50.020 Security Schedule Spring 2017

Please note that all data on this page is tentative and subject to change.

Lectures (held in CC10 / 2.308):

  • Monday, 1:30-3:00 pm
  • Tuesday 3:00-4:30

Lab (LEETlab 1.612):

  • Thursday, 8:30-10:30 am

Contact for Daniele (TA): daniele_antonioli@sutd.edu.sg

Midterm: March 1st, 2:00-3:30 pm
Final: 28 Apr, 9:00-11:00 am

Topics for the term:
  1. Introduction (1.5h)

    • Administrative details
    • Classification of content
    • Introduction to security
  2. Encryption and One-time pads (1.5h+2h lab)

    • Substitution ciphers
    • Brute forcing of keys
    • Frequency analysis of character-based substitution, Frequency of letters in English
    • Representation of text as binary code, XORing with OTP
    • Lab part: get to know the lab
    • Re-use of OTP
  3. OTP, Randomness, Hash Functions (1.5h)

    • More background on randomness, oracles, differentiating
    • Why not always OTP?
    • CRC
    • Introduction crypto hash functions
    • Properties required.
  4. Hash function applications and constructions, MACs (1.5h+2h lab)

    • Merkle-Damgard
    • MD5
    • NIST process
    • SHA-1
    • LAB: find collisions on weak hash schemes. build you own hash scheme.
  5. Number theory and Passwords (1.5h)

    • Brute forcing passwords vs keys
    • Entropy
    • Estimating entropy of passwords
    • Dictionary attacks
    • Hybrid attacks
  6. Web security (3h+2h lab)

    • Attack vectors on servers, in particular web pages
    • User authentication, consequences of incorrect login
    • User provided input: images, data etc.
    • SQL injection
    • Fuzzying
    • Countermeasures
    • SQL injection lab
  7. Malware (1.5h)

    • Classification of malware
    • Current situation: which attacks are most relevant?
    • Anti-virus programs
    • Self-encrypted malware, mutating malware
    • Malware toolkits
  8. Buffer overflows, return-oriented programming (1.5h)

    • (Re-)introduce stacks
    • Effects of large input on weak programs (language: C)
    • Shell-code, assembler
    • Mitigation: write or execute, canaries, other functions, stack randomization
    • Counter-Countermeasures
    • Quiz on background knowledge
  9. Operating system security (1.5h+2h lab)

    • File system security
    • Security Domains
    • Hierachical Privileges
  10. Block ciphers (1.5h)

    • Why block ciphers?
    • Basic construction of AES
    • Integrity
  11. Block cipher modes, (1.5h+2h lab)

    • Problems with ECB
    • Key stream generation: OFB, CTR, CFB mode
    • Use as message authentication code
  12. Finite Fields, Number theory (1.5h)

    • Groups
    • Rings
    • Quotient rings
  13. Finite fields, Generators, Orders of elements, Safe primes (1.5h+2h lab)

  14. Group theory, Diffie-Hellman, Finite groups (1.5h)

  15. Asymmetric cryptography (1.5h+2h lab)

  16. Digital signatures, RSA (1.5h)

  17. Electronic cash, Zero-knowledge proofs, Bitcoin (1.5h+2h lab)

  18. Key establishment, Needham-Schroeder protocol, X.509 (1.5h)

  19. SPKI, SDSI, (3h+2h lab)

  20. TPM and Trusting Trust(3h+2h lab)