Archive for the ‘homework’ Category

Lectures 22 and 23

November 24, 2009

In the past two lectures we have covered several examples of authentication/key-exchange protocols and attacks that can be carried out against them. This topic makes for great exam questions, so make sure you understand everything discussed in class.

Homework 4 is now available. The homework is intended to give you some practice in analyzing such protocols. Those of you who have a copy of the book may also want to look at all the questions at the ends of Chapters 9, 11, and 12.

Lectures 17 and 18

November 5, 2009

The last two lectures dealt with two types of input validation attacks: buffer overflows and SQL injection attacks.

The examples discussed in lecture 17 are posted on the syllabus along with the lecture slides.

As announced in class, HW3 is now out. On this homework you will use buffer overflow attacks to break 3 password authentication programs. I hope you find the homework fun!

HW2, part II

October 22, 2009

By now you should all have access to another team’s code that you can try to attack. If that is not the case, you should email the TA immediately.

Because of the delay in getting these to you, and due also to the midterm next week, I am going to move the deadline by 48 hours to Nov. 3, 11:59 PM.


October 2, 2009

Homework 2 is now out. Start early! Note also that this homework must be done in teams of 2 students. You can use the class forum if you need help finding a partner. (I believe there are an even number of students in the class, so it should be possible for everyone to pair up.)


September 16, 2009

Even though there is a forum for this class, no one seems to be using it. Since I got the same question from two students today, I figured I’d maintain a FAQ here. Questions about the HW can be posted here as well.

PS: For fastest response, email both me and the TA. That way whichever one of us reads your mail first will answer it.

Q1: How are we supposed to generate a DES key?
A1: I wanted you to generate the key yourself, rather than having the JCE do it all for you. Recall that a legal DES key is 64 bits long, but only 56 of this bits are random and the remaining bits are check-bits. I wanted you to generate a random DES key by (1) generating 56 random bits, and then (2) manually setting the check bits appropriately to get a legal 64-bit key. You can look at the DES specification to determine the proper format for a DES key. (For those of you who have the textbook, the information is also in there.)

Q2: How do we access the block ciphers? Are we supposed to implement them ourselves?
A2 (copied from the forum): The point of the HW was to implement the *modes*, assuming you have access to the cipher. Unfortunately, the JCE does not give direct access to the cipher; however, you can access, e.g., the DES cipher as described in the HW:

Cipher DEScipher = Cipher.getInstance(“DES/ECB/NoPadding”);

(and analogously for AES). Why does this give you access to the cipher? That’s what you are supposed to answer as part of the HW.