Agenda

1
Agenda
CS G513 / SS G513 Network Security

• Course Administration
• Course Introduction and Motivation
• Review of Networking
• Layered Architectures
• Security Issues
• Security Domain and Solution Approaches

2
Course Administration

• Instructor
• Name Sundar Balasubramaniam
• Email sundarb
• Most preferred mode of contact/communication
• Website http//csis/faculty/sundarb
• Office 1140-H
• Consultation Hours
• 4.30-5.30 MWF or
• By appointment through email
• Course Website
• http//csis/faculty/sundarb/courses/netsec
• Alternatively, go to instructors website and
  browse

3
Course Administration 2

• Teaching methods
• Fast and Multi-faceted
• Emphasis on self-learning
• Course Contents
• Cryptographic basics
• Protocols and Techniques (at Network and Software
  levels)
• System Design (at Network or Software levels)
• Formal Methods and Engineering (for analysis and
  verification)

4
Course Administration 3

• Evaluation Components
• 2 Assignments
• 1 Seminar (per student)
• 2 Tests
• 1 Term Project
• 1 Comprehensive Exam
• Complete details of evaluation posted on the
  course website

5
Course Administration 4

• Readings
• Text Book
• Worth Buying and Useful as a base or general
  reference.
• Reference Books
• The main reference book is available online
  (courtesy CRC Press and authors Menezes et. al)
• See the course website for a hyperlink
• Other readings
• Articles and other material will be routinely
  assigned.
• Hyperlinks (wherever available) will be posted
• One Paper copy (if not available on web) will be
  circulated.
• Background reading
• Refer to handout and talk to instructor

6
Computer Network

• Required functions
• Communication
• Collaborative Computation (requires
  communication)
• Effective communication is central
• High level structure
• Hierarchical (partly by design and partly by
  evolution)
• Eg. Departmental VLAN (or LAN segment), Campus
  VLAN, the Internet.
• Hierarchy is shallow
• Physical boundaries may be blurred (say LAN
  segment vs. LAN) often administrative
  boundaries are determiners.

7
Computer Network

• Achieving effective communication
• Getting messages across analogous to a
  hard-world traffic network
• Communication across administrative boundaries
  analogous to border crossings (LANs are
  countries the Internet is the open seas and the
  airways)
• Basic traffic network
• Abstractions mail box, address, post-office,
  post-office transportation, services,
  quality-of-service.
• Layers functional abstractions.

8
Computer Network Layers

• ISO-OSI model
• Physical (tx/rx of a bit as a signal)
• Data Link (framing, tx/rx of frame from point to
  point, medium access control for shared media)
• Network (routing across networks)
• Transport (logical end-to-end connectivity)
• Session (session management)
• Presentation
• Application

9
Security Domain What, why and how?

• Data Security vs. Communication Security vs.
  Process Security
• Data Security secure and controlled access to
  data stores
• Goal avoid leakage of and ensure integrity of
  information
• Communication Security secure transfer of data.
  
• Goal provide secure transfer to support secure
  services.
• Process Security secure computational and
  business processes
• Goal ensure process/business integrity
• Examples
• My passwords Coca-Cola Ingredients Warren
  Buffetts next investments
• Course Focus Communication Security
• Techniques may be applicable to Data Security as
  well
• Communication Security and Data security
  essential for Process Security

10
Security Domain What, why and how?

• Why?
• Why something needs to be protected?
• Depends on value of what is protected vs.
  against whom
• Nature of malice in environment
• Degrees of security
• VALUE Movie ticket vs. Cheque book vs. Nuclear
  codeword
• MALICE Website Hacker vs. Identity Theif vs.
  Terrorist

11
Security Domain What, why and how?

• How?
• Manual vs. Automated process
• Automated
• Cryptographic vs. Non-cryptographic processes
• Purely Computer-based vs. partly computer-based
• Course Focus
• Cryptographic and Purely Computer-based processes