Telecommunication Engineering

ANDREA BAIOCCHI
MARCO POLVERINI


GENERALI
The "Networks and Security" course provides students with a solid theoretical and practical foundation in network architectures, quality of service (QoS), and secure communications. Students will gain an integrated understanding of telecommunication networks, including their multi-layer structure, transport mechanisms, and access solutions, with a strong focus on performance evaluation and optimization of service systems using models and simulation tools.
A substantial part of the course is dedicated to the fundamentals of cryptography and to the main security protocols ensuring authentication, confidentiality, and data integrity. Practical activities complement the training with hands-on configuration and management exercises focused on IP routing, traffic measurement, and basic network security. The course aims to train professionals capable of understanding, designing, and securing modern network infrastructures, with attention to real-world performance and security challenges.

SPECIFICI
• Knowledge and understanding: Students will acquire in-depth knowledge of network architectures, performance analysis techniques, QoS models, cryptographic fundamentals, and communication security protocols.
• Applying knowledge and understanding: Students will be able to configure IP networks, evaluate service system performance, and implement security protocols using software tools and laboratory environments.
• Making judgments: Students will develop the ability to critically evaluate technological solutions for improving QoS and security in complex telecommunication networks.
• Communication skills: Students will be able to clearly and effectively present networking and security problems and solutions in both technical and interdisciplinary contexts.
• Learning skills: The course will provide methodological tools to independently explore advanced topics in networking and security and stay updated with the technological evolution of the sector.

At the end of the course, the student must have acquired the basic technical language and modeling tools to:
o Describe the problems of scheduling and congestion control in a telecommunication network and the solutions adopted in today's practice of telecommunication networks.
o Define what is meant by a secure channel, how this can be implemented, what are the basic solutions to implement the main cryptographic primitives.
o Implement some elementary configuration and analysis actions of networked systems (host, router, firewall) and protocols (IP, TCP).

Basic knowledge of calculus, geometry, probability theory, telecommunications networking. Undergraduate level programming skills (e.g., in Matlab or Python).

MODULE 1 (60 hours)
Review of network architectures and the current structure of the Internet.
Quality of service. Scheduling and dispatching. Congestion control and fairness in resource sharing. Tools for performance evaluation.
Introduction to communications security. Main cryptographic primitives. Authentication and cryptographic protocols.

MODULE 2 (30 hours)
Basic configurations (address assignment and static routes), intra and inter domain routing management, delay and bandwidth measurements, asymmetric encryption and digital certificates, stateless firewall rules

o Andrea Baiocchi: “Network Traffic Engineering - Stochastic models and applications”. Wiley, 2020 [Chs. 2, 3, 6, 8, 10]
o Charlie Kaufman, Radia Perlman, Mike Speciner, Ray Perlner: “Network Security: Private Communications in a Public World”. Addison-Wesley Professional, 3rd Edition, September 2022 [Chs. 1-6, 9-12]
o Material available from the course web site (slides, simulation scripts, measured traffic data).

TEXTBOOKS FOR FURTHER STUDY:
o Frank Kelly and Elena Yuodvina: “Stochastic Networks”. Cambridge University Press, 2014.
o Mor Harchol-Balter: “Performance modelling and design of computer systems”. Cambridge University Press, 2013.
o Niels Ferguson and Bruce Schneier: "Practical Cryptography". John Wiley & Sons Inc., 2003.
o James F. Kurose, Keith W. Ross, “Computer networking: a top-down approach”, Pearson, 8th edition, 2020.
o Andrew S. Tanenbaum, Nick Feamster, David J. Wetherall: "Computer Networks". Pearson, 6° edizione, 2021.

Lectures and exercises in the classroom.
The lectures serve to introduce the concepts and present the course topics in an orderly manner.
The exercises aim to provide application examples, conduct quantitative evaluation examples, applying models introduced in the lectures. Some exercises may be dedicated to computer experience, with the development of simple codes (e.g., simple simulators in Matlab) or the use of state-of-the-art software packages (e.g., Wireshark).

Attendance is not mandatory, but is strongly recommended.

Written test oriented to quantitative evaluations or design/dimensioning of network elements or protocols.
Oral on topics covered in the course, aimed at ascertaining the understanding of concepts and mastery of technical language.

