CSC 774 Network Security

Instructional Objectives

Topics covered in homework assignments are included in the scope of exams. The final exam include the topics for the mid-term exams.

Topics for Mid-Term Exam #1

Topic 2. Review of Cryptographic Techniques

  1. Be able to explain the following concepts: plaintext, cipher text, encryption, decryption, key, cryptanalysis (cipher text only, known plaintext, chosen plaintext, chosen cipher text), block cipher, stream cipher, secret key cryptography, public key cryptography, digital signature, hash function, pseudo random generator, pseudo random function
  2. The four modes of block cipher. That is, ECB, CBC, CFB, and OFB. Explain the advantages and the disadvantages of each mode. Be able to choose the right mode for different applications.
  3. Explain what is message authentication and the goals of message authentication.
  4. Explain the following concepts related to hash function: one-way property, weak collision free, strong collision free, birthday attack. Understand the implication of birthday attack. Explain how block chaining techniques can be used to build hash function and why it is insufficient.
  5. What is public key cryptography? What are the typical applications of public key cryptography?
  6. Be able to explain the following concepts: authentication, user authentication, three things on the basis of which user authentication is based.

Topic 3. Internet Key Management

  1. Be able to explain the following: principles of key management, center-based key management, certificate-based key management, Perfect Forward Secrecy
  2. Be able to explain how to achieve PFS. Be able to explain ephemeral D-H protocol based on both public key authentication and symmetric key authentication.
  3. Be able to describe the following protocols: SKIP, Oakley, ISAKMP, IKE.
  4. Be able to choose appropriate optional features in the main mode of Oakley for different situations.For example, what do you need to achieve PFS?
  5. What are the purposes of Oakley and ISAKMP? Explain ISAKMP message format. Explain the purposes of ISAKMP  phases 1 and 2.
  6. What is ISAKMP DOI? Given an example of ISAKMP DOI. Explain the five pre-defined ISAKMP exchange types. 
  7. What is ephemeral Diffie-Hellman key exchange? Why can it achieve PFS?
  8. What is resource clogging attack? What is cookie? What's the purpose of introducing cookie? What are the requirements for cookie? 
  9. Be able to use cookie to thwart resource clogging attacks.

Topic 4. Electronic Payment Systems

  1. Be able to explain the NetBill transaction model and the NetBill transaction protocol.
  2. Be able to explain the purpose of every component of every NetBill protocol message.
  3. Be able to use symetric key to reduce the delivery (or exchange) of large messages to the delivery (or exchange) of the key.
  4. Be able to explain the difference between the basic protocol and the variations of the basic protocol for zero-priced goods in terms of cost, functionalities, and assumptions, including zero-price certified delivery, certified delivery without NetBill server, verified delivery, and unverified delivery.
  5. Be able to describe PayWord and MicroMint protocols.
  6. Explain the PayWord model, why it works, the applications it is intended for. Be able to decide what PayWord to use based on the payment context information.
  7. Explain the difference between PayWord and MicroMint.Explain the MicroMint model.Explain who makes the coins, how to make the coins, and the security of the coins.
  8. Explain how the double spending problem is addressed by MicroMint and PayWord.

Topics for Mid-Term Exam #2

Topic 4.3 Fair Exchange Protocols

  1. Be able to explain: fair exchange, fair exchange through TTP, optimistic fair exchange, strong fairness, weak fairness, generatable and revocable items.
  2. Consider the optimistic fair exchange prototol covered in class. Be able to explain the goal of each component in each message. Be able to describe how to recover from failures for both parties. Be able to identify the NRO and NRR tokens for each party and why they can be used for this purpose.
  3. Consider the simplied versions of the optimistic fair exchange protocol. Be able to explain why these versions can be simplifed and what properties of the exchanged items are exploited to simplify the exchange.Be able to identify the NRO and NRR tokens for each party in these protocols and explain why they can be used for such purposes.
  4. Be able to identify unfairness in fair exchange protocols. Be able to identify strong fairness and week fairness achieved for each party in fair exchange protocols.

Topic 5. Intrusion Alert Correlation

  1. Be able to explain the goals of intrusion alert correlation. Be able to explain the characteristics of alert correlation methods based on similarity between alert attributes, those based on known attack scenarios, and those based on prerequisites and consequences of known attacks. Be able to describe the advantages and limitations of the above methods.
  2. Be able to explain what are duration constraints, interval constraints, hyper-alert correlation graph, completeness and soundess of alert correlation.
  3. Given hyper-alert types and alerts, be able to manually generate prerequisite sets and conquence sets of these hyper-alert types and correated these alerts.Be able to describe correlated alerts as hyper-alert correlation graphs.
  4. Be able to describe the techniques to hypersize and reason about attacks missed by IDS.
  5. Be able to explain the may-prepare-for and may-indirectly-prepare-for relations.
  6. Given a set of hyper-alert types, be able to generate a type graph consisting of these hyper-alert types.
  7. Be able to hypothesize potentially missed attacks based on a set of alerts and a type graph. Be able to make inference about the attribute values of hypothesized attacks. Be able to derive equality constraints between two hyper-alert types. Be able to derive filter conditions for hypothesized attacks based on prior knowledge and inferred attribute values.

