Network Security — Welcome and introduction

Network security at TKK, Nov-Dec 2009Tuomas Aura

2

My backgroundLecturer: Tuomas Aura, tuomas.aura@tkk.fi

PhD from Helsinki University of Technology in 2000Microsoft Research, UK, 2001–Sep 2009Professor at TKK 2008–, full time since 1 Nov 2009

Research:Network securitySecurity protocol engineeringSecurity of mobility protocols (Mobile IPv6, SEND, etc.)Privacy of mobile usersDoS resistance

3

Course arrangementsTuesdays and Wednesdays 13:15–16:00 T4

Period II in year autumn 200910 lectures (6th week in reserve)

Exercises Fridays 14:15-16 T4First exercise session on 13 Nov, last on 11 DecMandatory exercises

Course assistants:Jyry SuvilehtoElena Reshetova

Examination 18 Dec 2009

4

Recommended readingLecture handouts

Preliminary versions on my old Microsoft homepageFinal versions in Noppa after the lectures

William Stallings, Network security essentials: applications and standards, 3rd ed., Pearson Prentice Hall, 2007Kaufman, Perlman, and Speciner, Network security: PRIVATE communication in a PUBLIC world, Prentice-Hall, 2002Wikipedia, web, RFCs and standards

5

ExercisesMandatory exercisesPass/fail, must pass at least 4 out of 5 roundsProblems in Noppa by Friday each weekSolutions to be submitted by Thursday midnight before the Friday exercise session

Keep solutions to 2 pages per roundSubmission instructions will be in Noppa

Try to solve all problems at least partlyThe goal is not to have all right answers; the goal is to learn how to find informationIndividual work; do not copy or even look at the written answers of other students; write your own

6

Network securitySecurity goals:

Data confidentiality, data integrity and authenticationAccess control for network accessIntegrity of signalling protocols and routing systemsDenial-of-service (DoS) protectionSoftware securityApplication-level security goals, e.g. non-repudiation

Security is not cryptographyCryptography is seen as an abstract building blockProtocol design assuming the most common crypto primitives

Network technologyMust know about TCP/IP, 802.11, UMTS etc.

7

GoalsKnow common communications systems, classic security mechanisms, and some of the latest ideasUnderstand network security technologies, their properties and limitations to use them rightBe aware of the pitfalls in security engineering: security is not just mathematics or just codeStarting point for learning more on the job or in further studiesLearn the adversarial mindset of security engineering

8

Approximate course outline

Lecture Topic1 Network security and threats, crypto2 Email security, PKI, X.509 and alternatives3 Authenticated key exchange, TLS/SSL 4 User authentication, Kerberos, SSO5 Perimeter security, firewalls, IPsec6 Wireless Security, EAP, WPA, AAA7 GSM and 3G security8 Routing, mobility, multicast9 Denial of service, DNS10 Anonymity and privacy, review