CS 6204 Public Key Infrastructure and Network Security

CS 6204 Public Key Infrastructure and Network Security
Fall 2020

Course details

Instructor

Prof. Taejoong Chung
Office: 2228
tijay@vt.edu

Location

Zoom (https://virginiatech.zoom.us/j/96951450434)
05:30pm–06:45pm
Mondays, Wednesdays

Office hours

09:00am–10:00am
on Mon/Wed (Virtual)
(Link is available on Canvas)

Discussion Forum

https://canvas.vt.edu/courses/115628

textbooks

Introduction to Public Key Infrastructures
By Johannes A. Buchmann, Evangelos Karatsiolis, Alexander Wiesmaier

Engineering Security
By Peter Gutmann

Handouts

Syllabus

Grading

35%	Paper Presentation
45%	Paper Discussion
20%	Research Projects

Course description

A public key infrastructure (PKI) provides secure communications between two different entities over an untrusted network. Due to this ability, PKIs are now central to security on the Internet: there are a number of large-scale PKIs in use today such as DNSSEC, HTTPS, and the RPKI. This course examines basic network security models and public key infrastructure that entwines multiple layers of the network stack: application, transport, and network layer. Topics include concepts in basic threat models in networking, public key infrastructure, data-driven approach for securing Internet, etc. Students are required to write critiques on assigned papers, propose and complete a research project individually or in teams, and give presentations on a related topic.

Prerequisites

CS4254: Computer Network Architecture and Programming or an equivalent course in computer networks at the senior or graduate level.

Synchronous vs. Asynchornous lecture

This course will be delivered in both asynhronous and synchronous ways; all lectures and discussions will be recorded and posted on Canvas so that you can follow up if you happen to miss the class. Thus, this class does not consider your attendance when it comes to grading. However, you are still required to do a presentation every 4~5 weeks in a synchronous way for active discussion. If you cannot make it on your presentation date, please reach out to me earlier so that I can schedule it accordingly in advance.

attendance and participation

All students are required to read the paper before the class and actively participate the in-class discussion. The class projects are a major part of this course.

We will be using Canvas as a course discussion/bulletin board. You are expected to check it at least once every few days, use it as the first place to ask questions, and answer others' questions. The professor will regularly monitor the board, and your participation will count towards your grade.

Schedule

Please check here

Papers

Below is a list of papers, which will be discussed at the class.

Topic	ID	Paper
DNSSEC	01	A Longitudinal, End-to-End View of the DNSSEC Ecosystem [Security’17]
DNSSEC	02	Understanding the Role of Registrars in DNSSEC Deployment [IMC’17]
DNSSEC	03	Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices [Security'20]
DNSSEC	04	Roll, Roll, Roll your Root: A Comprehensive Analysis of the First Ever DNSSEC Root KSK Rollover [IMC’19]
HTTPS	01	Censys: A Search Engine Backed by Internet-Wide Scanning [CCS’15]
HTTPS	02	An End-to-End Measurement of Certificate Revocation in the Web's PKI [IMC’15]
HTTPS	03	Measuring and Applying Invalid SSL Certificates: The Silent Majority [IMC’16]
HTTPS	04	Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem [CCS’16]
HTTPS	05	Analysis of SSL certificate reissues and revocations in the wake of Heartbleed [IMC’14]
HTTPS	06	Tracking Certificate Misissuance in the Wild [Oakland’18]
HTTPS	07	The Security Impact of HTTPS Interception [NDSS17]
HTTPS	08	The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem [IMC’18]
HTTPS	09	A First Look at Certification Authority Authorization (CAA) [CCR’18]
HTTPS	10	Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate [Oakland’19]
HTTPS	11	Is the Web Ready for OCSP Must Staple? [IMC’18]
HTTPS	12	Mission Accomplished? HTTPS Security after DigiNotar [IMC’17]
HTTPS	13	CRLite: a Scalable System for Pushing all TLS Revocations to All Browsers [Oakland’17]
HTTPS	14	You Are Who You Appear to Be: A Longitudinal Study of Domain Impersonation in TLS Certificates [CCS'19]
HTTPS	15	Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale [Security'20]
HTTPS	16	PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists [Security'20]
HTTPS	17	Bamboozling Certificate Authorities with BGP [Security'18]
Email	01	Security by Any Other Name: On the Effectiveness of Provider Based Email Security [CCS’15]
Email	02	Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security [IMC’15]
Email	03	End-to-End Measurements of Email Spoofing Attacks [Security'18]
Email	04	A Longitudinal and Comprehensive Study of the DANE Ecosystem in Email [Security'20]
RPKI	01	Why Is It Taking So Long to Secure Internet Routing [ACMQueue’14]
RPKI	02	RPKI is Coming of Age: A Longitudinal Study of RPKI Deployment and Invalid Route Origins [IMC'19]
RPKI	03	On the Risk of Misbehaving RPKI Authorities [hotnets’16]
RPKI	04	Are We There Yet? On RPKI's Deployment and Security [NDSS'17]
RPKI	05	MaxLength Considered Harmful to the RPKI [CoNEXT’17]
RPKI	06	DISCO: Sidestepping RPKI's Deployment Barriers [NDSS'20]
RPKI	07	Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table [IMC'19]

Projects

Students are required to pick one research topic related to the class and perform own research project. Bring your topic and discuss with me before October 21st during the office hours or email me for discussion. Submit your own paper (which is written in Latex, using overleaf.com) before the December 9th. Here are some examples that you might be interested in.