CIS 659 - Network Security - Fall 2003

News Calendar and Syllabus Textbooks and Resources
Course Description Course Requirements Grading
Instructor: Jelena Mirkovic  
Office hours: M 10am-noon, T 10-11 am, W 3.30-5.30pm, Th 10-11 am,
Office: 449 Smith Hall 
Phone: 302-831-6052 
TA: Ilknur Aydin
Office hours: Tu 9-10.50am
Office: 115B Pearson Hall
Semester: Fall 2003 
Time: Tu/Th 11-12.15 
Room: Purnell 231
Course Web page:
Final exam is on December 18, 2003, 1-3 pm.
12/09/03 Slides with missing pictures are here in Powerpoint format:
10/31/03 Syllabus has been updated, all dates/topics are now reflecting recent project extensions

10/31/03 Project 3 extension: Well, it seems we need to extend project 3 deadline. I decided to do the following:

  • Extend project 3 deadline for 2 weeks. I know that you think 1 week should be enough but just in case. Also I would like you to do solid work on this project and if you spend more time on it you'll get more meaningful results.
  • I'll give out project 4 as planned but I will make it easier than the rest, likely no programming involved, so that you can overlap it with work on project 3
Project 3 is now due November 18 at 4pm

10/09/03 Some guidelines for Project 2: Here are some guidelines how to work on project 2. All attack code is in Emulab. Don't try attack code on departmental machines.

9/30/03 Project 2: I moved project 2 a bit later - it will be given out on Tue, Oct 7 and accordingly all deadlines pertaining to project 2 will move. Syllabus below indicates new schedule.

9/30/03 Submission deadline for project 1: Last Sunday campus network was having problems and at times people were unable to connect. To amend for this, you can submit project 1 on Friday, Oct. 3. Please do so by 5pm. No further extensions will be granted.

9/30/03 Remainder: Please go to and open the account for project CIS662.

9/26/03 FAQ on the Project 1:

Question: I am implementing DES which has a fixed key size. How to answer question 6b?
Answer: It is true that DES uses fixed key size but different plaintext blocks can be encrypted with different keys. Increment your key in fixed steps, then use different key parts to encrypt different blocks of plaintext. As long as you do the same thing for decryption everything should decrypt fine. This technique may not make brute-force attack as difficult as you would like. What if you apply similar approach as triple-DES does?

Question: What does it mean to lose a bit? Does it become 0?
Answer: No, when you lose a bit other bits following it take its place. For instance if I lose second bit from the left when transmitting 1101 I will end up having 101. Alternatively, if you are doing block ciphers you can pad zeros to the right to get the whole block, thus obtaining 1010.

Question: Can we use Java classes that help text to hexadecimal conversion, such as BigInteger?
Answer: Yes, you can use Java classes and C/C++ functions for conversions. You just cannot use cryptographic libraries that have encrypt/decrypt functions implemented because that is what you are writing for the project.

9/23/03 Change of project 1 deadline: To make up for two days that the University was closed due to hurricane, there is 2-days extension for project 1 submission. New deadline date is Thu 10/2.

9/22/03 Change of syllabus: Since we lost one class due to hurricane, I rearranged syllabus a bit.

9/9/03 Class slides will from now on be posted before the class, so that interested students can print them and use them during class to take notes.

