CSC424/ECE534-F: Communication and Security
Prof. B. Rosenberg
Spring Semester, 2024 (242)
MWF 1:25–2:15 PM
Dooley Memorial 313
Email: burt at cs miami edu
- Wednesday 17 Jan:
- First day of class
This is a course in:
- The standard communication protocols of computers, including TCP/IP,
- and the security concerns consequent to those protocols;
- The craft of highly skilled coding in C, following specifications,
- and understanding and countering sophisticated attacks against system security.
- Readings:
- Computer Networks, Fifth Edition: A Systems Approach
(The Morgan Kaufmann Series in Networking) 5th Edition,
Other editions might be acceptable.
by Larry L. Peterson (Author), Bruce S. Davie (Author).
((Amazon))
- Requirements:
- Please subscribe to the Slack channel,
csc-courses.slack.com, csc courses, the #csc424-242 channel.
- Enroll in AWS to use their Elastic Computing.
- You might qualify for a free tier. If not the
cost of the semester's computer use will be under $100.
- To contact the AWS instance, you need a standard ssh.
- MacOS ships with ssh.
- Windows users can get ssh through cygwin.
- Windows users can get ssh through activating WSL (Windows Subsystem for Linux)
and installing ubuntu.
- Assignments are distributed using github classroom.
- Editing your C code, can be done using emacs, vi, or nano on your aws
instance. Some visual editors that run on your laptop are capable of editing
files remotely and transparently using ssh.
- Learn git, learn Make, and learn C Language.
- Class TA:
- Arora, Satyarth <sxa1654@miami.edu>.
- Tuesday 2–3 and Wednesday 11–12.
- Quizes:
- From time to time, to emphasize a concept. Will be due in a short
time frame, and no lateness is allowed.
- Due by midnight of the date, in the current Miami local time (EST in winter).
- Projects:
- A series projects, usually 2 to 3 weeks in length. A grace period
of lateness is allowed. See below.
- Project grading:
- Projects are generally scored on a 0 to 5 scale.
- The makefile usually provides a Basic Test, and correctly passing the Basic
Test gives 3 points, generally.
- Projects passing the Basic Test are given an
Extended Test, for the remainder of the points.
- The 3+2 point pattern that is generally true, is modified according to
project difficulty.
- Lateness: Three days grace automatic on projects. One additional point off each week late,
up to four points.
- Due dates are midnight of the given day, in the current Miami local time (EST in winter).
- No work accepted for grade after midnight, the last day of classes.
- Midterm and Final in class.
- Midterm date:
- Final date: Wednesday May 1 2:00-4:30pm
- Grading:
- Use of Git, Makefiles and file and folder names as requested are a must.
- Grade can depend on completeness, correctness, presentation and authenticity of the code.
- Class grading: After normalizations: 30% quizzes and midterm, 30% projects, 40% final.
Packet communications and the Internet
- Introduction
- Tools of the trade and network etiquette.
- The OSI ISO model (image)
- Discussion: Why layers? Why not layers?
- Peer-to-peer responsibilities vs. SAP (service access points)
- Encapsulation, headers and payload, demultiplexing (unpacking) (image)
- Implementation and standards, for the Internet/WAN (image) and for
the LAN (image)
- Basic concepts
- Packet versus connection.
- Broadcast versus routed.
- Common and point-to-point mediums.
- LAN versus WAN, and an internet.
- The wizard behind the curtain
Adresses and Names
- What's in a name
- The MAC address is "just a name", and it pretty useless "far away" from the
destination.
- Names, such as www.miami.edu, are non-entities in TCP-UDP/IP. Only numbers
count.
- The role of DNS to turn names into numbers, before the networking game starts.
- L2: MAC address
- Broadcast address, broadcast domain
- Except LSB is 0 for unicast, 1 for multicast or broadcast
- And except that second LSB is U/L bit. 0 for Universally administered, 1 for Locally administered.
- Universally administed with a 24 leading-bit OUI
- L3: IP
- The IP address gives the network name for the endpoint, and
contains routing information in the prefix.
- IP space map.
- Classfull addressing
- A, CIDR-speak /8 (pronounced: slash 8).
