Yang Xiao Home

CS 572 (Fall 2024)
Network Security

Course Information

Instructor: Yang Xiao (contact: xiaoy[AT]uky.edu)
Meeting Times: M/W/F 11:00 AM – 11:50 AM Eastern Time (location: register course to know)
Office Hour: Hardymon Rm 233, W/F 2:00 PM – 3:00 PM Eastern Time

Course Description

This course introduces students to the state of the art of network security problems and solutions. Topics include security issues in computer networks, the Public Key Infrastructure ecosystem, key exchange protocols, and security mechanisms and protocols at the application, transport, network and data link layers. It will also discuss up-to-date development in the field of network security.

Textbooks and Materials

Computer Security and the Internet: Tools and Jewels, second edition, by Paul C. van Oorschot, Springer, 2022. ISBN: 978-3-030-83410-4 (hardcopy), 978-3-030-83411-1 (eBook). PDF of chapters is available online at the author’s personal website. More recommended materials will be published in Canvas.

Course Schedule (Tentative)

Week Agenda ([R] Required Reading, [S] Suggested Reading) Notes
1
  • 08/26: Lec01: Course introduction.
  • 08/28: Lec02: Basic concepts - trust, policy, risk, modeling. ([R] Ch 1.1-1.3)
  • 08/30: Lec03: Security properties - the CIA Triad and more. ([R] Ch 1.7)
    		•   
    2
  • 09/02: Labor Day Holiday - no class
  • 09/04: Lec04: Networking recap - LANs, IP. ([R] Ch 10.6) (Pre-recorded lecture; Yang is in travel)
  • 09/06: Lec05: Networking recap - TCP, UDP
    		•  09/06: HW1 out
    3
  • 09/09: Lec06: Networking recap - DNS, HTTP
  • 09/11: Lec07: Networking - attacks ([R] Ch 11.3)
  • 09/13: Lec08: Crypto building blocks - information security, ciphers ([R] Ch 2.1-2.3)
    		• 09/13: HW2 out
    4
  • 09/16: Lec09: Crypto building blocks - symmetric-key encryption/decryption, AES, cipher modes ([R] Ch 2.2)
  • 09/18: Lec10: Crypto building blocks - public-key encryption/decryption, RSA, digital signature ([R] Ch 2.3, 2.4)
  • 09/20: Lec11: Crypto building blocks - Cryptographic hash function, message authentication code (MAC) ([R] Ch 2.5, 2.6, 2.7)
    		• 09/16: HW1 due
    5
  • 09/23: Lec12: User authentication ([R] Ch 3.1-3.4)
  • 09/25: Lec13: Authentication protocols ([R] Ch 4.1, 4.2)
  • 09/27: Lec14: Key establishment - KDC, DHKE, and MitM attacks ([R] Ch 4.3-4.5, 4.7)
    		• 09/25: HW2 due
    6
  • 09/30: Lec15: Public-Key Infrastructure (PKI) ([R] Ch 8.1, 8.2)
  • 10/02: Lec16: Transport Layer Security (TLS) and Web PKI([R] Ch 8.5)
  • 10/04: Lec17: PKI problems
    		• 09/30: HW3 out
    7
  • 10/07: Lec18: Project ideas and walk-through
  • 10/09: Attending UK_CYBERCON, 10:00 AM – 5:00 PM (Please RSVP in advance; it is free)
  • 10/11: Guest talk - Stephen Burr, Enterprise CISO, University of Kentucky and UK HealthCare
    		• 10/11: HW3 due, HW4 out
    8
  • 10/14: Lec19: Web security ([R] Ch 9.1, 9.3-9.4)
  • 10/16: Lec20: Web attacks; SQL injection ([R] Ch 9.5-9.7)
  • 10/18: Lec21: Web3 and blockchain
    		• 10/18: Project proposal due
    9
  • 10/21: Midterm Review
  • 10/23: Midterm Exam, in class
  • 10/25: Lec22: WLAN Background ([R] Ch 12-12.3)
    		• 10/20: HW4 due
    10
  • 10/28: Fall Break - no class
  • 10/30: Lec23: WLAN security ([R] Ch 12.4-12.6)
  • 11/01: Lec24: Network Trust Boundaries and NAT ([R] RFC 3022)
    		• 10/30: HW5 out
    11
  • 11/04: Lec25: Firewalls ([R] Ch 10-10.2)
  • 11/06: Lec26: Tunnels, IPsec, VPN ([R] Ch 10.3-10.5, RFC 3715)
  • 11/08: Lec27: SSH, Tor
    • 12
  • 11/11: Lec28: Intrusion detection systems ([R] Ch 11-11.3)
  • 11/13: Lec29: Intrusion detection systems examples
  • 11/15: Lec30: BGP & Inter-domain routing
    		• 11/10: HW5 due
    13
  • 11/18: Lec31: BGP Security
  • 11/20: Lec32: Bitcoin ([R] Ch 13.1-13.7)
  • 11/22: Lec33: Ethereum ([R] Ch 13.8. Pre-recorded; Yang is in travel)
    		• 11/17: HW6 out
    14
  • 11/25: Lec34: Recent security topics, buffer/catch-up
  • 11/27: Thanksgiving Holiday - no class
  • 11/29: Thanksgiving Holiday - no class
    		•
    15
  • 12/02: Project presentations (each: 10 min presentation + 2 min Q&A)
    • Group 7: Massive consumer data breaches - Target and Facebook-Cambridge Analytica
    • Group 4: Vehicular Network Security - CAN Injection and Tesla Model S Hack
    • Group 3: SCION Internet Architecture
    • Group 1: Ransomware Attacks - Colonial Pipeline Attack and Kaseya VSA Attack
  • 12/04: Project presentations (each: 10 min presentation + 2 min Q&A)
    • Group 6: CrowdStrike and AT&T Outages
    • Group 11: Cryptocurrency hacks
    • Group 2: Software Supply Chain Attacks - Stuxnet and SolarWinds
    • Group 8: Healthcare Data Breaches
  • 12/06: Project presentations (each: 10 min presentation + 2 min Q&A)
    • Group 9: Robotext scams in Next-Gen wireless Communications
    • Group 10: BGP hijacking
    • Group 5: WiFi Protected Access 3 (WPA3)
    		 12/02: HW6 due
    16
  • 12/09: (Prep Days) Homework Problems Review
  • 12/11: (Prep Days) Final Exam Review
  • 12/13: No class
    		• 12/10: Project Report due
    17
  • 12/18 (Wed): Final exam, 10:30 AM - 12:30 PM, in classroom
    		•   

    Learning/Research Resources

    UK Libraries, Free Tutoring and Coaching at UK, Google Scholar, ACM Digital Library, IEEE Xplore, dblp: computer science bibliography