Instructor | Announcements | Course Info | Class Material | Schedule | Project | Grade | General Policy | Related Links


CmpE 209
Network Security
Fall 2008
College of Engineering




Richard Sinn
Office Hours: After class, by appointment or email only

Richard Sinn has been teaching in the Computer Engineering and Computer Science departments at San Jose State University since 1998. He also served as Adjunct Professor at University of Minnesota. In addition to his teaching career, Richard is the Security Architect at the Real Time Communication group at Yahoo! Inc. Prior to this he held various senior positions at IBM, Oracle and different Silicon Valley startup companies. Richard is an inventor and has filed over ten invention disclosures (patents). He is also a frequent writer for various magazines and journals, and a frequent speaker at regional and national technology conferences.



Check back every now and then for updates.

Add code:

Available when someone drops.

Class time:

Every Tuesday 6:30pm <-----

Class room:



Initial creation.


Please consider how you set up your evaluation environments - be it homework, on-campus quizzes and exams, to minimize chances of (temptations to) cheating.

In particular:

During tests:

- Make sure there is plenty of space between students.

- Always proctor exams and tests, and preferably by sitting at the back of the room rather than at the front. Do not leave the testing room during the test. If you cannot proctor the class yourself, contact me and I will endeavor to find a proctor for you.

- If the test is closed-book, require all backpacks to be zipped shut, all PDAs, computers and phones to be handed in, and any access to either without explicit proctor permission should be an immediate F in the class.

For homework: We have started using on-line support systems to catch cheaters. So I would very strongly urge you:

- For code assignments: Run them all through MOSS

- For essays etc: Run them all through (SJSU has a site subscription, I have been told.)

- Make sure individual contributions are ensured in team projects. This can be done through various means: Sign-offs, quizzes on the content of common work, etc.

Remember: A grade reflects an evaluation of the individual student's achievements. Your evaluation system has to reflect that objective.


Course Information


Network security protocols and applications, cryptography algorithms, authentication systems, intrusion detection, network attacks and defenses, system-level security issues, and how to build secure systems. Prerequisite: CmpE 206 and EE 281. This semester is programming oriented. Topics include:



Apart from big term project(s) and presentation, there are homework assignments, a mid-term exam and a final exam. Some exams might be take-home. The weightings for grading are: Term Project(s) 40%, Homework 20%, Midterm 10%, Final Exam 10%, and Team Presentation 20%.

No Late Assignment Submission. Put everything in an envelop when submit any material.




Policy Info

University, College, or Department Policy Information

a. Academic integrity statement (from Office of Judicial Affairs): “Your own commitment to learning, as evidenced by your enrollment at San José State University, and the University’s Academic Integrity Policy requires you to be honest in all your academic course work. Faculty members are required to report all infractions to the Office of Judicial Affairs.

b. Campus policy in compliance with the Americans with Disabilities Act: “If you need course adaptations or accommodations because of a disability, or if you need special arrangements in case the building must be evacuated, please make an appointment with me as soon as possible, or see me during office hours. Presidential Directive 97-03 requires that students with disabilities requesting accommodations must register with DRC to establish a record of their disability.”

c. Policies or information required by the department, or college with which the class is associated.



Class Material

Lecture Notes


Software Security Technologies, A Programmatic Approach. Course Technology, 496 pages. (Available at bookstore).


Non-Textbook: Reading material will be online on this web site before every lecture. Reading this semester:



Pick one of the references for term paper. Please spend the time to read and actually reseach (program) into the topics. The class expects a high quality research paper, not some collection of combined internet web pages ...




Aug 26, 2008-Tue

Sept 1, 2008 - Labor day.

Sept 2, 2008-Tue:


Sept 5 Last Day to Drop Courses Without an Entry on Student's Permanent Record
Sept 12 Last Day to Add Courses & Register Late


Sept 9, 2008-Tue:

  • Essential PKI
    • Services
    • Certificate and Processing
    • CRL
    • Components
  • Reading: SST Book Chapter 3
  • Homework 1 due
  • Group Homework 1 (Project related)
  • Group Quiz


Sept 16, 2008-Tue:

  • Threat Model
  • Team Presentation Info
  • Project Info
  • Reading: SST Book Chapter 4
  • Threat Model part II
  • Reading: Chapter 5, 6, 7
  • Group Quiz
  • Group Homework 1 Due
  • Homework 2


Sept 23, 2008-Tue:

  • Web SSO related materials AND/OR
  • Authentication and Authorization
  • Project List
  • Presentation List
  • Homework 2 Due
  • Redo Hardcopy Homework 1 Due (if necessary)
  • Homework 3
  • Group Quiz


Sept 30, 2008-Tue:

How to use

  • Go to
  • Click New user
  • Select Student
  • Next
  • Class id is: 2432052
  • Password is my first name in lower case
  • Enter your email
  • Enter your password
  • Select a question and enter an answer
  • Enter your first name and last name
  • I agree
  • Login
  • Enter the cmpe209 fall 2008
  • Try out submit for testing (if you submit the same paper, it will mark as copy ..)
  • After submit, you can checkout the originality report. (Learn to use it. The report takes a while to generate.)
  • The research paper and final team paper must be submitted under If the originality report shows that you plagiarize in the paper. You will fail the class.

