cod. 1005260

Academic year 2018/19
1° year of course - Second semester
Academic discipline
Telecomunicazioni (ING-INF/03)
Ingegneria delle telecomunicazioni
Type of training activity
48 hours
of face-to-face activities
6 credits
hub: PARMA
course unit

Integrated course unit module: NETWORK SECURITY + LABORATORY

Learning objectives

The course aims to provide the student with the knowledge of the main security mechanisms and protocols used for securing communications and for protecting computer networks; in particular the knowledge and understanding of:
- applied cryptography;
- main algorithms and protocols for authentication and for securing data exchanges;
- main communication security protocols;
- possible network vulnerabilities and main network protection mechanisms.

The abilities in applying the above-mentioned knowledge are in particular in the:
- analysis of authentication and data protection schemes based on symmetric and/or asymmetric cryptography;
- design of mechanisms for authentication and secure data exchange;
- configuration and use of standard security protocols and algorithms (e.g. IPSec and TLS protocols; AES, DES, 3DES, RSA cryptography algorithms; digital signature and certificates X.509 and PGP; etc.)
- use of tools for network monitoring and vulnerabilities scanning;
- configuration of systems (e.g. firewalls) for network protection.


Familiarity with TCP/IP stack and networking.

Course unit content

1) Basics of cryptography and authentication mechanisms
- Basics of symmetric (classic) cryptography and examples of algorithms (DES, 3DES, AES)
- Basics of asymmetric cryptography and examples of algorithms(RSA, Diffie-Hellman, DSA); advantages and disadvantages
- Hash and MAC functions (MD5, SHA, HMAC)
- Authentication algorithms, based on both symmetric and asymmetric cryptography
- Key exchange, agreement, and distribution
- Digital signature, digital certificates, certification authority, Public Key Infrastructure, standard X.509, PGP (Pretty Good Privacy)

2) Security protocols
- Protocols for authentication and key exchange (Kerberos, AAA, RADIUS)
- Protocols for secure communications at IP layer (IPSec/AH/ESP), and virtual private networks (VPNs)
- Protocols for secure communications at transport (SSL/TLS) and application layer

3) Network vulnerabilities and countermeasures
- Vulnerabilities of TCP/IP protocols, attacks and countermeasures (sniffing, network and port scanning, spoofing, flooding, buffer overflow, etc.)
- Firewall (packet filtering, ALG, NAT, DMZ), examples of network configurations
- Protocols for FW and NAT traversal (STUN e TURN)
- Intrusion Detection System (IDS)
- Anonymity networks

Full programme

Syllabus (every class = 2 hours)

Class 1: course organization, objectives, textbooks, exam details; preview of the course; security services; attacks; security tools; symmetric cryptography: introduction; cryptography and cryptanalysis; cipher example (Caesar cipher)

Class 2: symmetric cryptography: types of attacks; side channel attack; computational security; example of cryptanalysis; substitution cipher; polyalphabetic substitution cipher; one time pad (OTP) cipher; transposition; steganography

Class 3: product cipher; block and stream ciphers; block ciphers: block size; substitution and permutation; Feistel cipher; DES; double DES; TDEA

Class 4: AES; encryption of long messages; padding; ECB; examples of attacks to ECB; CBC; examples of attacks to CBC; OFB; CFB; CTR

Class 5: hash functions; brute force attack; birthday paradox; MD5; SHA

Class 6: password hashing; encryption using hash functions; message authentication; MAC and HMAC functions

Class 7: number theory: modular arithmetic, relative prime, Euclid's algorithm, multiplicative inverse

Class 8: number theory: extended Euclid's algorithm, examples; Fermat's theorem; totient function

Class 9: Euler's theorem with demonstration; RSA; RSA example; simple mod pow computation

Class 10: RSA security, primarity test, discrete logarithm, DH, digital signature, RSA signature, signature and encryption, DSA

Class 11: peer entity authentication, zero-knowledge, passwd management, one-time password, challenge-response authentication

Class 12: challenge-response authnetication thorugh symmetric cipher/ MAC/hash/asymmetric algorithms, zero-knowledge, Fiat-Shamir

Class 13: exercises

Class 14: key establishment, symmetric-cryptography-based key establishment, server-based key establishment (KDC)

Class 15: public-key based key establishment; DH and MITM attack to DH, authenticated DH, STS, SIGMA

Class 16: group key management; LKH, group DH, public key distribution, digital certificates, cert chain, trust path

Class 17: certification authority (CA); public key infrastructure (PKI); X.509 certificates; PKCS; certification revocation list (CRL); PGP

Class 18: AAA; HTTP authentication; RADIUS, Diameter; Kerberos; IPSec, ESP, IKE; TLS, TLS handshake

Class 19: anonymity, high-latency anonimity systems; low-latency anonimity systems, onion routing, TOR

Class 20: network vulnerabilities; sniffers; eavesdropping; MITM; spoofing; ARP spoofing; TCP spoofing

Class 21: ICMP attack, DDoS, routing attacks, net scanning, DHCP attack, DNS poisoning, network scanning

Class 22: firewall, packet filter (PF), ALG/Proxy, FW configurations

Class 23: PF exercises; NAT; intrusion detection system (IDS)

Class 24: exercises


[1] L. Veltri, "Network Security", Slides of the course
[2] W. Stallings, "Cryptography and Network Security: Principles and Practice", Book

Teaching methods

Classroom teaching (40h), and in class exercises (8h) carried out by the teacher with students, and laboratory acitvities.

Assessment methods and criteria

The exam can be succeeded as:
1) divided into two written examinations, at the middle and the end of the course, together with a project assignment carried out during the course; or
2) written exam and project assignment, during regular scheduled examinations.

The written exam is composed of questions and exercises.
Examples of exercises are shown and solved during the course.

Other information

- - -