CS38, Security and Privacy, Spring 2005
Location: Sudikoff Lab Room 214 Time: Mon, Wed, Fri 10:00am to 11:05am
This is a tentative curriculum, subject to change without notice.
I will be adding links to required and suggested reading as we go along.
The grades will be based on homework (30%), midterm (40%) and the final project (30%). You can choose your final project from one of the following areas: software vulnerability analysis or exploitation; network exploitation or intrusion detection; wireless networking security; application of cryptography or attack on one.
Overview Wed 30-mar-2005
Read:
Dragos Ruiu, "Stealth coordinated attacks"
Textbook networking primer (1.5, 1.12, 23)
The anatomy of an attack and subsequent activities Fri 01-apr-2005
Read:
Murat papers, aleph1, shellcode.org [link to these and more papers]
Consider skimming this old hacking tutorial
Dan Farmer, Wietze Venema Improving the Security of Your Site by Breaking Into it (practically a classic. Have a look around http://fish.com/security/ too.)
Modern OS architecture: syscalls, protections, how circumvented, how controlled, where installed, intro to buffer overflows and beyond.
Anatomy of an attack, continued: system, application software and network issues Mon 04-apr-2005
Read:
Format string and integer overflow papers [here],
[examining ELF files, /proc and dispatch tables],
[examining PLT/GOT structures],
[in-class notes on stack frames]
Exercises:
Load and run shellcode in gdb or ddd: step-by-step with ddd
Find a simple buffer overflow vulnerability in dump-0.4b13.
Malware: rootkits, trojans, backdoors, hiding and deception Mon 06-apr-2005
Read:
Userland and kernel rootkits, kernel hacking (in-class slides, tutorial, rootkit code)
It's time to carefully (re-)read ("man secion_num topic" for topic(section_num)) the following man pages: proc(5), ps(1), strace(1), ltrace(1), lsof(8), fuser(1). For usage examples refer to [examining a UNIX system] (depending on your taste you can start with reading either tutorials or manpages first).
Host security wrap-up Fri 08-apr-2005
Read:
[class notes] with some links not shown in class.
Multilevel security systems Fri 08-apr-2005
Read:
Textbook Sec 1.13
Have a look at Bell-LaPadula paper (it's worth it, I promise).
Note: We only covered the textbook 1.13 material in class, and did not touch Bell-LaPadula. You may postpone skimming that and catch up on previous reading.
Takes 3 classes in Sean's plan
The Orange Book, Bell-LaPadula formalism Fri 11-apr-2005
Read:
[class notes]
the explanation of the "current security function" in Bell-LaPadula's *-property -- this is the bit that was confusing in class.
The Orange Book: Preface, intro, Sec 5, Sec 6, Sec 8, Sec 10, the Appendices, and Glossary
(note: to display pages properly in ggv on lab machines choose "Ledger" in "View>Size" menu).
Fundamental network protocols and security Mon 13-apr-2005
Read:
My explanation of a couple of Bell-LaPadula issues (see previous lecture), if you haven't already.
Have a look at [Networking layer 2 links] (we will go over some of these on Friday).
Start on the homework! [hw1] [tutorials, links]
Non-cryptographic network protocols, continued 15-apr-2005
Read:
arp-sk.org explanation of ARP spoofing attacks, the Taranis paper: in [network session hijacking].
Network spoofing and session hijacking 18-apr-2005
Read:
DNS hijacking, DHCP weaknesses in [network session hijacking].
Read Network Scanning Techniques, consider skimming ICMP for Network Reconnaissance for a taste of how advanced tools are designed based on the RFC and testing implementation quirks (see also more network recon links).
Read the nmap(1) manpage
Spoofing and hijacking continued, IDS evasion 20-apr-2005
Read:
Manpages: ping(1), traceroute(1), tcpdump(1)
Exercise: Run tcpdump and tethereal (you need root to run tcpdump on UNIX, use our emulated machines) or Ethereal and observe a DNS transaction and a TCP handshake made by ssh or telnet or a web browser (you use the links text-based browser in your virtual machines).
Read Ptacek and Newsham, Insertion, Evasion and Denial of Service in IDS
Skim the RFCs for IP, UDP and TCP: RFC 1180, RFC 791, RFC 768, RFC 793 (you can use http://www.faqs.org/rfcs/ or the helpful http://www.networksorcery.com/ index.
Packet capture and crafting 22-apr-2005
Read:
Skim libpcap manual for programmers
Craft packets with the sendip utility and capture them with tcpdump and tethereal
Read the "Fragmentation and reassembly" section of the RFC 791.
