Instructor | Announcements | Course Info | Class Material | Schedule | Project | Grade | General Policy | Related Links


CmpE 209
Network Security
Spring 2007
College of Engineering




Richard Sinn
Office Hours: After class, by appointment or email only

Richard Sinn specializes in development projects and consulting in security and identity management. He has been in the software industry for years as lead developer, architect and manager for projects ranging from real time communcation (text, voip, video), secure network appliances, certificate management system, secure provisioning system, identity and access management system, IBM operating systems, kernel file system, network computer, Java desktop, IT development framework, and IBM DB2 database.

As an inventor, Richard holds the following patents (some pending, some issued):

Richard has also been a part-time professor at the San Jose State University in both the Computer Science and Computer Engineering department for the last 8 years. He's the advisor for the CS department's senior independent studies and Engineering department's senior design project and master project. In 2003, Richard founded a new graduate level course titled "Software Security Technologies" at San Jose State University. The course is part of the computer engineering graduate program as well as part of the professional enterprise software certification program.

As a freelance writer, Richard authors multiple articles over the years for different magazines, books, and journals (such as Developer Connection Magazine, IBM Technology Journal, Developer Toolbox Magazine, Midrange Computing, IEEE computer society press, e-ProMag, Domino Professional Magazine, etc). He was an adjunct Professor at the University of Minnesota while he worked at IBM Rochester and IBM Silicon Valley Laboratory. Richard holds a Master of Science, major in computer science and minor in mathematics from University of Minnesota-Twin Cities, and Bachelor of Science with Honors from University of Wisconsin-Madison, double major in Computer Science and Mathematics.

Richard is currently working as the security architect for the Yahoo Real Time Communication group.





Add code:

Class is max out at 72 (the max the room can hold).


Class time:

Every Tuesday

Class room:



Initial creation.


Please consider how you set up your evaluation environments - be it homework, on-campus quizzes and exams, to minimize chances of (temptations to) cheating.

In particular:

During tests:

- Make sure there is plenty of space between students.

- Always proctor exams and tests, and preferably by sitting at the back of the room rather than at the front. Do not leave the testing room during the test. If you cannot proctor the class yourself, contact me and I will endeavor to find a proctor for you.

- If the test is closed-book, require all backpacks to be zipped shut, all PDAs, computers and phones to be handed in, and any access to either without explicit proctor permission should be an immediate F in the class.

For homework: We have started using on-line support systems to catch cheaters. So I would very strongly urge you:

- For code assignments: Run them all through MOSS

- For essays etc: Run them all through (SJSU has a site subscription, I have been told.)

- Make sure individual contributions are ensured in team projects. This can be done through various means: Sign-offs, quizzes on the content of common work, etc.

Remember: A grade reflects an evaluation of the individual student's achievements. Your evaluation system has to reflect that objective.


Course Information


Network security protocols and applications, cryptography algorithms, authentication systems, intrusion detection, network attacks and defenses, system-level security issues, and how to build secure systems. Prerequisite: CmpE 206 and EE 281. This semester is programming oriented. Topics include:



Apart from big term project(s) and presentation, there are homework assignments, a mid-term exam and a final exam. Some exams might be take-home. The weightings for grading are: Term Project(s) 40%, Homework 20%, Midterm 10%, Final Exam 10%, and Team Presentation 20%.

No Late Assignment Submission. Put everything in an envelop when submit any material.



Class Material

Lecture Notes

Part of my book: Software Security Technologies (First class test copy). You will be given instruction on how to buy the book in the first class.


More will be added as the semester goes



Jan 30, 2007-Tue


Feb 6, 2007-Tue:


February 5 Last Day to Drop Courses Without an Entry on Student's Permanent Record
February 12 Last Day to Add Courses & Register Late


Feb 13, 2007-Tue:

  • Essential PKI
    • Services
    • Certificate and Processing
    • CRL
    • Components
  • Project List


Feb 20, 2007-Tue:

  • Threat Model
  • Team Presentation Info
  • Project Info
  • Reading: Chapter 1, Chapter 3, Chapter 4


Feb 27, 2007-Tue:

  • Threat Model part II
  • Reading: Chapter 5, 6, 7


Mar 6, 2007-Tue:


Mar 13, 2007-Tue:


Mar 20, 2007-Tue:


March 26 - March 30: Spring Break


Apr 3, 2007-Tue:


Apr 10, 2007-Tue:


Apr 17, 2007-Tue:


Apr 24, 2007-Tue:


Final and Presentation

May 1, 2007-Tue:


May 8, 2007-Tue:


May 15, 2007-Tue:

  • Final Exam
  • Term Project Due
  • Last Day of Instruction for the whole university.