- B, CIDR-speak /16 (pronounced: slash 16).
- C, CIDR-speak /24 (pronounced: slash 24).
- D, multicast, /28 sort of? with network part 0xE
- E, reserved, /28 sort of? with network part 0xF
- Netmasks and subnetting
- CIDR introduce in RFC 1518
and RFC 1519 in September 1993.
- Private local addresses (private address)
- Class A private-local 10./8
- Loopback 127./8
- Auto-config B private 169.254/16 (RFC 3927)
- Class B private-local 172.16/12
- Class C private-local 192.168/24
- NAT and PAT (various flavors)
- L4: Ports (well-known and ephemeral)
- Except unix machines require superuser privilege to open a wel-known port, the differences are cultural, not technical
- Well Known Ports
— used by well-known, a.k.a. community developed and standardized, protocols.
- Registered ports
— claimed through IANA for typical use by a protocol
- Ephemeral/Dynamic ports
— reusable, temporary, and dynamically claimed by a host typically for the client side of any protocol.
- Header formats
- A typical L2 frame is the 802.3 ethernet
- L3 packet contains an IP packet with an IP header
- The IP packet can contain an UDP message (non-standard terminology) that starts with an UDP header
- ICMP
Getting started with sockets
- Enough networking to be dangerous
- ping
- traceroute
- ifconfig
- tcpdump
- Sockets
Routing: how packets get around
- Multilayer routing
- ARP: Address resolution protocol
- Local delivery vs. routing; known route vs. default route
- L2:
- L3: interior gateway protocols
- Distance vector Notes
- RIP: counting to infinity; split horizon and poison reverse
- OSPF: Link State Protocols
- L3: exterior gateway protocols
Application Layer Case Studies: UDP
- ICMP (not really UDP)
- Trivial File Transfer Protocol (TFTP)
- Domain Name Service (DNS).
- Dynamic Host Configuration Protocol (DHCP)
- Conclusions concerning protocol design
TCP and QUIC
Application Layer Case Studies: TCP
Symmetric Encryption
Message Authentication Codes (MAC)
- A hash function is a function h such that:
- compression: an arbitrary bit length (a string) to a fixed bit length (a number)
- ease of computation: practically speaking, using common hardware
- resistance
- preimage resistance, given y, find x such that h(x)=y
- 2nd-preimage resistance, give x find x' such that h(x)=h(x')
- collision resistance, given nothing, just find an x and x' such that h(x)=h(x')
- keyed: a hash function family hk for different keys k.
- unforgeability, given many m, hk(m) pairs find a new m,hk(m') pair.
- The Random Oracle Model according to The Flintstones
- Non-magical hash functions: in practice and in theory.
- Merkle-Damgard extending the hash function.
- Davis-Meyer compression (hash functions from encryptions)
- Applications:
- Minimal disclosure proof of knowledge
- symmetric key signatures (MAC)
- block-chain, both proof of work and chain immutability
- Data fingerprints
- Pseudo-random sequences and encryption.
- One-time authentication schemes
Public key Encryption and the PKI
Authentication
Consensus and Blockchains
Frightful Fridays
Up and running
- Read the General computing requirements
- Prepare your work environment
- You will need ssh, publickey logins, and subversion.
- Unix tools for MacOS
- Mac is Unix. It is an import of FreeBSD, open software project based on Berkeley University unix.
- Brew, will get you ports of unix tools that do not ship with Mac. (e.g. subversion)
- BBedit: my favorite code editor
- Unix tools for Windows (including ssh)
- Learn to start an AWS instance
Assignments:
- Project 1: My Web Server
- See the project homepage
- Accept the github assignment invite, posted in Slack.
- Submit by adding, committing and pushing the evidence.out file, created as a Makefile target.
- Due: Monday, 29 Jan.
- Project 2: Netbounce Apache Edition
- Project 3: Packet Passaround
- Project 4: Packet Passaround Bake-off
- Project 5: Trivially Padded Trivial File Transfer Protocol
- Project 6: Mini Radius Project
- Project 7: Public Key Cryptography
- Install Anaconda
and Jupyter notebook on your work computer.
- Git pull the invited assignment and git push when done.
- Due: Monday, April 29.