Optional: Read the libnet programmer's manual. It is the foundation of modern packet crafting tools.
Optional: read about the Stegtunnel tool that uses packet crafting to conceal information in the IP header. Think about alternative to their approach.
Symmetric Cryptography 25-apr-2005
Read:
Chapter 2 contains elementary background.
3.6 covers the stream cipher RC4
3.2 covers block ciphers
3.3 covers DES
Supplementary reading in Schneier:
1.1 (general background)
12 (DES)
15.1, 15.2 (multiple rounds)
Symmetric Cryptography, block cypher modes 27-apr-2005
Read: Textbook:
4.2.1 and 4.2.2 develop CBC mode
4.4 covers multiple rounds of block ciphers (e.g., TDES)
4.3 discusses using block ciphers for integrity
5.2.4 discusses using block ciphers for 1-way functions
In Schneier:
9.1-9.3 (modes of encryption)
Stream ciphers, syncronization properties 29-apr-2005
Read: Textbook:
11.6 discusses pseudorandomness
In Schneier:
1.5 (one-time pad)
2.2 - 2.7 (using hashes, crypto)
2.8 (PRNG)
9.4 (stream ciphers)
11.1 (unicity distance)
Asymmetric Cryptography, modular arithmetic 04-may-2005
Read:
6.2 discusses mod math.
6.3 discusses RSA (we get up to 6.3.3)
Chapter 7 provides the number theory theorems that serve as foundation of RSA.
Supplementary reading in Schneier:
19.3 (RSA)
Asymmetric Cryptography, continued 6-may-2005
Read: Kaufman et al:
2.6, 5.1, and the box in 5.2 cover hash functions
5.5 covers MD5, 5.6 covers SHA-1
In Schneier:
7.4 (birthday paradox)
18.5 (MD5)
18.7 (SHA)
Cryptography implementation concerns 9-may-2005
Read: In the textbook, Chapter 6 covers simple attacks on RSA
6.3.5 and 6.3.6 cover padding
4.3.1 cover integrity and secrecy together
Steve Friedl's An Illustrated Guide to Cryptographic Hashes is a really nice intro/overview.
Attacks on public key crypto, mathematical backgound 11-may-2005
Read:
Boneh, 20 Years of attacks on RSA
Boneh, Joux, Nguyen Why Textbook ElGamal and RSA Encryption are Insecure.
Timing attacks on public key crypto 13-may-2005
Read:
Kocher's timing attack
A survey paper with some more details and history.
Brumley, Boney, Remote timing attacks are practical -- describes several optimizations found in modern RSA and Diffie-Hellman implementations. Highly recommended.
Cryptographically protected network protocols: SSH, SSL, IPSEC etc. 16-may-2005
Read:
SYN cookies: http://cr.yp.to/syncookies.html
Optional, recommended: Chapter 16 gives a general overview of the design decision space for real-time cryptographically protected protocols: in which layer to place the crypto elements, the concept of "perfect forward secrecy", and the replay and DOS protection (nonces, sequence numbers and cookies).
IPSec:
Chapter 17 -- the history and design goals of IPSec, and its interaction with NAT and firewalls
Recent IPSec vuln advisory -- great timing!
Cryptographically protected network protocols: SSH, SSL, IPSEC etc. 18-may-2005
Read:
SSL:
Chapter 25 (the Web in general)
19.1 - 19.8, 19.10, 19.12 (SSL)
PKI, x509 20-may-2005
Read:
Kaufman et al. Chapter 15.
(optional): SSL in depth links (diagrams and packet traces)
SSL protocol in depth, attacks on SSL, authentication hadnshake flaws 23-may-2005
Read:
Kaufman et al. Chapter 11 (read carefully the "pifalls" part up to 11.4; from that point on you can skim to get general idea of how Kerberos works)
(optional): SSL in depth links (diagrams and packet traces)
Authentication protocols 25-may-2005
Read:
Kaufman et al., the rest of Chapter 11 (11.4-11.8) (Needham-Schroeder and Otway-Rees, use of nonces).
(midterm follow-up): Greg Kroah-Hartman, Signed kernel modules
Privacy 31-may-2005
Read:
The Crowds anonymity system for web transactions.
Felten & Schneider Timing attacks on web privacy
Tor, the onion router mixnet
The keyjacking problem on desktops.
Back to Dartmouth CS Home Page
Sergey Bratus