Internet security relies upon a few classes of protocols, the most employed being those in the SSL/TLS family for web security, and those in the IPsec family for network layer security. The design and improvement of such protocols required several years and revisions. In this process, many subtle design flaws indeed emerged and required corrections; indeed, the lesson learned is that the network security protocols' robustness, viability, and adaptability to evolving services and needs goes way beyond the security of the underlying cryptographic algorithms employed. Goal of the course is to provide a thorough understanding of the principles behind the design of an effective network security protocol. This will be accomplished by starting from a careful and detailed analysis of an existing and widely employed protocol (TLS), by explaining the rationale for most design choices and needed revisions, and by discussing and motivating the similarities and differences with other protocol families at different layers (most notably IPsec/IKE). Meanwhile, students will also be introduced to detailed technical issues, including authentication and authorization, key management, ciphersuite secure negotiation, cryptographic key derivation, message integrity, certificate management, protection against common attacks (man in the middle, truncation attacks, replay attacks, downgrade attacks, expansion attacks to authentication codes, etc) which are expected to be of more general interest and applicability in many other contexts outside the Internet security case (as concrete examples made during the lectures will show).