Network security
Code UE : USEEK7
- Cours
- 6 crédits
Responsable(s)
Public, conditions d’accès et prérequis
Not applicable as this Specific Unit (US) is an integral part of a coherent degree.
Présence et réussite aux examens
Pour l'année universitaire 2022-2023 :
- Nombre d'inscrits : 28
- Taux de présence à l'évaluation : 100%
- Taux de réussite parmi les présents : 100%
Objectifs pédagogiques
This course covers the main aspects of network security. It presents general security problems (confidentiality, integrity, availability, authentication and access control, non-repudiation), known standard solutions for these problems and their implementation in the Internet architecture.
Compétences visées
- Understand security issues.
- Manage risks related to information technology.
- Deploy appropriate solutions according to the confidentiality, integrity and availability constraints of business applications.
Mots-clés
- Protocole TCP/IP
- Internet
- Sécurité de l'information
- Gestion des risques des systèmes d'information
- Sûreté de fonctionnement
- Cybersécurité
- Architecture client-Serveur
- Cryptographie
- Protocoles sécurisés
- Gestion de la sécurité
- sécurité des systèmes d'informations
- Politique de sécurité
- Transmission des données
- Réseau de télécommunications
- Technique de télécommunications
Contenu
0) Introduction to IT security and risk management (ISO 27000 standards)
1) Cryptographic primitives:
1) Cryptographic primitives:
- Cryptographically strong random number generators
- Historical approaches: codes, steganography, encryption
- Kerckhoffs principle
- Taxonomy of cryptanalysis techniques. Example clock attack on smart cards.
- Friedman’s coincidence index
- Historical algorithms: Caesar, Vigenère, Playfair, ADFGVX, Enigma
- Unconditional security of the one-time pad (Vernam cipher)
- Shannon’s information theory and consequences on algorithmic security
- Turing’s complexity theory, and computational security. NP-complete problems.
- Semantic security, cryptogram indistinguishability and non-malleability.
- Symmetrical ciphers: stream (A5/1, RC4, ChaCha20), block (DES, AES) and their operating modes (ECB, CBC, CTR)
- Arithmetic notions: modulo n congruences, Euclidean division, GCD, LCM, Euclid’s algorithm, Bézout relations, Chinese remainder theorem, Euler indicator
- Public-key cryptography: backpack, RSA, OAEP padding, Diffie-Hellman, elliptical curves. Non-repudiation and digital signatures.
- Cryptographic hash functions: birthday attacks, Merkle-Damgård constructs (MD5, SHA1 and 2), RFC2104 HMACs, sponge functions (SHA3).
- Public Key Infrastructures: X509v3 certificates, certification authorities, double key pair deployments and encryption private key escrow, revocation (CRL, OCSP RFC6960). Hands-on labs deploying a certification authority, enabling encryption on a web server (HTTPS) and on electronic mail (S/MIME).
- Applications of quantum theory and consequences on cryptosystem security: Shor and Grover algorithms.
- Authentication: via password (storage techniques : hashing and salt), biometrics (fingerprints, iris recognition…) and token (smart card...) Strong / multifactor authentication.
- Authorization: access control lists and capacities
- Hierarchical security models (Bell-LaPadula, Biba…) and compartments. Examples with SELinux and Windows 10. Discretionary vs. Mandatory Access Control.
- CIA classification (FIPS 199, ISO 27000): impact scale and controls.
- Access management: role-based access control. Segregation of duties and least privilege.
- Identity management: generic and privileged accounts
- Covert channels: example with Covert_TCP
- Inference control in statistical databases
- Failures, MTBF and MTTR
- ANSI/TIA-942 standard and Datacenter availability levels
- Server availability
- Local storage reliability and virtualization: RAID levels, logical volume management
- Storage centralization and optimization: Storage Area Networks (SAN), SCSI protocol, Fiber Channel, storage tiering, thin provisioning, over-subscription and thin persistence. Block-level deduplication. World-Wide Names, FC Zoning and LUN masking. SAN fabrics, multi-pathing and ALUA. FCoE and iSCSI.
- Network redundancy at the link layer: LACP IEEE 802.3ad, multi-switch extensions (Virtual Ports channels), or active/passive mode. VLAN loop management with Multiple Spanning Tree (802.1q)
- Recovery Time Objective (RTO)
- High Availability: physical HA clusters, server virtualization (“compute”): license impact
- Disaster Recovery and Business Continuity Planning: maximum admissible data loss (RPO)
- SAN-to-SAN data replication, synchronous (metropolitan networks) or asynchronous
- Stretched VLAN between Data Centers, Network Virtualization (VXLAN) and Overlay Transport Virtualization
- Basic authentication primitives: challenge/response, nonces, mutual authentication schemes, perfect forward secrecy, timestamps
- TCP-based authentication, and sequence number prediction. Example with SMTP (email).
- Zero-Knowledge Proofs: transcription, simulators. Examples based on graph isomorphisms, Hamiltonian circuits, and the Feige-Fiat-Shamir protocol. Iteration parallelization.
- Transport Layer Security: SSL/TLS
- Network layer security: IPSec, IKE, AH/ESP
- Applicative layer security: Kerberos (Active Directory), KDC, TGT and resource tickets
- Link-layer security: GSM security architecture. Roaming, authentication and confidentiality. 3G/4G changes.
Modalité d'évaluation
Final exam.
Bibliographie
- Bruce Schneier : Applied Cryptography
- Ross Anderson : 'Security Engineering', 2d Edition, Wiley, 2008
- Alfred J. Menezes, Paul C. van Oorschot et Scott A. Vanstone : 'Handbook of applied cryptography', CRC Press, 2001
Cette UE apparaît dans les diplômes et certificats suivants
Rechercher une formation
Chargement du résultat...
Intitulé de la formation |
Type |
Modalité(s) |
Lieu(x) |
|
---|---|---|---|---|
Intitulé de la formation
Artificial Intelligence for Connected Industries
|
Lieu(x)
Package
|
Lieu(x)
Paris
|
||
Intitulé de la formation
Master ROC en alternance - Mulhouse
|
||||
Lieu(x)
Initial
|
Lieu(x)
Paris
|
|||
Intitulé de la formation
Master Computer Networks and IoT Systems
|
Lieu(x)
Package
|
Lieu(x)
Paris
|
||
Intitulé de la formation | Type | Modalité(s) | Lieu(x) |
Contact
EPN03 - Easy
292 rue Saint-Martin 11-B-2
75141 Paris Cedex 03
Tel :01 40 27 24 81
Virginie Dos Santos Rance
292 rue Saint-Martin 11-B-2
75141 Paris Cedex 03
Tel :01 40 27 24 81
Virginie Dos Santos Rance
Voir le calendrier, le tarif, les conditions d'accessibilité et les modalités d'inscription dans le(s) centre(s) d'enseignement qui propose(nt) cette formation.
Enseignement non encore programmé
Code UE : USEEK7
- Cours
- 6 crédits
Responsable(s)
Dans la même rubrique
- Accueil
- Actualités de la formation
- Comment se former et se financer?
- Rechercher par discipline
- Rechercher par métier
- Rechercher par région
- Catalogue national des formations
- Catalogue de la formation ouverte à distance
- Catalogue des stages
- Catalogue de l'alternance
- Valider ses acquis
- Notre engagement qualité
- Micro-certifications