Calendar and Syllabus
DayDateTopicClass slides PDFReadingsProjects
Overview of network security
Class1 in PDF
Class1 in PS
Tues9/9/03 Cryptography Class2 in PDF
Class2 in PS
Excerpts from Schneier's book given in class
RSA algorithm
Some substitution ciphers
Thur9/11/03 Cryptography Class3 in PS
Class3 in PDF
RSA paper by Rivest, Shamir and Adleman
DES specification
Tues9/16/03 Cryptography Class4 in PS
Class4 in PDF
Table of primitive polynomials
Blowfish source code
First project given out
Project 1 in PS
Project 1 in PDF
Cancelled due to hurricane
Tues9/23/03 Authentication Class5 in PS
Class5 in PDF
SHA standard
Thur9/25/03 Real-world protocols using cryptography Class6 in PS
Class6 in PDF
SSH Architecture
SSH Transport Layer Protocol
SSH User Authentication Protocol
SSH Connection Protocol
IPSec architecture
Tues9/30/03 Gaining access
Maintaining access
Class7 in PS
Class7 in PDF
Optional: See slides
Thur10/2/03 Maintaining access
Covering tracks
Class8 in PS
Class8 in PDF
Optional: See slides First project due
Tues10/7/03 Intrusion detection systems Class9 in PS
Class9 in PDF
Second project given out Project2 in PS
Project2 in PDF
Thur10/9/03 Denial-of-service Class10 in PS
Class10 in PDF
First project graded and returned
First review assignment given out
Tues10/14/03 Denial-of-service Class11 in PS
Class11 in PDF
Dave Dittrich's DDoS resources
My PHD thesis, chapters 2, 3, 4 and 5
Thur10/16/03 Denial-of-service Class12 in PS
Class12 in PDF
Pushback Web Page
Traceback Web Page
D-WARD Web Page
Netbouncer White Paper
First review due
Tues10/21/03 DDoS Class13 in PS
Class13 in PDF
Netbouncer DISCEX paper
SOS paper
Client Puzzles
COSSACK Web page
DefCOM Web page
Second project due
Third project given out
Project3 in PS
Project3 in PDF
First review graded and returned
Thur10/23/03 Viruses Class14 in PS
Class14 in PDF
CERT Virus Links
Tues10/28/03 Worms Class15 in PS
Class15 in PDF
Thur10/30/03 Worms Class16 in PS
Class16 in PDF
Internet Quarantine paper
Implementing and testing a virus throttle
Cooperative strategies for a large scale attack mitigation
Second project graded and returned
Second review assignment given out
Tues11/4/03 Honeypots Class17 in PS
Class17 in PDF
Thur11/6/03 Anonymization Class18 in PS
Class18 in PDF
Prefix-preserving anonymization
Onion routing
Second review due
Fourth project given out Project4 in PS
Project4 in PDF
Tues11/11/03 IP spoofing Class19 in PS
Class19 in PDF
Route-based filtering
Address filtering project at UCLA
Thur11/13/03 IP spoofing Class20 in PS
Class20 in PDF
Hop-count filtering
Second review graded and returned
Tues11/18/03 Infrastructure attacks Class21 in PS
Class21 in PDF
DNSSEC Website
Third project due
Thur11/20/03 Infrastructure attacks Class22 in PS
Class22 in PDF
Fourth project due
Tues11/25/03 Social engineering Class23 in PS
Class23 in PDF
"Why cryptosystems fail" by Ross Anderson
Third project graded and returned
Third review assignment given out
Thur11/27/03Thanksgiving holiday
Tues12/2/03 Review for the final exam Review 1 in PS
Review 1 in PDF
Fourth project graded and returned
Fourth review assignment given out
Thur12/4/03 Review for the final exam Third review graded and returned
Tues12/9/03Review for the final exam Review all the material covered
Come with questions
Fourth review due
Textbooks and resources
Required reading
Will be handed out in class or posted in the reading section here.
Optional reading
B. Schneier
"Applied Cryptography: Protocols, Algorithms, and Source Code in C," 2nd edition
W. Stallings
"Cryptography and Network Security: Principles and Practice"
C. Kaufman, et. al
"Network Security: Private Communication in a Public World"
B. Schneier
"Secrets and Lies"
E. Skoudis
"Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses"
W. Cheswick, et. al
"Firewalls and Internet Security: Repelling the Wily Hacker," 2nd edition
Class slides
Will be posted in here after each class.
Course Description
This course provides detailed, in depth overview of pressing network security problems and discusses potential solutions. The course covers a broad variety of important security topics, such as cryptography, authentication, denial-of-service attacks, worms, viruses, etc. This is both informative and practical course. Lecture and assigned reading provide background information on the key network security concepts, and course projects and homeworks create opportunity for individual research. At the end of this course, the student should have sufficient knowledge of the field as to be able to start conducting independent research in specific sub-areas of interest in network security seminar courses.
Course Requirements
Programming Projects
There will be 4 programming projects in the course. Programming projects are individual and their goal is to give students a hands-on experience with the topic that was covered in the course. The projects involve medium programing load (they should not take more time than 2 regular homeworks) and require understanding of the covered topics. Some projects will be done in Emulab, a testbed at University of Utah where users can request access to multiple machines, organize them in a topology and perform experiments. Machines can run Linux or FreeBSD. Users get clean machines, only an operating system is installed. They also get sudoer access and can do anything that a root can. Any malicious and harmfull activity is contained, nothing bad will happen if a user crashes the machine. After running the experiments users should release the machines. Alternatively, Emulab staff will reclaim the machines if they have been idle for a while. Detailed instructions on how to use Emulab will follow later in the course.

