Praktische IT-Sicherheit (PS)

Vorlesung Resilient Networking

News

     Vorlesung auf Englisch.

The lecture is going to be given on Tuesdays, 12:00 - 13:30, starting from November 3rd! It will be streamed and the videos will be available for download, online, subsequent to the corresponding lecture. We will organize the reading group during the first lecture, so please try to make sure that you participate in this event, at least.

Alike the past years there's a limit of 15 students who can participate in this course, as the reading group does not scale to larger groups.

 

Subject

The lecture resilient networking provides an overview on the basics of secure networks as well as on current threats and respective countermeasures. Especially bandwidth-depleting Denial of Service attacks represent a serious threat. Moreover, over the last years the number of targeted and highly sophisticated attacks on company and governmental networks increased. To make it worse, as a new trend at the moment, the interconnection of the Internet with cyber physical systems takes place. Such systems, e.g., the energy network (smart grid), trans- portation systems and large industrial facilities, are critical infrastructures with severe results in case of their failure. Thus, the Internet that interconnects these systems has evolved to a critical infrastructure as well.

The lecture introduces the current state-of-the-art in the research towards resilient networks. Resilience-enhancing techniques can be generally classified in proactive and reactive methods. Proactive techniques are redundancy and compartmentalization. Redundancy allows to tolerate attacks to a certain extent, while compartmentalization attempts to restrict the attack locally and preventing its expansion across the whole system. Reactive techniques follow a three step approach by comprising the phases of detecting    an attack, mitigate its impacts, and finally restore a system's usual operation.

 

        Topics

  •  excursus to graph theorie
  •  overview on BGP routing and the Domain Name Service
  •  Denial of Service attacks and their mitigation
  •  mechanism for increasing the resilience of P2P networks
  •  Intrusion Detection system

 

Lecturer

Thorsten Strufe

 

Organizational matters

Tuesdays     12:00 hybrid: Grashoff lecture hall and online at our bbb server (contactus for the pass code)
Thursdays   10:00 online

Access to online lectures through ILIAS: https://ilias.studium.kit.edu/goto.php?target=crs_1278878&client_id=produktiv

The course will consist of a lecture (3SWS) and an exercise course (1SWS). The exercise course consists of two parts: we will hold a biweekly reading group and there will be a task assignment. We will read papers from the context of the topics in class in the reading group. Everybody is expected to read all mandatory papers (around 9), and we will choose volunteers for each paper to briefly summarize the content, before the entire group discusses their questions and comments regarding the paper. We hope to discuss two papers during each session. The implementation task will be introduced in the context of the class discussing database publication and differential privacy. Each participant of the course will be tasked to implement a simple solution for data sharing with differential privacy, and the results will be presented and discussed during the last exercise course.

Please register to the mailing list.
There will be an etherpad to organize the reading group

 

Teaching material

Here is the list of mandatory and optional reading material (publications regarding the topics in class).
The reading group will mainly cover the mandatory reading, potentially some additional papers of interest (depending on the number of students who enrol in the course).

Paper Date

Error and Attack Tolerance of Complex Networks

Tearing Down the Internet

Dec 3rd

Losing Control of the Internet

Small Lies and Lots of Damage

Dec 10th

SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit

All your DNS Records Point to Us

Jan 14th

Amplification Hell

Identifying the Scan and Attack Infrastructures behind Amplification DDoS Attacks

Jan 21st