Network Security
Dates
- Tue 14:15-15:45, Interim HS 2
- Thu 10:15-11:45, MI HS 1
- Exercises will take place at certain time slots of the lectures; these will be announced during the course.
Contents
This lecture is an introduction to the field of network security and its fundamental topics like cryptographic operations, threats, and security goals. This is used further as a starting point and requirements for the design of secure networks are discussed. Modern security protocols in modern network protocols and architectures are presented as well as vulnerabilities in existing systems.
Registration
TUMOnline.
Exams
- Main Exam: 02.03.2017. Registration in TUMonline.
- Retake Exam: tbd (yes, there will be one. Probably on 21.04.2017, but check TUMonline! Dates are assigned centrally).
- –» The seats for the exam are assigned. The seatplans will be hanging on the doors of the rooms. PLEASE ARRIVE ON TIME! «–
- The time listed in TUMonline is the time we will write the exam. Make sure you are in the correct room and have found your seat beforehand (some seats in the MW are known to be broken).
- The exam is closed-book. All you need, and will be allowed to use, is a black or blue pen (not a pencil). Material from the lecture (slide deck, material from tutorial/exercises) or smartphones/smartwatches/google glasses/calculators are not allowed. You may use an analog dictionary without annotations of your native language.
News
There will be programming assignments. We suggest that you are already familiar with python3. Recommended reading: diveintopython3
- We will use the last week for practicing. Bring your own, exam-like questions! Try to guess our exam questions, so we can solve them in the lecture :-)
- A note for users of openssl 1.1 and higher: add -md md5
- Slides from 25.01.2017: iLab, Research Topics
- Slides from 31.01.2017: Research Topics
- 24.02.2017: Fixed off-by-one error in secure channel (not relevant for the exam)
Exercises
No task requires brute forcing!
FAQ
- Q: Where are the passwords for the solutions?
-
A: On the exercise sheets.
- Q: Do I need to use python to download the exercise sheets?
-
A: You can use your favourite programming language. We strongly recommend python.
- Q: Can I get the exercises without any programming and without talking to my fellow students?
-
A: Probably not.
- Q: The solutions to the programming challenges were discussed in the lecture. Will you publish them on the website, too?
-
A: No.
- Q: I have a specific question about a programming challenge.
-
A: Don't hesitate to send emails to Cornelius.
- Q: How long will the netsec server be available?
-
A: We guarantee availability until the end of the lecture period. We keep it running afterwards, but if the machine dies, it's gone.
- Q: I found a bug.
- A: Nice! Send it to Cornelius.
Exercise 01
- Description, client.py
- Discussion (1/2): 20.10.2016
- Discussion (2/2): 25.10.2016
- decrypting solution: openssl aes-128-cbc -d -salt -md md5 -in solution.pdf.aes-128-cbc -out solution.pdf
Exercise 02
- Description, client.py, server
- 100 attempts is not a brute force.
- Discussion (1/2): 27.10.2016
- Discussion (2/2): 03.11.2016
- decrypting solution: openssl aes-128-cbc -d -salt -md md5 -in solution.pdf.aes-128-cbc -out solution.pdf
Exercise 03
- Same es exercise 2, ++port
- Discussion (1/2): same as exercise 2. Full recognition to inputs before processing. Retry on bogus inputs.
- Discussion (2/2): 10.11.2016
- decrypting solution: openssl aes-128-cbc -d -salt -md md5 -in solution.pdf.aes-128-cbc -out solution.pdf
Exercise 04
- Description
- Discussion (1/2): 10.11.2016
- Discussion (2/2): 22.11.2016
- solution: solution.pdf.aes-128-ctr same password as for exercise 3
Exercise 05
- Description, alice.py, bob.py
- Discussion (1/2): 22.11.2016
- Discussion (2/2): 24.11.2016
- decrypting solution: openssl aes-128-ecb -d -salt -md md5 -in solution.pdf.aes-128-ecb -out solution.pdf
Exercise 06
- Description, alice.py, bob.py
- Discussion (1/2): 29.11.2016
- Discussion (2/2): 01.12.2016
- decrypting solution: openssl aes-128-cbc -d -salt -md md5 -in solution.pdf.aes-128-cbc -out solution.pdf
Exercise 07
- alice.py, bob.py
- Same as Exercise 06 (++port) but Bob changed the format. Does it help? Hint: Draw how Bob decrypts! This one is not easy.
- Discussion (1/2): 01.12.2016
- Discussion (2/2): 06.12.2016
- decrypting solution: openssl aes-128-cbc -d -salt -md md5 -in solution.pdf.aes-128-cbc -out solution.pdf
Exercise 08
- eve.py, commonlib.py
- Discussion (1/2): 08.12.2016
- Discussion (2/2): 13.12.2016
- decrypting solution: openssl aes-128-cbc -d -salt -md md5 -in solution.pdf.aes-128-cbc -out solution.pdf
Exercise 09
- alice.py, bob.py
- Discussion (1/2): 15.12.2016
- Discussion (2/2): Tasks 1-6 on 20.12.2016
- Discussion (2/2): Task 7 on 24.01.2017
- decrypting solution: openssl aes-128-cbc -d -salt -md md5 -in solution.pdf.aes-128-cbc -out solution.pdf
Exercise 10
- netsec.net.in.tum.de:20010
- Discussion (1/2): 24.01.2017
- Discussion (2/2): 31.01.2017
- decrypting solution: openssl aes-128-cbc -d -salt -md md5 -in solution.pdf.aes-128-cbc -out solution.pdf
Old Exam (do it :-))
- alice.py, bob.py
- decrypting solution: openssl aes-256-ctr -d -salt -md md5 -in exam_solution.pdf.aes-256-ctr -out exam_solution.pdf
- need hints? writeup.txt
Another Old Exam
- openssl aes-128-ofb -d -salt -md md5 -in exam.pdf.aes-128-ofb -out exam.pdf
- same password as in Exercise 07.
- exam_solution.pdf.aes-128-ofb.base64.json
- same password. The name of the solution describes how to unpack it.
- If you want to use openssl to decode base64, you need to add newlines! On linux "base64 -d exam_solution.pdf.aes-128-ofb.base64 > exam_solution.pdf.aes-128-ofb" is the lazy way to ignore missing newlines in the base64 encoding.
Slides
Chapter | Version | 1 up |
0 Course Organization | 1 | |
0 Attacks and Attack Detection | 1 | |
1 Introduction to Network Security | 1 | |
2 Langsec | 1 | |
3 Firewalls and Security Policies | 1 | |
4 Attacks on TCP | 1 | |
5 Symmetric Encryption | 1 | |
6 Modern Cryptography | 2 | (1) pdf (2) pdf |
7.1 More on Hash Functions | 2 | |
7.2 Random Numbers | 1 | |
8 Secure Channel | 2 | |
More Firewalls | 1 | pdf pdf |
Xmas Lecture | 1 | |
9 Public Key Infrastructures | 1 | |
10 Cryptographic Protocols | 1 | |
11 Kerberos and other Frameworks for Client Authentication | 1 | |
12 IPSec | 1 |
Important Slide Changes
- Modern Cryptography version 2: replaced EC DH with Textbook DH (slide 31)
- lecture (Textbook DH): simpler math, easier to work with, same security properties as EC DH
- reality: please use EC DH (faster, less implementation pitfalls, feasible key sizes)
- note: We will break Textbook DH (if used inappropriately). If you can break Textbook DH, you can also break EC DH by the very same means, just get an algebra book about elliptic curves and a few hours of spare time.