The two papers you need to submit for this class is Research paper (after the group presentation) and Term Project paper (the term project paper at the end of the semester).


Oct 7, 2008-Tue:

  • Network Programming with OpenSSL
  • Network Setup / Security / Firewall Concepts (Preso 1, Preso 2) - Preso is contributed from other sources.
  • Reading: Chapter 5, 6, 7
  • Master Project Info
  • Honesty Pledge Due
  • Team presentation: Team A, An Analysis of Bluetooch security (Preso, Report)
  • Team presentation: Bureau of National Security (BNS), An Analysis of Wireless security (Preso, Report)
  • Team presentation: Trojans II, An Analysis of NAT security (Preso, Report)


Oct 14, 2008-Tue:

  • SSL / IPSec (Presentation) - Preso is contributed from other sources.
  • Diffe-Hellman
  • LDAP Protocol (,
  • Project Part I due
  • Homework 4
  • (I graded homework 3 and the answers are not really up to par ... Let's try one more time. This is harder and I will assign more points to it)
  • IPSec
  • IPSec RFC
  • IKE (from the Internet)
  • Project Part I consists of a document includes the following:

    • Detail project plan. The list of features and functions should be included in the project.
    • Schedule and division of work among team members
    • Prototype results
  • Team presentation: Sparks, An analysis of email SPAM (Preso, Report)
  • Team presentation: Verve, An analysis of RTSP security (Preso, Report)
  • Team presentation: Sparks II, An analysis of SOAP security (Preso, Report)
  • Reading: Chapter 5, 6, 7



Oct 21, 2008-Tue:

  • Team presentation: Xobile, An Analysis of VOIP security (Preso, Report)
  • Team presentation: MAD, Security Feature of IPv6 (Preso, Report)
  • Team presentation: SecureWays, An Analysis of XKMS (Preso, Report)
  • Homework 4 Due
  • Mid-term (In Class - Close book)


Oct 28, 2008-Tue:

  • Intro to IDS (Modified Internet Slides)
  • IPSec (Guest speakers ... Be on time!)
  • Radius
  • IDS, etc.
  • Tunneling (ATMP, L2F, L2TP, PPTP)
  • Wireless Authentication Protocols
  • Reading: Chapter 5, 6, 7
  • Team Presentation: TDS, An Analysis of Mobile IP security (Preso, Report)
  • Team Presentation: Chico, An Analysis of XMPP security (Preso, Report)
  • Team Presentation: Ninja, An Analysis of IRC security
  • Reading: Chapter 8
  • Extra Credit Homework
  • Kerberos PPT (Outside source)
  • Authentication Kerberos
  • Kerberos picture
  • Extra Credit Homework
  • ARP / AH / ESP / Routing
  • Mid Term points distribution







  • Keys to do well:
    • Attend class lectures
    • Understand the materials / Not just memorize
    • Attend student presos
    • Read the assigned book chapters
    • Answer in a precise manner (as in any security related answer)


Nov 4, 2008-Tue:

  • Guest Speaker from Cisco, Radius Preso
  • No Office hour after guest lecture
  • Reading: Chapter 8



Nov 11, 2008-Tue: Veteran’s Day - Campus Closed - No class


Nov 18, 2008-Tue:

  • Industry Network Security Topics


Final and Presentation

Nov 25, 2008-Tue:


November 27-28: Thanksgiving Holiday


Dec 2, 2008-Tue:


Dec 9, 2008 - Tue:

  • Final Exam
  • Bubble evaluation
  • Term Project Due (Hard and soft copy - No email please)




Term Project


Your 3 person team is a well known group of network security experts. As a result, the whole team is hired by company ABC to implement the Web Sharing Hub (WSH) web based data sharing application. The basic goal of the system is to enable exchange of data in the MOST secure fashion using a web browser. Here is a list of requirements:


Extra credit

For team that finished early. You can get extra credit by working with another team to come up with an inter WSH sharing mechanism. In other words, how does a group creator of a WSH includes normal users from another site? How will the administrator role changes in inter site scenarios? (And etc.)



