[Global Lecture Series]

여름방학 기간 중 국제적인 저명인사를 초청하여 강의를 합니다.

관심 있는 분들의 많은 참여 바랍니다.

Lecture Title: Principles of Network Security Protocols

Dates: July 5-6, 2010

Venue: Wooribyul Seminar room (E3-2, 2201)

Instruction by

Radia Perlman, Intel Fellow, (The Mother of Internet)

Charlie Kaufman, Microsoft Partner Architect

Authors of half-million-copy bestsellers of

Perlman, R., “Interconnections Second Edition: Bridges, Routers, Switches, and Internetworking Protocols”, Addison-Wesley Publications, 1999.

Kaufman, C., Perlman, R. and Speciner, M., “Network Security: Private Communication in a Public World”, Prentice Hall Publications, 2002.

Lecture Description

Anyone designing network protocols of any type, or managing a network, needs to understand security. But it tends to be an abstruse science, where the academics focus on the mathematics of the cryptography and formal proofs, and standards-focused people stress the syntax of their particular standard. This tutorial demystifies the field, and focuses on a conceptual understanding of the pieces that someone who doesn’t want to specialize in cryptography, and yet does want to understand the implications of security on network protocols, needs to know. This tutorial gives an intuitive understanding of the basic cryptographic tools, and focuses on what their functional differences are. For instance, what is the difference between authentication systems based on secret keys, public keys, or identity providers? If one is adding cryptographic protection to a protocol, how can you handle changing keys without breaking a connection? How can you ensure that old packets from previous conversations, or when a sequence number wraps around, do not get mistaken for current packets? How would one send encrypted electronic mail through a distribution list? What are the special issues of encrypting data at rest?

Detailed syllabus and agenda

July 5, 9:00-12:00, 13:30-16:30

l  What is the problem?

-      A quick overview of why network security is needed (remote authentication, private and authenticated email, etc)

l  Overview of cryptography

-      public key, secret key, hash.

-      Secure email issues (including complications such as distribution lists).

-      S/MIME and PGP.

l  Key distribution (PKI and secret-key based systems such as Kerberos).

-      Secret for yourself and at least one trusted party.

-      How does the system get bootstrapped?

-      How do you find a path across multiple trust domains to the target?

l  Kerberos details (including Microsoft Kerberos) and PKI details (including X.509 and PKIX)

July 6, 9:00-12:00, 13:30-16:30

l  Concepts in real-time protocols

-      authentication handshakes, perfect forward secrecy, session resumption, identity hiding, plausible deniability, denial of service protection.

l  Implications of choosing “layer 3” vs “layer 4” approaches

-      layer 3 IPsec

-      layer 4 SSL, SSH

-      how export rules have affected designs.

l  IPsec details

-      data packet formats (AH and ESP), IKE (key establishment protocol).

-      Problems with IKE.

-      Possible successors to IKE.

l  SSL and Web: URLs, HTTP, cookies

Contact: June-Koo Rhee, 이준구 / Dept. of EE / rhee.jk@kaist.ac.kr / 350-6416

           Kyoung Soo Park, 박경수 / Dept. of EE / kyoungsoo@ee.kaist.ac.kr / 350-3412