Term Project

Develop a Protocol Monkey program for one of these protocols in the below table. For this project, a monkey program is defined as a program located between two nodes of a protocol during communication. The monkey program can understand the network protocol by reading packets during communication of the two nodes. Since it is a "monkey", the program can change any packet in any state of the protocol during communication. With this basic definition, here is the minimium requirement for the monkey program:

As a team, you must perform the following:



Data Link Layer
ARP/RARP Address Resolution Protocol/Reverse Address
DCAP Data Link Switching Client Access Protocol

Network Layer
DHCP Dynamic Host Configuration Protocol
DVMRP Distance Vector Multicast Routing Protocol
ICMP/ICMPv6 Internet Control Message Protocol
IGMP Internet Group Management Protocol
IP Internet Protocol version 4
IPv6 Internet Protocol version 6
MARS Multicast Address Resolution Server
PIM Protocol Independent Multicast-Sparse Mode (PIM-SM)
RIP2 Routing Information Protocol
RIPng for IPv6 Routing Information Protocol for IPv6
RSVP Resource ReSerVation setup Protocol
VRRP Virtual Router Redundancy Protocol

Transport Layer
Mobile IP Mobile IP Protocol
RUDP Reliable UDP
TALI Transport Adapter Layer Interface
TCP Transmission Control Protocol
UDP User Datagram Protocol
Van Jacobson compressed TCP
XOT X.25 over TCP

Session Layer
BGMP Border Gateway Multicast Protocol
DIS Distributed Interactive Simulation
DNS Domain Name Service
ISAKMP/IKE Internet Security Association and Key Management Protocol and Internet Key Exchange Protocol
iSCSI Small Computer Systems Interface
LDAP Lightweight Directory Access Protocol
MZAP Multicast-Scope Zone Announcement Protocol
NetBIOS/IP NetBIOS/IP for TCP/IP Environment

Application Layer
COPS Common Open Policy Service
FANP Flow Attribute Notification Protocol
Finger User Information Protocol
FTP File Transfer Protocol
HTTP Hypertext Transfer Protocol
IMAP4 Internet Message Access Protocol rev 4
IMPPpre/IMPPmes Instant Messaging and Presence Protocols
IPDC IP Device Control
IRC ·Internet Relay Chat Protocol
ISAKMP Internet Message Access Protocol version 4rev1
NTP Network Time Protocol
POP3 Post Office Protocol version 3
Radius Remote Authentication Dial In User Service
RLOGIN Remote Login
RTSP Real-time Streaming Protocol
SCTP Stream Control Transmision Protocol
S-HTTP Secure Hypertext Transfer Protocol
SLP Service Location Protocol
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SOCKS Socket Secure (Server)
TACACS+ Terminal Access Controller Access Control System
TELNET TCP/IP Terminal Emulation Protocol
TFTP Trivial File Transfer Protocol
WCCP Web Cache Coordination Protocol
X-Window X Window

BGP-4 Border Gateway Protocol
EGP Exterior Gateway Protocol
EIGRP Enhanced Interior Gateway Routing Protocol
HSRP Cisco Hot Standby Router Protocol
IGRP Interior Gateway Routing
NARP NBMA Address Resolution Protocol
NHRP Next Hop Resolution Protocol
OSPF Open Shortest Path First
TRIP Telephony Routing over IP

ATMP Ascend Tunnel Management Protocol
L2F The Layer 2 Forwarding Protocol
L2TP Layer 2 Tunneling Protocol
PPTP Point to Point Tunneling Protocol

AH Authentication Header
ESP Encapsulating Security Payload
TLS Transport Layer Security Protocol


Team Research Presentation (Lab)

Each team will be given one topic to research and present during the semester. Mid-term and final will contain some questions related to the topics presented. The team needs to prepare the following:



Email to check your grade if necessary.


General Policy

The university and departmental policies and deadlines for course drop will be applied. Makeup exams cannot be offered, except under exceptional conditions, such as documented serious illness/accident, etc., and only at the professor's discretion.

Each student is responsible for his/her individual assignment, and must not copy anyone else's work. Students who borrow solutions from others will find themselves unable to pass the course. The minimum penalty for every student involved in the duplication of individual assignments or exams will be receiving a zero score on the submitted work.

For group project, all the work has to be done by your OWN group. Do not try to download "free code" from the Internet and hand in as a project. WE WILL FIND OUT. Do not share your work with others. So DO YOUR OWN WORK and EARN your grade.


Related Links

  • Past Class Grading and Info
  • Software Engineering Institute
  • Special Interest Group on Software Engineering (SIGSOFT)
  • IBM San Francisco Project
  • Object Management Group
  • Rational Software Corporation
Richard's Recent Articles


Instructor | Announcements | Course Info | Class Material | Schedule | Project | Grade | General Policy | Related Links