- Jan 20
- Jan 22
Basic Concepts of Network Security
- Chapter 1 of Kaufman et al.
- Chapter 1 of Cheswick et al.
- Jan 27
Introduction to Cryptography, Part I
- Chapters 2-4 of Kaufman et al.
- Appendix A of Cheswick et al. or section 13.1 of the first edition.
- Jan 29
Introduction to Cryptography, Part II
- Chapters 5-6 of Kaufman et al.
- Chapters 7-8 of Kaufman et al. (optional)
- Feb 03
- Modes of Operation
- Feb 05
- Authentication; Certificates
- Feb 10
Key exchange protocols; Kerberos
- Designing an Authentication System: a Dialogue in Four Scenes
- Kaufman et al., chapters 13-14
- Feb 12
- Chapter 19 of Kaufman et al.
- SSL & TLS Essentials: Securing the Web, Stephen A. Thomas, Wiley Computer Publishing, 2000. See especially Chapter 3. (recommended; available as an E-book via CU library)
- SSL and TLS: Designing and Building Secure Systems, Eric Rescorla, Addison-Wesley, 2001. See especially Chpater 3. (optional)
- Feb 17
Web Security I
- Chapter 25 of Kaufman et al.
- Chapter 4 of Cheswick et al.
- Steven M. Bellovin and Eric K. Rescorla, "Deploying a New Hash Algorithm", in Proceedings of the Symposium on Network and Distributed System Security, San Diego, CA, Feb. 2006.
- Feb 24
- Email Security II
- Feb 26
Chapter 17 of Kaufman et al.
- Mar 03
IPsec Key Management: IKE; IPsec Attacks
- Chapter 18 of Kaufman et al.
- Steven M. Bellovin, "Problem Areas for the IP Security Protocols", in Proceedings of the Sixth Usenix Unix Security Symposium, pp. 1-16, San Jose, CA, July 1996.
- Steven M. Bellovin, "Probable Plaintext Cryptanalysis of the IP Security Protocols", in Proceedings of the Symposium on Network and Distributed System Security, San Diego, CA, pp. 155-160, February 1997.
- Mar 05
- Mar 10
- SIP and VoIP
- Mar 24
Networked Storage Security
- RFC 3723 Securing Block Storage Protocols over IP. B. Aboba, J. Tseng, J. Walker, V. Rangan, F. Travostino. April 2004.
- Mar 26
- Intercepting Mobile Communications: The Insecurity of 802.11, Nikita Borisov, Ian Goldberg, and David Wagner. MOBICOM 2001.
- The Final Nail in WEPs Coffin, Andrea Bittau, Mark Handley and Joshua Lackey, IEEE Symposium on Security and Privacy, 2006 (recommended).
- Mar 31
- Kaufman et al., chapters 23
- Apr 02
- Firewalls II
- Apr 07
- Man page for nmap (on CLIC machines or here)
- Tyler Moore and Richard Clayton, "Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing", 2008. (draft)
- Apr 09
- Stalking the wily hacker, Cliff Stoll, Communications of the ACM 31:5, May 1988.
- An Evening with Berferd, Chapter 10 of the first edition of Firewalls and Internet Security: Repelling the Wily Hacker, William R. Cheswick and Steven M. Bellovin, Addison-Wesley, 1994, or Chapter 16 of the second edition.
- Shadow Hawk Busted Again, Phrack 16, File 11 (Nov 1987) (recommended)
- Chicago Phone Freak Gets Prison Term, Risks Digest 8:29, 22 February 1989 (recommended)
- Chapter 15 of Cheswick et al. (recommended)
- Apr 14
- Twitter StalkDaily Worm Postmortem
- 17-year-old Claims Responsibility for Twitter Worm
- F-Secure Corporation's Data Security Summary for 2003
- IBM Christmas Card Virus, RISKS Digest 5.80, December 21, 1987.
- The Internet Worm Program: An Analysis, Purdue Technical Report CSD-TR-823. Eugene H. Spafford. Department of Computer Sciences. Purdue University
- How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson, and Nicholas Weaver. Proceedings of the 11th USENIX Security Symposium, 2002.
- Apr 16
- Denial of Service Attacks
- Apr 21
- Routing Security
- Apr 23
Security for Ad Hoc Networks
- H Yang, H Y. Luo, F Ye, S W. Lu, and L Zhang, "Security in Mobile Ad Hoc Networks: Challenges and Solutions" (2004). IEEE Wireless Communications. 11 (1), pp. 38-47. (optional)
- D. Djenouri, L. Khelladi and A.N. Badache. "A Survey of Security Issues in Mobile Ad Hoc and Sensor Networks", Communications Surveys & Tutorials, IEEE, Vol. 7, Issue 4, pp. 2-28, Fourth Quarter 2005.
- Yih-Chun Hu , Adrian Perrig, "A Survey of Secure Wireless Ad Hoc Routing", IEEE Security and Privacy, v.2 n.3, p.28-39, May 2004 (optional)
- Apr 28
- Who Goes There?: Authentication Through the Lens of Privacy, National Academies Press, 2003. Chapter 3. (The HTML version is much more readable than the "full text" version.)
- Apr 30
- A Look Back at "Security Problems in the TCP/IP Protocol Suite", Steven M. Bellovin, invited paper, "classic papers" session, 20th Annual Computer Security Applications Conference, December 2004.
- "DNS and BIND Security Issues", Paul Vixie, Proceedings of the Fifth Usenix Unix Security Symposium, 1995.
- Steven M. Bellovin, "Using the Domain Name System for System Break-Ins", in Proceedings of the Fifth Usenix Unix Security Symposium, June, 1995.
- Derek Atkins and Rob Austein, Threat Analysis of the Domain Name System (DNS), RFC 3833, August 2004.
- May 12, 1:10-4:00
- Final exam