Resilient Networking
There will not be a reading group session on Feb 4th, but we'll read our last paper on Feb 11th.
For reasons of Covid-19 and other challenges, this lecture will be given in a hybrid mode. The lecture is going to be given on Tuesdays, 12:00 - 13:30, starting from November 3rd! It will be streamed and the videos will be available for download, online, subsequent to the corresponding lecture. We will organize the reading group during the first lecture, so please try to make sure that you participate in this event, at least.
Alike the past years there's a limit of 15 students who can participate in this course, as the reading group does not scale to larger groups.
HINT
The exercise of this lecture is a reading group, where each participating student is expected to present (at least) one paper throughout the term. Due to the timing constraints we hence have to limit the number of participants of this course.
Topic
The lecture resilient networking provides an overview on the basics of secure networks as well as on current threats and respective countermeasures. Especially bandwidth-depleting Denial of Service attacks represent a serious threat. Moreover, over the last years the number of targeted and highly sophisticated attacks on company and governmental networks increased. To make it worse, as a new trend at the moment, the interconnection of the Internet with cyber physical systems takes place. Such systems, e.g., the energy network (smart grid), trans- portation systems and large industrial facilities, are critical infrastructures with severe results in case of their failure. Thus, the Internet that interconnects these systems has evolved to a critical infrastructure as well.
The lecture introduces the current state-of-the-art in the research towards resilient networks. Resilience-enhancing techniques can be generally classified in proactive and reactive methods. Proactive techniques are redundancy and compartmentalization. Redundancy allows to tolerate attacks to a certain extent, while compartmentalization attempts to restrict the attack locally and preventing its expansion across the whole system. Reactive techniques follow a three step approach by comprising the phases of detecting an attack, mitigate its impacts, and finally restore a system's usual operation.
Based upon this categorisation of resilience strategies the lecture will give an excursus to graph theorie and will introduce generic strategies to increase the resilience of networks, e.g., proactively establishing backup routes and fast restoration strategies. Furthermore, the lecture will provide an overview on BGP routing and the Domain Name Service, as two essential Internet services. Both services are presented and current attacks as well as corresponding countermeasures are described. Moreover, Denial of Service attacks and their mitigation are observed in detail as well as mechanism for increasing the resilience of P2P networks. Finally, Intrusion Detection systems are covered as mechanisms to mitigate the impacts of successful attacks.
The videos are on our BigBlueButton server at the room RN 20.
Please register to the mailing list
Teaching Material (SS19)
Lecture Schedule
| 03.11. | Preliminaries | |
| 10.11. | Background | |
| 17.11. | Background (Graphs) | |
| 24.11 | Background (Crypto) | |
| 01.12. | Routing and Routing Security | |
| 08.12. | Routing Security (ctd.) | |
| 15.12. | Routing Security (ctd.) | |
| 12.01. | Routing Security (ctd.) | |
| 19.01. | Name Resolution /DNS | |
| 26.01. | Name Resolution / DNS Security | |
| 02.02. |
Denial of Service |
|
| 09.02. | Denial of Service (ctd.) | |
| 16.02. | Intrusion Detection |
This link leads to the coursera course on crypto by Dan Boneh, as mentioned in the lecture.
Reading Group Schedules
Initial set of papers, more potentially to follow...
| Paper | Date |
|---|---|
| Dec 3rd | |
| Jan 14th | |
|
SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit |
Jan 21th |
|
Identifying the Scan and Attack Infrastructures behind Amplification DDoS Attacks |
Jan 28th |
| No reading group session | Feb 4th |
| Measuring and Detecting Fast-Flux Service Networks | Feb 11th |
Template that helps reading papers (h/t: anonymous student from Darmstadt).
Collaborative Editing: Coordination for the reading group
Overview of Information
Master/Diplom Informatik ab 2010 (INF-PM-ANW, INF-BAS4, INF-VERT4),
Master Medieninformatik ab 2010 (INF-BI-3)
Informationssystemtechnik ab Diplom 2010 (INF-BAS4, INF-VERT4)
Wirtschaftswissenschaften ab 2010 (MA-WW-INF-3421/D-WW-INF-3421, MA-WW-INF-3422/D-WW-INF-3422)
Lectures and exercises
English
6th semester or later
Basic knowledge in distributed systems and IT security is recommended. The lecture is intended for master and diploma students.
Lecture: 2, exercise: 2
oral examination
- Lecture: Tuesday, 12:30- 13:30 Uhr online
- Übung:
- The lecture starts on Tuesday, November 3th, 2020!
- Einschreibung jexam:
- Es wurden nicht alle Vorlesungen und Übungen in jExam importiert. Der Fehler wird noch behoben. Sobald es möglich ist, wird es hier vermerkt.
- Studenten, die sich nicht in die LV über jExam einschreiben können, wenden sich bitte per Email ans Sekretariat (martina.gersonde@tu-dresden.de) mit folgenden Angaben:
- Name, Vorname
- Matrikel-nr
- Studiengang
- in welchem Modul wollen Sie die LV einbringen
- Danach erhalten diese eine Email-Bestätigung für die Teilnahme