Archive for the ‘lectures’ Category

Lectures 22 and 23

November 24, 2009

In the past two lectures we have covered several examples of authentication/key-exchange protocols and attacks that can be carried out against them. This topic makes for great exam questions, so make sure you understand everything discussed in class.

Homework 4 is now available. The homework is intended to give you some practice in analyzing such protocols. Those of you who have a copy of the book may also want to look at all the questions at the ends of Chapters 9, 11, and 12.

Lecture 20 and 21

November 16, 2009

We have begun talking about network security, starting with a focus on authentication mechanisms (passwords, keys, biometrics, hardware tokens, …) and protocols.

After we finish discussion the principles underlying the design of such protocols, we will see some real-world examples.

Lecture 19

November 16, 2009

Haven’t posted here in a while…

Lecture 19 covered typical web security vulnerabilities, most prominently cross-site scripting (XSS) attacks and cross-site request forgery (CSRF) attacks.

Lectures 17 and 18

November 5, 2009

The last two lectures dealt with two types of input validation attacks: buffer overflows and SQL injection attacks.

The examples discussed in lecture 17 are posted on the syllabus along with the lecture slides.

As announced in class, HW3 is now out. On this homework you will use buffer overflow attacks to break 3 password authentication programs. I hope you find the homework fun!

Lecture 15

October 21, 2009

This lecture covered database privacy. I hope you enjoyed the lecture — I find this material endlessly interesting since the attacks can be so subtle. It is quite amazing to me that database privacy has been formalized only recently (as I will discuss in class on Nov. 2).

Next Monday there will be a guest lecturer — Paul Syverson will be speaking about Tor, a real-world anonymous network. It promises to be a great lecture! (And in case that doesn’t convince you to come, any material covered is fair game for the final…)

Next Wednesday is the midterm, which will cover all the material through today’s lecture. I will post a review sheet by the end of the week.

Lectures 13-14

October 20, 2009

The past two lectures have focused primarily on access control. We reviewed different mechanisms for ensuring access control (e.g., access control matrices, access control lists, and capablities), following by different policies for access control (discretionary AC, several varieties of mandatory AC, and role-based AC).

We wrapped up the module on system security with a brief discussion of code-based access control and trusted computing.

Lecture 12

October 12, 2009

We wrapped up our discussion of ‘circumventing crypto’ with a brief mention of timing/power attacks. For further information about the original attacks, plus suggested countermeasures, see the website of the company Cryptography Research (founded by Paul Kocher, the one who first published the idea of power attacks).

After this, we began our module on systems security by giving an overview and discussing general principles.

In class I also announced that the midterm will be on Oct. 28, covering material through the class on Oct. 21.

PS: In class I mistakenly said that the Saltzer-Schroeder was required reading. While the material we covered in class is, as always, fair game, you are not required to read the article.

Lecture 11

October 7, 2009

In this lecture we continued our discussion of “crypto pitfalls”, focusing on several case studies that I hope you found interesting. As examples of bad crypto, we covered the flaws in WEP and the gross mistakes in the Diebold e-voting system. We also highlighted the recent attack on SSH as an example of where even the best crypto can potentially be “broken” when the system does not match the ideal model in which security is proved.

At the end of class, we looked at the recent “cold boot” attacks that demonstrate how crypto is worthless if the adversary can extract the keys.

I was planning on covering timing/power attacks in today’s lecture, but will pick up with this next time. Then we will move on the a few lectures on “system security”.

I’d love to hear people’s reactions to the articles, once you have read them.

Lecture 10

October 5, 2009

In today’s lecture we continued to cover “crypto pitfalls”, and also began discussing some case studies from the paper “Why Cryptosystems Fail” (linked from the course website).

Several students raised some interesting points in class, and I hope those students will provide pointers to the examples they mentioned.

Lecture 9

September 30, 2009

Today we covered public-key encryption schemes secure against chosen-ciphertext attacks as well as digital signature schemes. This concludes our discussion of the low-level details of cryptography, though we will continue to see applications of cryptography throughout the rest of the course.

At the end of today’s lecture I mentioned some ‘pitfalls’ that can arise when using cryptography. In the next 1-2 lectures we will see some case studies of things that can go wrong. Please try to read the essays/papers assigned to today’s lecture and next Monday’s lecture in time for Monday’s class. I will also post papers for next Wednesday’s lecture. (One is already there.) These papers are required reading for the midterm exam.