CryptoWorks21 • Fundamentals of Network Security

In 2013, 2014, 2016, 2017, 2018, 2019, and 2021 I gave a short course on Fundamentals of Network Security for the CryptoWorks21 program at the University of Waterloo.

Lecture materials and practical exercises from these lectures are below. Lecture 2 provides a nice (in my opinion) one-lecture overview of the basics of cryptography and could act as a good review/refresher.

Lecture 1: Basics of Information Security

Topics: Security architecture and infrastructure; security goals (confidentiality, integrity, availability, and authenticity); threats/vulnerabilities/attacks; risk management

Lecture 1 slides (PDF)

• Related textbook: Security in Computing by Charles P. Fleeger, Shari Lawrence Pfleeger, and Jonathan Margulies
• Related textbook: Security Engineering by Ross Anderson, available for free from author’s website

Lecture 2: Cryptographic Building Blocks

Topics: Symmetric crypto: ciphers (stream, block), hash functions, message authentication codes, pseudorandom functions; public key crypto: public key encryption, digital signatures, key agreement.

Lecture 2 slides (PDF)

• Related textbook: Cryptography, An Introduction by Nigel Smart, available for free from author’s website; or the newer version Cryptography Made Simple, available via most universities’ subscriptions
• Related textbook: Handbook of Applied Cryptography by Menezes, van Oorschot, and Vanstone, available for free from author’s website, but fairly out-of-date now

Lecture 3: Network Security Protocols

Topics: Overview of networking and PKI; Transport Layer Security (TLS) protocol; overview of SSH, IPsec, Wireless (Tool: Wireshark)

Lecture 3 slides (PDF)

• Assignment 0: Setting up virtual machine
• Assignment 1: Network security protocols
• Related textbook: Applied Information Security by Basin, Schaller, Schläpfer, Chapter 7 “Certificates and Public Key Cryptography”, available via UW’s Springer subscription

Lecture 4: Offensive and Defensive Network Security

Topics: Offensive: Pen-tester/attack sequence: reconnaissance; gaining access; maintaining access (Tool: nmap); supplemental material: denial of service attacks; Defensive: Firewalls and intrusion detection

Lecture 4 slides (PDF)

• Assignment 0: Setting up virtual machine
• Assignment 2: Offensive and defensive network security
• Related textbook: Applied Information Security by Basin, Schaller, Schläpfer, Chapter 3 “Network Services”, available via UW’s Springer subscription

Lecture 5: Access Control & Authentication; Web Application Security

Topics: Access control: discretionary/mandatory/role-based; phases. Authentication: something you know/have/are/somewhere you are. Web security: cookies, SQL injection. Supplemental material: passwords.

Lecture 5 slides (PDF)

• Assignment 0: Setting up virtual machine
• Assignment 3: Authentication
• Related software: WebGoat, a hands-on tool for exploring web application vulnerabilities