CSC 774 Network Security
Topics covered in homework assignments
are included in the scope of exams. The final exam include the topics for the
Topics for Mid-Term Exam #1
Topic 2. Review of Cryptographic Techniques
- Be able to explain the following concepts: plaintext, cipher text, encryption,
decryption, key, cryptanalysis (cipher text only, known plaintext, chosen
plaintext, chosen cipher text), block cipher, stream cipher, secret key cryptography,
public key cryptography, digital signature, hash function, pseudo random generator,
pseudo random function
- The four modes of block cipher. That is, ECB, CBC, CFB, and OFB. Explain
the advantages and the disadvantages of each mode. Be able to choose the right
mode for different applications.
- Explain what is message authentication and the goals of message authentication.
- Explain the following concepts related to hash function: one-way property,
weak collision free, strong collision free, birthday attack. Understand the
implication of birthday attack. Explain how block chaining techniques can
be used to build hash function and why it is insufficient.
- What is public key cryptography? What are the typical applications of public
- Be able to explain the following concepts: authentication, user authentication,
three things on the basis of which user authentication is based.
Topic 3. Internet Key Management
- Be able to explain the following: principles of key management, center-based
key management, certificate-based key management, Perfect Forward Secrecy
- Be able to explain how to achieve PFS. Be able to explain ephemeral D-H
protocol based on both public key authentication and symmetric key authentication.
- Be able to describe the following protocols: SKIP, Oakley, ISAKMP, IKE.
- Be able to choose appropriate optional features in the main mode of Oakley
for different situations.For example, what do you need to achieve PFS?
- What are the purposes of Oakley and ISAKMP? Explain ISAKMP message format.
Explain the purposes of ISAKMP phases 1 and 2.
- What is ISAKMP DOI? Given an example of ISAKMP DOI. Explain the five pre-defined
ISAKMP exchange types.
- What is ephemeral Diffie-Hellman key exchange? Why can it achieve PFS?
- What is resource clogging attack? What is cookie? What's the purpose of
introducing cookie? What are the requirements for cookie?
- Be able to use cookie to thwart resource clogging attacks.
Topic 4. Electronic Payment Systems
- Be able to explain the NetBill transaction model and the NetBill transaction
- Be able to explain the purpose of every component of every NetBill protocol
- Be able to use symetric key to reduce the delivery (or exchange) of large
messages to the delivery (or exchange) of the key.
- Be able to explain the difference between the basic protocol and the variations
of the basic protocol for zero-priced goods in terms of cost, functionalities,
and assumptions, including zero-price certified delivery, certified delivery
without NetBill server, verified delivery, and unverified delivery.
- Be able to describe PayWord and MicroMint protocols.
- Explain the PayWord model, why it works, the applications it is intended
for. Be able to decide what PayWord to use based on the payment context information.
- Explain the difference between PayWord and MicroMint.Explain the MicroMint
model.Explain who makes the coins, how to make the coins, and the security
of the coins.
- Explain how the double spending problem is addressed by MicroMint and PayWord.
Topics for Mid-Term Exam #2
Topic 4.3 Fair Exchange Protocols
- Be able to explain: fair exchange, fair exchange through TTP, optimistic
fair exchange, strong fairness, weak fairness, generatable and revocable items.
- Consider the optimistic fair exchange prototol covered in class. Be able
to explain the goal of each component in each message. Be able to describe
how to recover from failures for both parties. Be able to identify the NRO
and NRR tokens for each party and why they can be used for this purpose.
- Consider the simplied versions of the optimistic fair exchange protocol.
Be able to explain why these versions can be simplifed and what properties
of the exchanged items are exploited to simplify the exchange.Be able to identify
the NRO and NRR tokens for each party in these protocols and explain why they
can be used for such purposes.
- Be able to identify unfairness in fair exchange protocols. Be able to identify
strong fairness and week fairness achieved for each party in fair exchange
Topic 5. Intrusion Alert Correlation
- Be able to explain the goals of intrusion alert correlation. Be able to
explain the characteristics of alert correlation methods based on similarity
between alert attributes, those based on known attack scenarios, and those
based on prerequisites and consequences of known attacks. Be able to describe
the advantages and limitations of the above methods.
- Be able to explain what are duration constraints, interval constraints,
hyper-alert correlation graph, completeness and soundess of alert correlation.
- Given hyper-alert types and alerts, be able to manually generate prerequisite
sets and conquence sets of these hyper-alert types and correated these alerts.Be
able to describe correlated alerts as hyper-alert correlation graphs.
- Be able to describe the techniques to hypersize and reason about attacks
missed by IDS.
- Be able to explain the may-prepare-for and may-indirectly-prepare-for relations.
- Given a set of hyper-alert types, be able to generate a type graph consisting
of these hyper-alert types.
- Be able to hypothesize potentially missed attacks based on a set of alerts
and a type graph. Be able to make inference about the attribute values of
hypothesized attacks. Be able to derive equality constraints between two hyper-alert
types. Be able to derive filter conditions for hypothesized attacks based
on prior knowledge and inferred attribute values.
Topic 6. Broadcast Authentication
- Be able to explain: broadcast authentication, the challenges in broadcast
authentication, why point-to-point authentication cannot be used for broadcast
- Be able to describe TESLA, the security condition of TESLA, the protocol
to synchronize sender and receivers.
