Advanced Network Security 2020
This is the main web site for the Advanced Network Security (NWI-IMC050) of the TRU/e security master.
For information about last year's (2019) course, see here.
This is the last year this course will be taught in this form. Starting 2021, the course will be taught with different teachers and likely change content as a result.
The Advanced Network Security course builds on the bachelor course on Network Security. Where the bachelor course is quite hands on, this master course is of a more theoretical nature.
The course is split in two quite separate and independent parts.
The first part covers a more theoretical approach towards protecting availability in distributed systems, based on the theory of distributed algorithms. We explore two approaches to fault tolerance as a means to increase the robustness and hence the availability of the overall distributed system.
The second part covers more advanced, traditional network security topics.
The course code is NWI-IMC050.
After the course the student will
- have knowledge of and understand some key advanced network security technologies, and their main advantaged, disadvantages, and consequences when applying them in practice,
- understand in particular how security and availability can be increased when designing networks and networking services,
- have a basic understanding of algorithmics: the theory and practice of modelling and designing (distributed) algorithms, and how to prove them correct.
TopicsThe course covers the following topics.
- An introduction to distributed algorithms (mutual exclusion, leader election).
- A selection of fault-tolerant distributed algorithms (from byzantine agreement to self-stabilisation) as an alternative approach to availability.
- Advanced network security approaches, like intrusion detection, WiFi security, cellular network security, etc.
Schedule (spring 2020)Lectures take place from 13:30 to 15:15 on Monday. From February 3 to March 16 in HG 00.071. From April 13 to June 8 in room HG 00.062. (Note the room changes)
Slides of presentations that are available are linked from here. The links are released after the lecture. The same goes for the take home exercises.
Below you find a (tentative) schedule of the course.
|Date||Topic||Literature||Assignments and solutions|
|February 3||Introduction to distributed algorithms : slides||Papers:|
- L. Lamport, "Time, Clocks, and the Ordering of Events in a Distributed System." Communications of the Association for Computing Machinery 21, no. 7 (July 1978): 558-565. (upto the section called "Physical clocks")
|February 10||'Prevention' and 'Intrusion detection systems and netflows: slides||Papers:|
- Rick Hofstede, Pavel Čeleda, Brian Trammell, Idilio Drago, Ramin Sadre, Anna Sperotto, Aiko Pras, "Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX", IEEE Communications Surveys & Tutorials (Volume: 16, Issue: 4, Fourthquarter 2014).
Additional, optional, reading::
- Rick Hofstede, Vaclav Bartos, Anna Sperotto, Aiko Pras: Towards real-time intrusion detection for NetFlow and IPFIX. Proceedings 9th International Conference on Network and Service Management (CNSM), 2013
- Rick Hofstede, Luuk Hendriks, Anna Sperotto, Aiko Pras: SSH Compromise Detection using NetFlow/IPFIX. ACM SIGCOMM Computer Communication Review archive, Volume 44, Issue 5, Oct. 2014, p. 20-26
- Anna Sperotto, Ramin Sadre, Pieter-Tjerk de Boer, and Aiko Pras: Hidden Markov Model Modeling of SSH Brute-Force Attacks. Lecture Notes in Computer Science, vol. 5841, 2009, Springer, p. 164-176
- Laurens Hellemons, Luuk Hendriks, Rick Hofstede, Anna Sperotto, Ramin Sadre and Aiko Pras: SSHCure: A Flow-Based SSH Intrusion Detection System Lecture Notes in Computer Science, vol. 7279, 2012, Springer, p. 86-97.
|February 17||Economics/governance of network security: slides||Papers:|
- Why information security is hard ‐ an economic perspective Ross Anderson Proceedings 17th Annual Computer Security Applications Conference (ACSAC), 2001
- So long, and no thanks for the externalities: the rational rejection of security advice by users Cormac Herley Proceedings of the 2009 workshop on New security paradigms workshop (NSPW)
Additional, optional, reading::
- ‘Hacks, sticks and carrots’ by prof.dr. Michel van Eeten
- Economics of fighting botnets: lessons from a decade of mitigation H. Asghari, M.J.G. van Eeten, J.M. Bauer IEEE Security & Privacy, September/October 2015, 16‐23
- Cybersecurity: Stakeholder incentives, externalities, and policy options J.M.Bauer & M.J.G. van Eeten Telecommunications Policy 33(2009):706–719
|February 24||(no lecture)|
|March 2||Distributed Algorithms: Leader Election: slides||Papers:|
- G.L. Peterson, "An O(n log n) unidirectional algorithm for the circular extrema problem". ACM TOPLAS 4 (1982), 758–762.
|March 9||Distributed Algorithms: Mutual Exclusion: slides||Papers:|
- L. Lamport, "A new solution of Dijkstra’s concurrent programming problem." Commun. ACM 18, 8 (1974), 453–455.
|March 16||Wifi security
Note: this course will be taught online, see announcement in Brightspace.
- S. Brenza, A. Pawlowski, and C. Pöpper: A Practical Investigation of Identity Theft Vulnerabilities in Eduroam Proceedings 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 2015
- M. Vanhoef and F. Piessens: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Proceedings 24th ACM Conference on Computer and Communication Security, 2017 (Note: you may skip sections 4, 5, and 7)
|March 23||(no lecture)|
|March 30||(no lecture)|
|April 6||(no lecture)|
|April 13||(no lecture)|
|April 20||Self-Stabilisation: slides||Papers:|
- E.W. Dijkstra, "Self-Stabilizing Systems in Spite of Distributed Control." Communications of the Association for Computing Machinery 17, no. 11 (November 1974): 643-644.
|April 27||(no lecture)|
|May 4||Joeri de Ruiter, "Routing security: BGP and future internet architecture" slides||Papers:|
The SCION Internet Architecture - An Internet Architecture for the 21st Century David Barrera, Laurent Chuat, Adrian Perrig, Raphael M. Reischuk, Pawel Szalachowski Communications of the ACM 60 (6), June 2017
|May 11||Agreement and consensus I: concepts and protocols for crash failures: slides||Papers:|
- M. Pease, R. Shostak, L. Lamport. "Reaching Agreement in the Presence of Faults" (PDF). Journal of the ACM. 27 (2): 228–234, April 1980.
|May 18||Agreement and consensus II: handling Byzantine failures: slides||Papers:|
- L. Lamport, R. Shostak, M. Pease, "The Byzantine Generals Problem", ACM TOPLAS 4(3), pp. 382-401, July 1982.
|May 25||Botnets slides||Papers:|
- Sheharbano Khattak, Naurin Rasheed Ramay, Kamran Riaz Khan, Affan A. Syed, and Syed Ali Khayam: "A Taxonomy of Botnet Behavior, Detection, and Defense"
|June 1||(no lecture)|
|June 8||Fabian v.d. Broek "Mobile telephony security" slides||Papers:|
Chapters 2 and 3 of "Mobile communicaton security", Fabian van den Broek, PhD thesis, 2016
ExamsExams for 2020 are scheduled as follows:
Additional informationThe course will consist of traditional lectures, supplemented with take home exercises. There is a final written exam.
Last Version -
(Note: changeover from CVS to dotless svn version numbers on Jan 19, 2008, and changeover to GIT versioning on May 30, 2013.)
Maintained by Jaap-Henk Hoepman