Topic 6. Broadcast Authentication

  1. Be able to explain: broadcast authentication, the challenges in broadcast authentication, why point-to-point authentication cannot be used for broadcast authentication directly.
  2. Be able to describe TESLA, the security condition of TESLA, the protocol to synchronize sender and receivers.
  3. Be able to determine if a TESLA packet can be authenticated, and how to authenticate it if yes. Be able to determine which TESLA scheme should be used for a given broadcast authentication application.
  4. Consider EMSS. Given a set of packets, be able to determine what packets can be authenticatted and how to authenticate them (the sequence of operations).

Topic 7. Group Key Management

  1. Be able to explain the difference between group key agreement and group key distribution.
  2. Be able to describe the generic group D-H, GDH.1, GDH.2, and GDH.3 protocols. Be able to describe the overhead of GDH.x protocols, including #messages, #rounds, #exponentiations per member, total size of messages.
  3. Given a group key agreement protocol based on D-H, be able to determine if it is vulnerable to replay attacks, man-in-the-middle attacks, resouce consumption attacks, DOS attacks.
  4. Be able to explain what are "1 affects n" problem and "1 does not equal n" problem.
  5. Be able to describe the Iolus approach. Be able to determine the cost of secure group communication in Iolus, including # encryption/decryption required, # group keys and pairwise keys each member needs, and # messages. Be able to determine the cost to used Iolus for group key distribution with the above costs.
  6. Be able to describe LKH. Be able to describe how a member is added and deleted, the changes in the key tree. Be able to determine the cost involved in group member changes (addition and deletion), including the number of keys each member and the group mamager need to store, the size and the number of messages required for group member addition and deletion.

Topics after Mid-Term #2

Topic 8. Security in MANET

  1. Be able to describe the DSR protocol, including the route discovery phase and the route maintaince phase.
  2. Be able to describe the attacks against MANET routing protocols: active attacks, passive attacks, routing disruption attacks (black hole, gray hole, wormhole, rushing attacks),
  3. Be able to explain and use the mechanisms adopted by Ariadne, include the authentication with pairwise secret keys, TESLA, digital signatures, and per-hop hashing. Be able to find flaws if these mechanisms are used improperly.
  4. Be able to explain the Watchdog and Pathrater schemes. Be able to describe the limitations of these schemes.

Topic 9. Security in Sensor Networks

  1. Be able to describe the specifical properties of sensor networks (low cost, low power, multi-functional nodes in unattended environments, wireless communication).
  2. Be able to explain the difference of sensor network security from traditional network security (1. resource constraints; 2. nodes subject to capture)
  3. Be able to explain and use the basic probabilistic key predistribution scheme. Be able to determine the parameters given the probability to establish pairwise keys and the network size.
  4. Be able to explain and use the two methods for shared key discovery (1. broadcast the list of key ids; 2. broadcast a list of challenges). Be able to explain the advantages and the disadvantages of both methods.
  5. Be able to explain and use the polynomial-based key predistribution sheme, the polynomial pool-based key predistribution schemes (the general framework, the random subset assignment scheme, and the grid-based scheme). In particular, be able to compute keys with the above schemes, be able to perform shared key discovery and path discovery in the random subset assignment and the grid-based scheme.
  6. Be able to explain and use the optimization technique in the paper to perform polynomial evaluation.

Advanced Topics

The following number refers to the paper number in the advanced topics. The questions posted by the presenters on the message board are automatically included.

  1. Be able to describe the aggregate-commit-prove approach. Be able to use Merkle Hash Tree to compute the commitment and authenticate data.
  2. Be able to explain how interleaved hop-by-hop authentication filter out false data injected by attackers. Be able to manually process the data packets received at a forwarding node.
  3. Be able to explain how the statistical en-route filtering is performed. Be able to perform the actions at a forwarding node.
  4. Be able to explain the q-composite key predistribution scheme as well as its difference from the basic probabilistic scheme. Be able to compute shared keys using the above scheme.
  5. Be able to explain the setup of the key pool.
  6. Be able to explain the basic and the extended closest pairwise key schemes.Be able to determine shared keys with these schemes.
  7. Be able to explain the witness-based approach. Be able to generate response packets at fusion nodes.
  8. Be albe to explain how the multicast group members are mapped to clusters. Be able to modify the clusters when there is a leaving or a joining member.
  9. Be able to describe the SDR scheme. Be able to determine how to rekey (i.e., what keys to use) when a member leaves.
  10. Be able to describe the A-GDH.2 protocol.
  11. Be able to descirbe and use the personal key distribution protocol.
  12. Be able to explain and use the BiBa signature scheme (SEAL generation, signature generation and verification).
  13. Be able to explain the HORS scheme (key generation, signature generation and verification).
  14. Be able to explain why the distillation code construction can mitigate the DOS attacks. Be able to use Merkle Hash Tree as a one-way accumulator.
  15. Be able to explain encryption in counter mode. Be able to explain uTESLA.
  16. Be able to explain multi-level uTESLA. Be able to use scheme IV.
  17. Be able to explain why expander graphs may help for digital stream authentication. Be able to determine whether an expander graph is n-expanding, where n is a small integer. (n will not be greater than 3 if such a question is given in the final exam.)
  18. Be able to describe the interactive Guy-Fawkes protocols when a location limited channel is used for pre-authentication.
  19. Be able to detect anomalies (potential wormholes) using the basic directional neighbor discovery.
  20. Be able to explain how the reputation system is used in CONFDANT.
  21. Be able to explain the TIK protocol. Be able to use Merkle Hash Tree for authentication in TIK.
  22. Be able to explain and use the Hash Tree Chain technique.