WRITTEN TEST
Let M = 1234567 and N = 89. A server must send M bytes of data over a TCP connection, using an MSS of 1460 bytes. All window and buffer quantities are measured in MSS. The congestion window (cwnd) is initialized to IW = 3. The ssthresh value is set to 64. The receiver window (rwnd) is constantly held at N, for the duration of the connection. The RTT is constant and equal to T for the entire connection, with T = 10 ms. The receiver sends an ACK for each segment received. There is no packet loss, no time-out, no buffering of network branches.
1) With reference to the situation presented above, briefly describe the graph of cwnd versus time expressed in RTT.
2) How long does it take to complete the data transfer (give the answer in seconds)?
3) Can you give a lower bound on the capacity of the bottleneck encountered by the TCP connection? Justify your answer.

ORAL TEST
1) Explain the purpose, generation, and initialization of passwords.
2) Describe how to configure a host at the IP level.

• Network architectures (6 hours)Internet Structure: Autonomous Systems, ISPs, OTTs, IXPs, Subnets. Transport Network. Access Networks: Copper, Fiber, Radio Access. Cellular Networks. Satellite Networks. Data Centers.
  • Books: James F. Kurose, Keith W. Ross, “Computer networking: a top-down approach”, Pearson, 8th edition, 2020 [Cap. 1]oppure Andrew S. Tanenbaum, Nick Feamster, David J. Wetherall: "Computer Networks". Pearson, 6° edizione, 2021 [Cap. 1]. 


• Quality of Service (24 hours)Role and approaches for network performance evaluation. Service systems: definition and structure. Traffic process and its description. Renewal processes and inspection paradox. Performance metrics. Introduction to stochastic simulation of service systems: event-driven and time-stepped simulation. Generation of random variables. Scheduling: role, algorithms, application examples. Dispatching in data centers. Congestion control: reactive approach. Recap of TCP. Classical TCP cc algorithm (loss-based). Algorithmic variants (delay-based, network-assisted: AQM, ECN). DCTCP. Fluid approximation. Fluid model of TCP and DCTCP. Fairness and Network Utility Maximization (NUM). Interpretation of TCP as a distributed controller for solving the NUM problem. Strategic queuing: Naor model. Analysis of e2e packet delays in a network. Optimization of link capacities and optimization of routing. Braess paradox.
  • Books: Andrea Baiocchi: “Network Traffic Engineering – Stochastic models and applications”. Wiley, 2020 [Capp. 2, 3, 6, 8, 10]


• Communications security (30 hours)Introduction to communication security. Introduction to cryptography. Basic elements of number theory. Cryptographic primitives: symmetric key and public key message encryption and authentication. Introduction to cryptography based on elliptic curves. Hash functions. Generation of pseudo-random numbers. Identity authentication: classification, definitions. Person authentication: password. Zero-knowledge authentication. Undeniable signatures. Address-based authentication.  Cryptographic protocols: main characteristics and attacks. Authentication protocols: challenge-response, Needham-Schroeder. Authentication and key exchange protocols (establishment of a secure channel): authenticated Diffie-Hellman. Authentication based on strong password: Lamport hash, EKE, SRP. Secret sharing. IPSec and IKE.
  • Books: Charlie Kaufman, Radia Perlman, Mike Speciner, Ray Perlner: “Network Security: Private Communications in a Public World”. Addison-Wesley Professional, 3rd Edition, September 2022 [Capp. 1-6, 9-12]


• Network and security applications and lab (30 hours)Basic Network Configuration (IP addresses and static routes). Packet sniffing with Wireshark. Understanding ARP. Intra domain routing with OSPF. Emulating a Wide Area Network. Understanding TCP Congestion Control (HTCP, Cubic, Reno, BBR). Router Buffer size and Router’s Bufferbloat. Random Early Detection algorithm. Classifying TCP traffic using Hierarchical Token Bucket. Practical activities on Cryptographic Hashing and Symmetric Encryption. Hands on lab on Asymmetric Encryption: RSA, Digital Signatures, Diffie-Hellman. Public Key Infrastructure: Certificate Authority, Digital Certificate. Configuring a Stateful Packet Filter using iptables 
  • Books: Material available from the course web site (slides, simulation scripts, measured traffic data).