Instructional Objectives

List of Topics

Topic 0. General Security Concepts

  1. Be able to explain the following concepts. Security, three goals of information security, examples of attacks against the goals of information security, security policy, security mechanism, security assurance, typical security services (confidentiality, authentication, integrity, non-repudiation, access control, monitor & response, security management).

Topic 2. Cryptographic Techniques (self-study)

  1. Be able to explain the following concepts: plaintext, cipher text, encryption, decryption, key, cryptanalysis (cipher text only, known plaintext, chosen plaintext, chosen cipher text), block cipher, stream cipher, secret key cryptography, public key cryptography, digital signature, hash function.
  2. The four modes of block cipher. That is, ECB, CBC, CFB, and OFB. Explain the advantages and the disadvantages of each mode. Be able to choose the right mode for different applications.
  3. Explain what is message authentication and the goals of message authentication.
  4. Explain the following concepts related to hash function: one-way property, weak collision free, strong collision free, birthday attack. Understand the implication of birthday attack. Explain how block chaining techniques can be used to build hash function and why it is insufficient.
  5. What is public key cryptography? What are the typical applications of public key cryptography?
  6. Be able to explain the following concepts: authentication, user authentication, three things on the basis of which user authentication is based.

Topic 3. Firewall Technology (self-study)

  1. Be able to explain the following types of firewalls: packet filter, session filter, circuit- level proxy, application-level proxy, stateful inspection.
  2. Be able to explain the advantages and disadvantages of the above types of firewalls.
  3. Be able to explain the following types of firewall configurations: dual-homed configuration, screened host configuration, screened subnet configuration.
  4. Be able to explain what is NAT.

Topic 4. IP Security

  1. Be able to explain the following: the objective of IPSec, the architecture of IPSec (two modes, two protocols, etc.), Security Association, Security Parameter Index, Security Association Database, Security Policy Database, SA bundle, Integrity Check Value (ICV).
  2. Be able to explain the two IPSec modes and their difference, why we need both modes.
  3. Be able to describe AH and ESP protocols and various options.
  4. Be able to choose the appropriate IPSec modes and protocols for given security policies.
  5. Be able to explain the in-bound and out-bound processing of IP Sec packets. Be able to explain how replay attack is prevented in IPSec.
  6. Be able to explain how key management is handled for IPSec.
  7. Be able to explain the following for key management: Why do we need key management? What is the goal of key management for IPSec? The basis security principles for session key. Perfect Forward Secrecy (PFS). What is the only known method for PFS.
  8. What is ephemeral Diffie-Hellman key exchange? Why can it achieve PFS? What is resource clogging attack? What is cookie? What's the purpose of introducing cookie? What are the requirements for cookie? 
  9. What are the purposes of Oakley and ISAKMP? Explain ISAKMP message format. Explain the purposes of ISAKMP  phases 1 and 2. What is ISAKMP DOI? Given an example of ISAKMP DOI. Explain the five pre-defined ISAKMP exchange types.
  10. Be able to explain: ip trace back, trace back through stepping stones, and the difference between them.
  11. Be able to explain: trace back, ip trace back, trace back through stepping stones
  12. Be able to describe and use the following algorithms related to probabilistic packet marking: node appending, node sampling, edge samling, the encoding algorithm.

Topic 5. Internet Key Management

  1. Be able to explain the following: principles of key management, center-based key management, certificate-based key management, Perfect Forward Secrecy
  2. Be able to describe the following protocols: SKIP, Oakley, ISAKMP, IKE.
  3. Be able to choose appropriate modes of Oakley for different situations.
  4. What are the purposes of Oakley and ISAKMP? Explain ISAKMP message format. Explain the purposes of ISAKMP  phases 1 and 2.
  5. What is ISAKMP DOI? Given an example of ISAKMP DOI. Explain the five pre-defined ISAKMP exchange types. 
  6. What is ephemeral Diffie-Hellman key exchange? Why can it achieve PFS?
  7. What is resource clogging attack? What is cookie? What's the purpose of introducing cookie? What are the requirements for cookie? 
  8. Be able to use cookie to thwart resource clogging attacks.