50.020 Security Schedule Spring 2016

Please note that all data on this page is tentative and subject to change.

Lectures (held in 1.605):

  • Monday, 11:30-1:00pm
  • Tuesday 3:00-4:30

Lab (LEETlab 1.612):

  • Thursday, 8:30-10:30am

Contact for Qisheng (TA): qisheng_huang@mymail.sutd.edu.sg

Midterm: March 3rd, 9am
Final: 28 Apr, 3-5pm

Topics for the term:
  1. Introduction (1.5h)

    • Administrative details
    • Classification of content
    • Introduction to security
  2. Encryption and One-time pads (1.5h+2h lab)

    • Substitution ciphers
    • Brute forcing of keys
    • Frequency analysis of character-based substitution, Frequency of letters in English
    • Representation of text as binary code, XORing with OTP
    • Lab part: get to know the lab
    • Re-use of OTP
  3. OTP, Randomness, Hash Functions (1.5h)

    • More background on randomness, oracles, differentiating
    • Why not always OTP?
    •  CRC
    • Introduction crypto hash functions
    • Properties required.
  4. Hash function applications and constructions, MACs (1.5h+2h lab)

    • Merkle-Damgard
    • MD5
    • NIST process
    • SHA-1
    • LAB: find collisions on weak hash schemes. build you own hash scheme.
  5. Number theory and Passwords (1.5h)

    • Brute forcing passwords vs keys
    • Entropy
    • Estimating entropy of passwords
    • Dictionary attacks
    • Hybrid attacks
  6. Web security (3h+2h lab)

    • Attack vectors on servers, in particular web pages
    • User authentication, consequences of incorrect login
    • User provided input: images, data etc.
    • SQL injection
    • Fuzzying
    • Countermeasures
    • SQL injection lab
  7. Malware (1.5h)

    • Classification of malware
    • Current situation: which attacks are most relevant?
    • Anti-virus programs
    • Self-encrypted malware, mutating malware
    • Malware toolkits
  8. Buffer overflows, return-oriented programming (1.5h)

    • (Re-)introduce stacks
    • Effects of large input on weak programs (language: C)
    • Shell-code, assembler
    • Mitigation: write or execute, canaries, other functions, stack randomization
    • Counter-Countermeasures
    • Quiz on background knowledge
  9. Operating system security (1.5h+2h lab)

    • File system security
    • Security Domains
    • Hierachical Privileges
  10. Block ciphers (1.5h)

    • Why block ciphers?
    • Basic construction of AES
    • Integrity
  11. Block cipher modes,  (1.5h+2h lab)

    • Problems with ECB
    • Key stream generation: OFB, CTR, CFB mode
    • Use as message authentication code
  12. Finite Fields, Number theory (1.5h)

    • Groups
    • Rings
    • Quotient rings
  13. Finite fields, Generators, Orders of elements, Safe primes (1.5h+2h lab)

  14. Group theory, Diffie-Hellman, Finite groups (1.5h)

  15. Asymmetric cryptography (1.5h+2h lab)

  16. Digital signatures, RSA (1.5h)

  17. Electronic cash, Zero-knowledge proofs, Bitcoin (1.5h+2h lab)

  18. Key establishment, Needham-Schroeder protocol, X.509 (1.5h)

  19. SPKI, SDSI, (3h+2h lab)

  20. TPM and Trusting Trust(3h+2h lab)