- Be able to determine if a TESLA packet can be authenticated, and how to
authenticate it if yes. Be able to determine which TESLA scheme should be
used for a given broadcast authentication application.
- Consider EMSS. Given a set of packets, be able to determine what packets
can be authenticatted and how to authenticate them (the sequence of operations).
Topic 7. Group Key Management
- Be able to explain the difference between group key agreement and group
- Be able to describe the generic group D-H, GDH.1, GDH.2, and GDH.3 protocols.
Be able to describe the overhead of GDH.x protocols, including #messages,
#rounds, #exponentiations per member, total size of messages.
- Given a group key agreement protocol based on D-H, be able to determine
if it is vulnerable to replay attacks, man-in-the-middle attacks, resouce
consumption attacks, DOS attacks.
- Be able to explain what are "1 affects n" problem and "1
does not equal n" problem.
- Be able to describe the Iolus approach. Be able to determine the cost of
secure group communication in Iolus, including # encryption/decryption required,
# group keys and pairwise keys each member needs, and # messages. Be able
to determine the cost to used Iolus for group key distribution with the above
- Be able to describe LKH. Be able to describe how a member is added and deleted,
the changes in the key tree. Be able to determine the cost involved in group
member changes (addition and deletion), including the number of keys each
member and the group mamager need to store, the size and the number of messages
required for group member addition and deletion.
Topics after Mid-Term #2
Topic 8. Security in MANET
- Be able to describe the DSR protocol, including the route discovery phase
and the route maintaince phase.
- Be able to describe the attacks against MANET routing protocols: active
attacks, passive attacks, routing disruption attacks (black hole, gray hole,
wormhole, rushing attacks),
- Be able to explain and use the mechanisms adopted by Ariadne, include the
authentication with pairwise secret keys, TESLA, digital signatures, and per-hop
hashing. Be able to find flaws if these mechanisms are used improperly.
- Be able to explain the Watchdog and Pathrater schemes. Be able to describe
the limitations of these schemes.
Topic 9. Security in Sensor Networks
- Be able to describe the specifical properties of sensor networks (low cost,
low power, multi-functional nodes in unattended environments, wireless communication).
- Be able to explain the difference of sensor network security from traditional
network security (1. resource constraints; 2. nodes subject to capture)
- Be able to explain and use the basic probabilistic key predistribution scheme.
Be able to determine the parameters given the probability to establish pairwise
keys and the network size.
- Be able to explain and use the two methods for shared key discovery (1.
broadcast the list of key ids; 2. broadcast a list of challenges). Be able
to explain the advantages and the disadvantages of both methods.
- Be able to explain and use the polynomial-based key predistribution sheme,
the polynomial pool-based key predistribution schemes (the general framework,
the random subset assignment scheme, and the grid-based scheme). In particular,
be able to compute keys with the above schemes, be able to perform shared
key discovery and path discovery in the random subset assignment and the grid-based
- Be able to explain and use the optimization technique in the paper to perform
The following number refers to the paper number in the advanced topics. The
questions posted by the presenters on the message board are automatically included.
- Be able to describe the aggregate-commit-prove approach. Be able to use
Merkle Hash Tree to compute the commitment and authenticate data.
- Be able to explain how interleaved hop-by-hop authentication filter out
false data injected by attackers. Be able to manually process the data packets
received at a forwarding node.
- Be able to explain how the statistical en-route filtering is performed.
Be able to perform the actions at a forwarding node.
- Be able to explain the q-composite key predistribution scheme as well as
its difference from the basic probabilistic scheme. Be able to compute shared
keys using the above scheme.
- Be able to explain the setup of the key pool.
- Be able to explain the basic and the extended closest pairwise key schemes.Be
able to determine shared keys with these schemes.
- Be able to explain the witness-based approach. Be able to generate response
packets at fusion nodes.
- Be albe to explain how the multicast group members are mapped to clusters.
Be able to modify the clusters when there is a leaving or a joining member.
- Be able to describe the SDR scheme. Be able to determine how to rekey (i.e.,
what keys to use) when a member leaves.
- Be able to describe the A-GDH.2 protocol.
- Be able to descirbe and use the personal key distribution protocol.
- Be able to explain and use the BiBa signature scheme (SEAL generation, signature
generation and verification).
- Be able to explain the HORS scheme (key generation, signature generation
- Be able to explain why the distillation code construction can mitigate the
DOS attacks. Be able to use Merkle Hash Tree as a one-way accumulator.
- Be able to explain encryption in counter mode. Be able to explain uTESLA.
- Be able to explain multi-level uTESLA. Be able to use scheme IV.
- Be able to explain why expander graphs may help for digital stream authentication.
Be able to determine whether an expander graph is n-expanding, where n is
a small integer. (n will not be greater than 3 if such a question is given
in the final exam.)
- Be able to describe the interactive Guy-Fawkes protocols when a location
limited channel is used for pre-authentication.
- Be able to detect anomalies (potential wormholes) using the basic directional
- Be able to explain how the reputation system is used in CONFDANT.
- Be able to explain the TIK protocol. Be able to use Merkle Hash Tree for
authentication in TIK.
- Be able to explain and use the Hash Tree Chain technique.