Security, 3 hour lectures
Principles of Network Attacks and Defenses, Cryptography, Authentication
and E-mail security
Counter Hack, 2nd. Ed., Ed Skoudis, 2005
W. Stallings, Cryptography and Network Security:
Principles and Practice, 4th ed., Prentice-Hall, 2006
C. Kaufman, R. Perlman and M. Speciner, Network
Security 2nd ed, Pren-Hall,2003
Computer Networking, 6th ed. Kurose and Ross, 2013
Goals: A survey of network security technology. Each of the basic
building blocks of network security, including conventional and public-key
cryptography, authentication, and digital signatures are covered. In
addition methods for countering hackers and viruses are explored. The
course covers important network security applications such as PGP, PEM,
Kerberos, and X509, DSS security
Prerequisites: Fundamental Concepts in Computer Networks, Graduate
Attacks, Denial of Service
Wi-fi, RFID, VoIP security
Intruders, viruses and worms
Public key cryptography
PKI and certificates
IP and WEB security
- Midterm, 25%
(date: April 10th, 2019)
- Project, 20%
- Final Exam,
I. You can discuss homework with other
people (especially with your classmates). However, you must write the
answers to the homework questions alone, using your OWN WORDS. Copying and
sharing homeworks will be penalized severly.
II. If you submit your homework on time*
you get 20% bonus, if you submit late* you receive 30% penalty, otherwise
you get 0 points for that homework.
III. On time* means you hand in the homework on
the due date (or early) to the Professor (that’s me) at the start of the class.
IV. Late* : Late homeworks
can be submitted only to the TA (that’s Gül) at most within a week after the due
date. After a week no late homeworks will be
Final Exam date: TBA Important Note: Two A4 help sheet is allowed during the
midterm exam. You can write (no photocopying allowed!) on both sides of the
Morning section (UBI528)
exam starts at: 09:30
Evening section (UTI502) exam starts at: 18:00
BÜTÜNLEME date: TBA Important
Note: Two A4 help sheet is allowed during the midterm exam. You can write
(no photocopying allowed!) on both sides of the help sheet.
Morning section (UBI528) exam starts at: 09:00
Evening section (UTI502) exam starts at: 18:30
Useful material mostly from Keith
Ross’s Network Security Course
(e-mail to email@example.com)
· Presentation : last week
of the term i.e., May 29th 2019 (in class)
· Report : During the presentation (submit
· Individual or two-people projects are allowed
Implementation projects or literature survey/ product
security analysis type projects are accepted
All Reports and Presentations will be in TURKISH!
1. Internet Privacy
5. Digital Watermarking
7. Smart Card
applications- BAN Logic
9. secure electronic
10. e-money (bitcoin)
12. Latest IDS
13. White box
14. Block Chain
Homework #1 (due: Feb. 27th,
1.Five layer Network model (Application,
Transport, Network, Data Link, Physical), briefly explain the function of
2. For each layer
mentioned above list the most important protocol or protocols (at most two
for each layer) and briefly explain what does each protocol do.
(Due date: March 6th, 2019)
1. Explain the Smurf Attack.
2. Explain source routing and spoofing attack using source routing.
3. Explain (switch) port stealing and its use in a session hijacking attack.
Hint: A good source is the text: Counter Hack, 2nd ed., Ed Skoudis,
(Due date: March 20th, 2019)
1.Explain IP spoofing attack using IP source routing
and how it is avoided.
2.Consider “Sniffing through
LAN: poison victim’s ARP table approach” (Slide 51 in class notes). Suppose
victim’s IP is 220.127.116.11, MAC is 01:02:03:01:02:03, attacker’s IP is 18.104.22.168,
MAC is 99:88:77:66:55:44:BB, router’s (on the link connected to the switch)
IP 22.214.171.124, MAC is FF:EE:DD:CC:00:FF.
Assume victim is connected to the switch on link 1, attacker on link 2 and
router on link 3.
a) After the attack show the contents of the ARP Tables
of the victim, attacker and the router as well as the Switch’s forwarding
b) What happens to a packet sent from the Internet to
the victim machine? Will that packet be also pass through the attacker
3.Explain the unicast Reverse
Path Forwarding (uRPF) and its use as a defense
mechanism in Network Security.
(Due date: March 27th, 2017)
(Due date: April 3rd, 2019)
1.Briefly describe the HMAC algorithm. Also explain the steps
done on the sender and receiver when HMAC used for message authentication.
2. Explain, in a step by step fashion, the man in the middle
attack against Diffie-Hellman Key Exchange
3. Suppose Alice has a message that she is ready to send to
anyone who asks. Thousands of people want to obtain Alice’s message, but
each wants to be sure of the integrity of the message. In this context, do
you think a MAC-based or a digital signature based integrity scheme is more
4. Suppose Bob initiates a TCP connection to Trudy who is
pretending to be Alice. During the Handshake, Trudy sends Bob Alice’s
certificate. In what step of the SSL handshake algorithm will Bob discover
that he is not communicating with Alice? Explain.
(Due date: April 17th, 2017)
Problems 10, 13, 20 ve
25 from Chapter 8 of Kurose&Ross, Computer
Networking, 6th. ed. Homework6typed
Also you may want to take a look at Problems
22 and 24 ExtraQuestionsTyped for
#7 (LAST HOMEWORK)
date: May 8th, 2019)
1. What is the difference between a
packet-filtering firewall and a proxy-server firewall? Can the two be used
2. What are the four tables maintained by
the Linux kernel for processing incoming and outgoing packets?
3. How does an iptables based
firewall decide as to which packets to subject to the INPUT chain of rules,
which to the FORWARD chain of rules, and which to the OUTPUT chain of
rules? Additionally, which part of a packet is examined in order to figure
out whether or not the condition part of a rule is satisfied?
4. Show how you would use the iptables command to reject all incoming SYN
packets that seek to open a new connection with your machine?
5. What is the option given to the iptables command to flush all the
user-defined chains in a table? How do you flush all the rules in a table?
6. What are the icmp-types associated
with the echo-request (ping) and with the echo-reply (pong) packets?
7. What is the iptables command
if you want your machine to accept only the incoming connection requests
for the SSHD server you are running on your machine? (You want your machine
to drop all other connection request packets from remote clients.)
8. What is connection tracking? How does
an iptables-based firewall know that
the incoming packets all belong to the same ongoing connection?
18 of Lecture Notes on Computer and Network Security by Avi
Kak of Purdue University.
Midterm Exam date: April 10th, 2019 Important Note: An A4 help sheet is allowed during the
midterm exam. You can write (no photocoying allowed!) on both sides of the
Send any comments
or suggestions to dalkilic
Last revised in March, 10 1997