Programming projects will be assigned after each relevant topic has been completely covered (see the calendar). They will be due 2 weeks after they have been assigned (also see the calendar). Project submission guidelines will be posted later in the course. Generally, a project submission will include the code, some graphs, student's description of what have been done and student's conclusions.

Projects will be graded 1 week after they have been submitted and returned to students. Each project carries 15% of the course grade. At the same class I will pair each student (playing the role of 'author') with another student (who will be his/her 'reviewer'). Each student will simultaneously be an author (for his own project) and a reviewer (for somebody else's project). Reviewer will receive the 'description' part of the author's project and should work together with the author to understand the approach. Then he/she should design the countermeasure: a defense if the author has implemented an attack, or an attack if the author has implemented a defense. This design does not involve implementation, it is purely a suggestion. This suggested design should be described and submitted a week from the assignment. It will be graded a week later. Each review does not count against the author (i.e. author will not receive negative points) but can bring the reviewer up to 5% of the course grade.

If you have difficulties doing the project, ask for the help early. Come to office hours, or set an appointment with the instructor or TA. Extensions can only be granted for excused absences. Generally, absences due to illness, observing a religious holiday or emergency are recognized as excused absences. If you are aware that you will be absent and miss a homework deadline, inform the instructor prior to the deadline through E-mail. This naturally does not hold for severe illness and emergency but does for religious holidays.

Submission Instructions
Projects have to be submitted through E-mail (Send E-mails to
I personally understand that there will be times when you can't make it. The alarm clock didn't ring, you are tired, you have another midterm to study for ... I will not take attendance or hold it against you if you don't sit in the class. However you are responsible for studying all the material covered in the class. The slides can help but you must read the material from the book and do the homework in time. I would also advise you to obtain class notes from one of your classmates.

However, the University Seat Claim Policy, states that:

Unless excused by the faculty member, students holding a confirmed assigned seat in a class will have relinquished their seat if they have not personally appeared in class to claim the seat by ... the second meeting for a class scheduled to meet twice a week ... If the student does not claim the seat within the time limit specified above, and does not drop the course, the instructor has the option of assigning the student a grade of "Z" at the end of the term. It is the responsibility of the student to drop each course that he/she does not plan no attend, even when the student's registration is canceled for non-payment of fees. Failure to drop a course will result in a grade of "Z".
Therefore, attendance will be taken for the first two class meetings. To accomodate the latecomers, the attendance sheet will be distributed at the end of the class.
Late policy
When you come in late you are disturbing both me and your classmates. Please make every effort to come on time. However, if you do happen to be late, come in and join the class (even if you are 30+ min late). Just don't make it a habit.
Academic honesty
You may study for projects and exams in a group or alone. However, all the work you submit must be your own. Students should get acquainted with their rights and responsibilities as explained in the Student Guide to University Policies (
Asking for help
If you have any problem with the class (difficulties understanding the material or doing the homeworks, excused absence, emergency that prevents you from meeting a homework deadline, need a special accomodation, etc.) don't hesitate to ask for help. E-mail the instructor or TA, come to office hours, or simply find the instructor in the office. You can also call by phone if there is an emergency and you have no access to E-mail.
Instruction feedback
I would like to receive your comments with regard to the class organization and teaching quality. If there is ever something you would like me to improve or change, cover in another manner, etc. please write me an anonymous note and slip it into the envelope on the right side of my office door. Please try to provide constructive comments, e.g. instead of saying "I didn't understand anything you just taught" try saying "I didn't understand your explanation of worms, you went too fast over that."
Grading policy
Project 115%
Review 15%
Project 215%
Review 25%
Project 315%
Review 35%
Project 415%
Review 45%
Final Exam20%

Last Updated: 9/1/03