Archive for November, 2009

Lectures 22 and 23

November 24, 2009

In the past two lectures we have covered several examples of authentication/key-exchange protocols and attacks that can be carried out against them. This topic makes for great exam questions, so make sure you understand everything discussed in class.

Homework 4 is now available. The homework is intended to give you some practice in analyzing such protocols. Those of you who have a copy of the book may also want to look at all the questions at the ends of Chapters 9, 11, and 12.

Lecture 20 and 21

November 16, 2009

We have begun talking about network security, starting with a focus on authentication mechanisms (passwords, keys, biometrics, hardware tokens, …) and protocols.

After we finish discussion the principles underlying the design of such protocols, we will see some real-world examples.

Lecture 19

November 16, 2009

Haven’t posted here in a while…

Lecture 19 covered typical web security vulnerabilities, most prominently cross-site scripting (XSS) attacks and cross-site request forgery (CSRF) attacks.

Lectures 17 and 18

November 5, 2009

The last two lectures dealt with two types of input validation attacks: buffer overflows and SQL injection attacks.

The examples discussed in lecture 17 are posted on the syllabus along with the lecture slides.

As announced in class, HW3 is now out. On this homework you will use buffer overflow attacks to break 3 password authentication programs. I hope you find the homework fun!