Project team has to decide on various issues such as:

As the whole class will be working on similar projects, relative grading will be used. In other words, all the projects will be ranked within the class and points will be assigned accordingly. There are two parts in the project:



Project Part I consists of a document includes the following:

Project Final Part will be covered later in class


Final Word of Warning

This is not an "easy" class and the project is an essential part of the overall grade. People who did not deliver the project well enough could really hurt their grade as the project contains more than 40% of the overall grade.







Team Research Presentation (Lab)

Each team will be given one topic to research and present during the semester. Mid-term and final will contain some questions related to the topics presented. The team needs to prepare the following:


The following are the possible topics:

Data Link Layer
ARP/RARP Address Resolution Protocol/Reverse Address
DCAP Data Link Switching Client Access Protocol

Network Layer
DHCP Dynamic Host Configuration Protocol
DVMRP Distance Vector Multicast Routing Protocol
ICMP/ICMPv6 Internet Control Message Protocol
IGMP Internet Group Management Protocol
IP Internet Protocol version 4
IPv6 Internet Protocol version 6
MARS Multicast Address Resolution Server
PIM Protocol Independent Multicast-Sparse Mode (PIM-SM)
RIP2 Routing Information Protocol
RIPng for IPv6 Routing Information Protocol for IPv6
RSVP Resource ReSerVation setup Protocol
VRRP Virtual Router Redundancy Protocol

Transport Layer
Mobile IP Mobile IP Protocol
RUDP Reliable UDP
TALI Transport Adapter Layer Interface
TCP Transmission Control Protocol
UDP User Datagram Protocol
Van Jacobson compressed TCP
XOT X.25 over TCP

Session Layer
BGMP Border Gateway Multicast Protocol
DIS Distributed Interactive Simulation
DNS Domain Name Service
ISAKMP/IKE Internet Security Association and Key Management Protocol and Internet Key Exchange Protocol
iSCSI Small Computer Systems Interface
LDAP Lightweight Directory Access Protocol
MZAP Multicast-Scope Zone Announcement Protocol
NetBIOS/IP NetBIOS/IP for TCP/IP Environment

Application Layer
COPS Common Open Policy Service
FANP Flow Attribute Notification Protocol
Finger User Information Protocol
FTP File Transfer Protocol
HTTP Hypertext Transfer Protocol
IMAP4 Internet Message Access Protocol rev 4
IMPPpre/IMPPmes Instant Messaging and Presence Protocols
IPDC IP Device Control
IRC ·Internet Relay Chat Protocol
ISAKMP Internet Message Access Protocol version 4rev1
NTP Network Time Protocol
POP3 Post Office Protocol version 3
Radius Remote Authentication Dial In User Service
RLOGIN Remote Login
RTSP Real-time Streaming Protocol
SCTP Stream Control Transmision Protocol
S-HTTP Secure Hypertext Transfer Protocol
SLP Service Location Protocol
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SOCKS Socket Secure (Server)
TACACS+ Terminal Access Controller Access Control System
TELNET TCP/IP Terminal Emulation Protocol
TFTP Trivial File Transfer Protocol
WCCP Web Cache Coordination Protocol
X-Window X Window

BGP-4 Border Gateway Protocol
EGP Exterior Gateway Protocol
EIGRP Enhanced Interior Gateway Routing Protocol
HSRP Cisco Hot Standby Router Protocol
IGRP Interior Gateway Routing
NARP NBMA Address Resolution Protocol
NHRP Next Hop Resolution Protocol
OSPF Open Shortest Path First
TRIP Telephony Routing over IP

ATMP Ascend Tunnel Management Protocol
L2F The Layer 2 Forwarding Protocol
L2TP Layer 2 Tunneling Protocol
PPTP Point to Point Tunneling Protocol

AH Authentication Header
ESP Encapsulating Security Payload
TLS Transport Layer Security Protocol




Email to check your grade if necessary.


General Policy

The university and departmental policies and deadlines for course drop will be applied. Makeup exams cannot be offered, except under exceptional conditions, such as documented serious illness/accident, etc., and only at the professor's discretion.

Each student is responsible for his/her individual assignment, and must not copy anyone else's work. Students who borrow solutions from others will find themselves unable to pass the course. The minimum penalty for every student involved in the duplication of individual assignments or exams will be receiving a zero score on the submitted work.

For group project, all the work has to be done by your OWN group. Do not try to download "free code" from the Internet and hand in as a project. WE WILL FIND OUT. Do not share your work with others. So DO YOUR OWN WORK and EARN your grade.


Related Links



Instructor | Announcements | Course Info | Class Material | Schedule | Project | Grade | General Policy | Related Links