedings of the Sixth Usenix Security Symposium, 1996.
• Inoculating SSH against address-harvesting worms, S. E. Schechter, J. Jung, W. Stockwell, and C. McLain, May 2005.

Reading:
Section 26 of RFC 3261

Readings:

• Stalking the wily hacker, Cliff Stoll, Communications of the ACM 31:5, May 1988.
• An Evening with Berfered, Chapter 10 of the first edition of Firewalls and Internet Security: Repelling the Wily Hacker, William R. Cheswick and Steven M. Bellovin, Addison-Wesley, 1994, or Chapter 16 of the second edition.
• Shadow Hawk Busted Again, Phrack 16, File 11 (Nov 1987) (recommended)
• Chicago Phone Freak Gets Prison Term, Risks Digest 8:29, 22 February 1989 (recommended)
• Chapter 15 of Cheswick et al. (recommended)

Readings:

• F-Secure Corporation's Data Security Summary for 2003
• IBM Christmas Card Virus, RISKS Digest 5.80, December 21, 1987.
• The Internet Worm Program: An Analysis, Purdue Technical Report CSD-TR-823. Eugene H. Spafford. Department of Computer Sciences. Purdue University
• How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson, and Nicholas Weaver. Proceedings of the 11th USENIX Security Symposium, 2002.

Readings:

• Project Neptune, daemon9, route, infinity. Phrack Magazine, Vol. 7, Issue 48, File 13.
• Stopping the Flood, Avi Freedman. ISP Tech Talk, March 1997.
• SYN Cookies, Dan Bernstein.

Readings:

• Intercepting Mobile Communications: The Insecurity of 802.11, Nikita Borisov, Ian Goldberg, and David Wagner. MOBICOM 2001.
• The Final Nail in WEPs Coffin, Andrea Bittau, Mark Handley and Joshua Lackey, IEEE Symposium on Security and Privacy, 2006 (recommended).

Readings:

• Who Goes There?: Authentication Through the Lens of Privacy, National Academies Press, 2003. Chapter 3. (The HTML version is much more readable than the "full text" version.)