# NETWORK SECURITY + LABORATORY (UNIT 1)

## Learning outcomes of the course unit

The course aims to provide the student with the knowledge of the main security mechanisms and protocols used for securing communications and for protecting computer networks; in particular the knowledge and understanding of:

- applied cryptography;

- main algorithms and protocols for authentication and for securing data exchanges;

- main communication security protocols;

- possible network vulnerabilities and main network protection mechanisms.

The abilities in applying the above-mentioned knowledge are in particular in the:

- analysis of authentication and data protection schemes based on symmetric and/or asymmetric cryptography;

- design of mechanisms for authentication and secure data exchange;

- configuration and use of standard security protocols and algorithms (e.g. IPSec and TLS protocols; AES, DES, 3DES, RSA cryptography algorithms; digital signature and certificates X.509 and PGP; etc.)

- use of tools for network monitoring and vulnerabilities scanning;

- configuration of systems (e.g. firewalls) for network protection.

## Prerequisites

Familiarity with TCP/IP stack and networking.

## Course contents summary

1) Basics of cryptography and authentication mechanisms

- Basics of symmetric (classic) cryptography and examples of algorithms (DES, 3DES, AES)

- Basics of asymmetric cryptography and examples of algorithms(RSA, Diffie-Hellman, DSA); advantages and disadvantages

- Hash and MAC functions (MD5, SHA, HMAC)

- Authentication algorithms, based on both symmetric and asymmetric cryptography

- Key exchange, agreement, and distribution

- Digital signature, digital certificates, certification authority, Public Key Infrastructure, standard X.509, PGP (Pretty Good Privacy)

2) Security protocols

- Protocols for authentication and key exchange (Kerberos, AAA, RADIUS)

- Protocols for secure communications at IP layer (IPSec/AH/ESP), and virtual private networks (VPNs)

- Protocols for secure communications at transport (SSL/TLS) and application layer

3) Network vulnerabilities and countermeasures

- Vulnerabilities of TCP/IP protocols, attacks and countermeasures (sniffing, network and port scanning, spoofing, flooding, buffer overflow, etc.)

- Firewall (packet filtering, ALG, NAT, DMZ), examples of network configurations

- Protocols for FW and NAT traversal (STUN e TURN)

- Intrusion Detection System (IDS)

- Anonymity networks

## Course contents

Syllabus (every lecture = 2 hours)

Lecture 1: course organization, objectives, textbooks, exam details; preview of the course; security services; attacks; security tools; symmetric cryptography: introduction; cryptography and cryptanalysis; cipher example (Caesar cipher)

Lecture 2: symmetric cryptography: types of attacks; side channel attack; computational security; example of cryptanalysis; substitution cipher; polyalphabetic substitution cipher; one time pad (OTP) cipher; transposition

Lecture 3: product cipher; steganography; block and stream ciphers; block ciphers: block size; substitution and permutation; Feistel cipher; DES

Lecture 4: double DES; TDEA; IDEA; AES; usages of symmetric cryptography; encryption of long messages; padding; ECB

Lecture 5: encryption of long messages: ECB; examples of attacks to ECB; CBC; examples of attacks to CBC; OFB; CFB; CTR; CBC-MIC, Unix crypto; hash functions; brute force attack

Lecture 6: birthday paradox; MD5; SHA; usages of hash functions

Lecture 7: message authentication; MAC and HMAC functions, number theory: group, ring, field

Lecture 8: number theory: modular arithmetic, relative prime, Euclid's algorithm, multiplicative inverse, extended Euclid's algorithm, Fermat's theorem, Euler's theorem

Lecture 9: extended Euclid's algorithm; examples, Fermat's theorem; Euler's theorem

Lecture 10: Euler's theorem demonstration; RSA; RSA example; RSA public and private kes

Lecture 11: discrete logarithm, DH, MITM attack to DH; digital signature; RSA

Lecture 12: DSA; zero-knowledge identification; Fiat-Shamir

Lecture 13: peer entity authentication; password management; one-time password

Lecture 14: general expression of the totient function; challenge-response authentication schemes

Lecture 15: exercises

Lecture 16: symmetric-cryptography-based key establishment; server-based key establishment

Lecture 17: public-key based key establishment; public key distribution; digital certificates

Lecture 18: digital certificates; cert chain; trust path; certification authority (CA); public key infrastructure (PKI); X.509 certificates; PKCS; certification revocation list (CRL)

Lecture 19: X.509 issues; PGP; AAA; HTTP authentication

Lecture 20: RADIUS; Diameter; Kerberos; security at PH, IP, TLS, and Application levels; IPSec; transport and tunnel modes;

Lecture 21: IPSec security association (SA); AH; ESP; IKE; transport Layer Security (TLS)

Lecture 22: TLS handshake; TLS analysis (wireshark); anonymity; high-latency anonymity systems; low-latency anonymity systems

Lecture 23: onion routing; network vulnerabilities; sniffers; eavesdropping; MITM;

Lecture 24: spoofing; ARP spoofing; TCP spoofing; ICMP attack; distributed DoS (DDoS) attacks; routing attacks; DHCP attacks; DNS poisoning; network scanning; host scanning; port scanning

Lecture 25: firewall: packet filter; PF examples; application level gateway (ALG); firewall configurations

Lecture 26: packet filter exercises; linux netfilter/iptables; NAT

Lecture 27: intrusion detection system (IDS); exercises

## Recommended readings

[1] L. Veltri, "Network Security", Slides of the course

[2] W. Stallings, "Cryptography and Network Security: Principles and Practice", Book

## Teaching methods

Classroom teaching (36h), and in class exercises (6h) carried out by the teacher with students, and laboratory acitvities.

## Assessment methods and criteria

Exams

The exam can be succeeded as:

1) divided into two written examinations, at the middle and the end of the course, together with a project carried out during the course, that complete the exam; or

2) written and oral exam, during regular scheduled examinations.

The written exam is composed of questions and exercises.

Examples of exercises are shown and solved during the course.