Computer and Network Security
CS494/594            Class 13   11/21/06

Topics

• IPsec
• VPN's
• wireless
• Kerberos
• secure OS
• lecture slides

Required reading

• Text chapter 16, 13.2, 14.1, 14A, 20.2, 20.3
• NSA's The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments

Additional reading

• Internet Protocol (IP) RFC 791 security options
• keyed-MD5 TCP option RFC 2385 BGP, MSDP, TDP
• IETF security projects
• IETF IPsec working group
• IP security architecture RFC 1825 and IP AH RFC 2402 and IP ESP RFC 2406
• RFC 2409 Internet Key Exchange (IKE) and SKEME
• IPsec API draft
• IPsec NAT Traversal and RFC 3947 and RFC 3948
• IPsec stacks KAME and freeS/WAN and openswan
• HIP host identity payload
• openvpn cert-based option, ssl
• vpnc.org vpn testing
• Handbook of Applied Cryptography key establishment protocols
• pptp microsoft implementation flaws
• IPsec vs SSL and older ('97) IPv6 vs SSL

  wireless

• security aspects of wireless LANs
• Wireless application protocol WAP WTLS transport layer security spec
• flaws in CMEA cellular message encryption algorithm
• Cryptanalysis of ORYX LFSR ciphers for cell phones
• cryptanalysis of A5 GSM stream cipher (LFSR), and other GSM attacks and GSM security study
• CDPD security issues
• 802.11 info and WEP security flaws Wired Equivalent Privacy
• WPA and WPA vs WEP
• 802.11i or here and 802.11x
• lucent/wavelan 128 bit RC4 also see cisco/aironet
• bluetooth security and security weaknesses in bluetooth and SAFER+
• bluetooth vs 802.11
• tinysec lightweight link encryption for wireless sensors (skipjack cbc-mac)

  Kerberos

• Kerberos software and papers
• Kerberos FAQ
• Kerberos: An Authentication Service for Computer Networks
• Bellovin's Limitations of the Kerberos authentication system
• Kerberos: An Authentication Service for Open Network Systems
• kerberos in wireless authentication
• yarrow kerberos v5 random numbers

  Secure OS and validation

• An Architectural Overview of UNIX Network Security
• POSIX Access Control Lists on Linux
• NIST's CMW info
• NSA/VMWare NetTop multilevel security
• trusted computing group
• trusted computing
• dtos
• Trusted Mach or here
• EROS extremely reliable OS
• bastille Linux and NSA's security enhanced linux and Flask: Flux Advanced Security Kernel
• trustix secure linux or EnGarde secure linux or OpenWall linux owl
• grsecurity linux security
• securing and hardening red hat linux and book Linux network security
• OpenBSD security and hardening OpenBSD and OpenBSD crypto hardware support
• sun solaris 10 security
• Windows Vista security
• Windows 2000 security and privileges
• DoD's Orange Book Trusted Computer System Evaluation Criteria
• UK's itsec certification e0-e6 or pdf
• common criteria product assurance
• FIPS 140-1 security requirements for crypto modules
• OpenSSL recevies FIPS 140-2 certification
• Trusted Platform Module (TPM) or wikipedia's tpm info
• Windows Vista and TPM
• Linux and tpm's
• VIA padlock Nehemial crypto processor, benchmark, OpenSSL and Linux support and RNG
• Cavium nitrox security processors
• NIST's info on RBAC role based access control
• hacker's win, break into argus pitbull system due to Solaris bug
• as always, cruise the security page