TKK |
Tietoverkkolaboratorio
| Opetus
S-38.153 Security of Communication Protocols (2 cr)
Latest News:
- 7.4.2004: Return exercise report in paper-format. Return
laboratory work description in both paper and Microsoft Word format.
- 1.4.2004: Remember that two different reports are required: an
exercise report and a laboratory work description. More information about
this available on this page at "Passing the course".
- 9.3.2004: The subject for the laboratory work description can
be chosen freely, but make sure that at least no other group during the
same exercise time chooses the same subject.
- 7.2.2004: the dead-line for all reports is 7.5.2004.
- 7.2.2004: The requirements for the ordinary laboratory exercises
are listed shortly at the end of the "Exercises" page.
- 7.2.2004: If you are not taking the laboratory exercises,
but instead doing a private exercise, see the requirements at the end
of the "Exercises" page. Further questions to jmolsa@netlab.hut.fi.
- 27.1.2004: The laboratory network used by all exercises
is documented shortly here.
- 21.1.2004: All exercise groups and their members can
be seen here.
Results:
- 14.9.2004: The results for the exam on 2.9.2004 are here.
- 4.5.2004: The results for the exam (and the grades for the whole course)
are here.
- 12.5.2004: The results for the exercises are here.
- 10.3.2004: The results for the exam on 23.2.2004 are here.
- 14.1.2004: Results for the exam on 16.12.2003 are here.
Course information, spring 2004
Groups
| Lectures
| Exercises
| Exercise
Network | Extra material
Lectures (28 hours): Jorma Jormakka
Tuesday 10-12 in S2
Exercises (14 hours): Wednesday 14:15
- 16, Wednesday 16:15 -18
Networking lab's student laboratory at G-wing, second floor
Supervisor for exercises: Massimo Nardone
Language: English
In the first lecture students are divided into groups of 3 students:
1. Each group makes the exercises and produces an exercise report.
2. Each group also prepares a laboratory work description for
one laboratory time. This is because we need better laboratory work
descriptions to the next year. This is about 10 pages long report.
Passing the course:
To pass the course:
- you must pass the exam
- your group must have returned the exercise report
and it must be accepted. Return the report as a paper version
into the locker number 10 in front of the notice board for this course.
The exercise report must include a short description of at least
seven (7) laboratory exercise tasks (short description of the goals of
an exercise task, what was done, tools used, where were the tools/information
found from, results etc.). Do not return a separate report after every
exercise session, but instead, write a single exercise report, which includes
descriptions of every task. More information about the content of the
exercise report is given at the end of the exercise
page.
- your group must have returned a laboratory work
description for a one exercise task and it must be accepted. This
laboratory work description must be written in english and in enough detail,
so that an average student with limited knowledge in network security would
be able to finish this exercise task and understand, what was done. The
length of this description must be approximately 10 pages. Return it
as a paper-version into locker number 10. Return it also as a Microsoft
Word document (.doc-format) in electronic format as e-mail to
jmolsa@netlab.hut.fi. In addition to Microsoft Word, you can use at least
StarOffice and OpenOffice, but be sure to save your document in the correct
format. Groups can choose the subject for the laboratory work description
basically freely, but make sure, that at least no other group at the same
exercise time chooses the same subject. If you cannot contact other groups
for a reason or another, your group can in this case choose the subject freely.
Grade of the course:
- the exercise report is evaluated accepted/failed
- the exam is based on lecture notes and it has 4 questions
(each question is 6 points)
- the laboratory work description returned by the group is
evaluated on the scale 0-6
- sum of 2. and 3. is the number of points from the exam and
the grade is usually 30-27=5, 26-23=4, 22-19=3,18-15=2,14-1=1,11-0=0
(but sometimes it is 30-28=5, 27-25=4, 24-22=3,21-19=2,18-16=1, 15-0=0
if the exam is too easy).
Literature:
There are many good books. The one I use is D. Atkins et
al: Internet Security, Professional Reference, Second edition, New
Riders, 1997 you can try to get it but at the moment it is out of print.
Any sufficiently thick book dealing with the matters in the planned content
should do. Lecture notes are available through the Web.
Contents
After the name of the course was selected and the description
in the study program given, the planned character of the course has
been modified. Contrary to what stated in the study program the course
does not look at cryptological methods, the course is only briefly
explaining the terms, which are needed here. Knowledge of basic cryptology
is not a requirement for taking this course, however, one should learn
this information in some way if one is interested in security issues. One
could for instance read B. Schneier's Applied Cryptography for a good overview.
This course deals with practical methods of security attacks and defenses
in the Internet. Basic method and tools used to build security
are described. Protocols for building security, like IPSEC, PGP, SET
etc. are explained in some detail. See the planned content. The course
is basically following the mentioned book, except for IPSEC and SET
and such things, which are from other books. The lecturer does not possess
any real expert knowledge on these issues and the lectures are only as
good as they can be, but as security issues are important, we offer this
course - it should get better over time. The exercises are connected with
our new research on security attacks and being research, have totally unknown
quality which mostly depends on the students taking the course. Hopefully
they will be interesting.
The exercises consist of dividing
the students to a group of attackers and a group of defenders and
trying the methods in a set of experiment scenarios in a laboratory
network. The attackers scan the network for holes, try to put trapdoors,
crack passwords. The defenders use IDS, try to notice and to stop the
attacks. The lecture and assisting personal try to get some results from
the scenarios. This is the difficult idea, which will be tried in the exercises.
Lectures start at normal time, end at
normal time, the course will be given provided that there are minimum 5 students
taking it. To all other questions, I say, as usual.
Tietoverkkolaboratorio on nyt osa Tietoliikenne- ja tietoverkkotekniikan
laitosta. Tällä sivulla oleva tieto voi olla
vanhentunutta.
Kurssien ajantasainen tieto on MyCourses-palvelussa.