Yang Xiao Home

CS 572 (Fall 2023)
Network Security

Course Information

Instructor: Yang Xiao (contact: xiaoy[AT]uky.edu)
Meeting Times: M/W/F 11:00 AM – 11:50 AM Eastern Time (location: register course to know)
Office Hour: Hardymon Rm 233, Fri 1:00 PM – 2:30 PM Eastern Time and by appointment

Course Description

This course introduces students to the state of the art of network security problems and solutions. Topics include security issues in computer networks, the Public Key Infrastructure ecosystem, key exchange protocols, and security mechanisms and protocols at the application, transport, network and data link layers. It will also discuss up-to-date development in the field of network security.

Course Schedule (Tentative)

Week Agenda ([R] Required Reading, [S] Suggested Reading) Notes
1
  • 08/21: Lec01: Course introduction.
  • 08/23: Lec02: Basic concepts - trust, policy, risk, modeling. ([R] Ch 1.1, Ch 1.2,Ch. 1.3)
  • 08/25: Lec03: Security properties - the CIA Triad and more. ([R] 1.1, 1.7)
    		•   
    2
  • 08/28: Lec04: Networking recap - LANs, IP. ([R] Ch 10.7)
  • 08/30: Lec05: Networking recap - TCP, UDP
  • 09/01: Lec06: Networking recap - DNS, HTTP
    		•  08/29: HW1 out
    3
  • 09/04: Labor Day Holiday - no class
  • 09/06: Lec07: Networking - attacks ([R] Ch 11.3)
  • 09/08: Lec08: Crypto building blocks - information security, ciphers ([R] Ch 2.1-2.3)
    		• 09/07: HW1 due
    09/10: HW2 out
    4
  • 09/11: Lec09: Crypto building blocks - symmetric-key encryption/decryption, AES ([R] Ch 2.2)
  • 09/13: Lec10: Crypto building blocks - AES cipher modes, message authentication code (MAC) ([R] Ch 2.6, 2.7)
  • 09/15: Lec11: Crypto building blocks - public-key encryption/decryption, RSA, digital signature ([R] Ch 2.3, 2.4)
    • 5
  • 09/18: Lec12: Cryptographic hash, other topics ([R] Ch 2.5)
  • 09/20: Lec13: User authentication ([R] Ch 3.1-3.4)
  • 09/22: Lec14: Authentication protocols ([R] Ch 4.1, 4.2)
    		• 09/22: HW2 due
    09/25: HW3 out
    6
  • 09/25: Guest talk - Stephen Burr, Associate CIO & Enterprise CISO, University of Kentucky
  • 09/27: Lec15: Key establishment - KDC ([R] Ch 4.3-4.5)
  • 09/29: Lec16: Key establishment - Diffie-Hellman, Men-in-the-Middle (MITM) attacks ([R] Ch 4.3, 4.7)
    • 7
  • 10/02: Lec17: Public-Key Infrastructure (PKI) ([R] Ch 8.1, 8.2)
  • 10/04: Lec18: Web PKI and TLS ([R] Ch 8.5)
  • 10/06: Lec19: Levels of certification and PKI problems
    		• 10/06: HW3 due
    10/06: HW4 out
    8
  • 10/09: Lec20: Web security ([R] Ch 9.1, 9.3-9.4)
  • 10/11: Lec21: Web attacks; SQL injection ([R] Ch 9.5-9.7)
  • 10/13: Lec22: Web 3.0 and blockchain basics
    • 9
  • 10/16: Midterm Review
  • 10/18: Midterm Exam, in class
  • 10/20: Midterm go-over and Lec23: WLAN Background ([R] Ch 12-12.3)
    		• 10/15: HW4 due
    10
  • 10/23: Fall Break - no class
  • 10/25: Lec24: WLAN security ([R] Ch 12.4-12.6)
  • 10/27: Lec25: 802.11 RSN and more about Wi-Fi security ([R] Ch 12.7, 12.8)
    		• 10/27: HW5 out
    11
  • 10/30: Lec26: Firewalls ([R] Ch 10-10.2)
  • 11/01: Lec27: Tunnels, VPN, IPsec, SSH ([R] Ch 10.3-10.5)
  • 11/03: Lec28: Intrusion detection intro ([R] Ch 11-11.3)
    		•
    12
  • 11/06: Lec29: IDS/IPS systems
  • 11/08: Lec30: BGP & Inter-domain routing
  • 11/10: Lec31: RPKI and BGPsec
    		• 11/10: HW5 due
    13
  • 11/13: Lec32: Bitcoin ([R] Ch 13.1-13.7)
  • 11/15: Lec33: Ethereum ([R] Ch 13.8)
  • 11/17: Lec34: Blockchain security topics
    • 14
  • 11/20: Buffer/catch-up
  • 11/22: Thanksgiving Holiday - no class
  • 11/24: Thanksgiving Holiday - no class
    		•  11/20: HW6 out
    15
  • 11/27: Project presentations (12 minutes each)
    • Group 10: SCION Internet Architecture
    • Group 3: Wi-Fi Protected Access 3
    • Group 14: BGP Attacks - KLAYswap and MyEtherWallet Attack
    • Group 1: Ransomware Attacks - WannaCry and NotPetya
  • 11/29: Project presentations (12 minutes each)
    • Group 6: Front Facing Exploits
    • Group 5: Privacy Preserving Cryptocurrencies - Monero
    • Group 9: WannaCry Ransomware Attack and Bangladesh Bank Cyber Heist
    • Group 12: Heartbleed and Cloudbleed Attacks
  • 12/01: Project presentations (12 minutes each)
    • Group 7: Ethereum Proof-of-stake Transition and Sharding
    • Group 2: German Parliament Attack and DNC 2016 Attack
    • Group 11: Decentralized Identifiers and Verifiable Credentials
    • Group 4: Open ID Connect
    • Group 8: Ransomware Attacks - WannaCry and NotPetya
    		 11/27: HW6 due
    16
  • 12/04: (Prep Days) Homework Problems Review + extended time on report
  • 12/06: (Prep Days) Final Exam Review
  • 12/08: No class
    		• 12/03: Project Report due
    17
  • 12/11 (Mon): Final exam, 10:30 AM - 12:30 PM, in classroom
    		•   

    Textbooks and Materials

    Computer Security and the Internet: Tools and Jewels, second edition, by Paul C. van Oorschot, Springer, 2022. ISBN: 978-3-030-83410-4 (hardcopy), 978-3-030-83411-1 (eBook). PDF of chapters is available online at the author’s personal website. More recommended materials will be published in Canvas.

    Learning/Research Resources

    UK Libraries, Free Tutoring and Coaching at UK, Google Scholar, ACM Digital Library, IEEE Xplore, dblp: computer science bibliography