April 2008, Tu (Lecture 19): We started our discussion on SSL. We covered the
basic handshake protocol, resuming a session, server authentication, and separating
the signing and the encryption key.
April 2008, Th (Lecture 20): We finished our discussion on SSL (essentially covering
client authentication). We finished a timing attack on SSL by Brumley and Boneh (slides
for this were handed out).
Tuesday, April 29, 2008
Week 13
April 15, 2008, Tu (Lecture 18): In this lecture we describe various types of malicious
code (such as worms and Trojans). We also covered two types of exploits (buffer overrun
and format string). Slides for this lecture can be found here.
April 17, 2008, Th: No lecture on this day. Instructor had a sore throat.
code (such as worms and Trojans). We also covered two types of exploits (buffer overrun
and format string). Slides for this lecture can be found here.
April 17, 2008, Th: No lecture on this day. Instructor had a sore throat.
Tuesday, April 22, 2008
Week 12
Apr 08, Tu, 2008 (Lecture 16): Anuj Desai from the law school gave a guest lecture
on cyberlaw, which I gather was a big success. Here are some additional comments
from Anuj about additional material.
--------Anuj's comments---------------------------------------------------------------
The best general treatment aimed at nonlawyers that I've read is Jessica Litman, Digital Copyright (2001). Larry Lessig's two books, Code (now called Code V.2) and The Future of Ideas are also good. In my view, Code (even v.2) is far better, but The Future of Ideas has a bit more on copyright. There's another recent book, Tarleton Gillespie, Wired Shut: Copyright and the Shape of Digital Culture (2007), that has got some good reviews, but I haven't read it yet. For people who are really interested in copyright itself (as opposed to just how copyright intersects with computer technology), Paul Goldstein, Copyright's Highway is excellent - easy to read and understand.
If students would like to take my Cyberlaw class this fall, they'd be most welcome. It's T/Th from 1 to 2:15 p.m. in Helen C. White 4208. For grad students, they take LIS 663 and should go through Andrea Poehling in the SLIS main office. For undergrads, they take Legal Studies 663 and should contact Irene Katele in the Legal Studies office.
---------------------------------------------------------------------------------------------
Apr 10, Th, 2008 (Lecture 17): This was a lecture on network-based attacks, such as
port scanning, OS fingerprinting, and denial-of-service (DOS) attacks. The slides can
be found here.
on cyberlaw, which I gather was a big success. Here are some additional comments
from Anuj about additional material.
--------Anuj's comments---------------------------------------------------------------
The best general treatment aimed at nonlawyers that I've read is Jessica Litman, Digital Copyright (2001). Larry Lessig's two books, Code (now called Code V.2) and The Future of Ideas are also good. In my view, Code (even v.2) is far better, but The Future of Ideas has a bit more on copyright. There's another recent book, Tarleton Gillespie, Wired Shut: Copyright and the Shape of Digital Culture (2007), that has got some good reviews, but I haven't read it yet. For people who are really interested in copyright itself (as opposed to just how copyright intersects with computer technology), Paul Goldstein, Copyright's Highway is excellent - easy to read and understand.
If students would like to take my Cyberlaw class this fall, they'd be most welcome. It's T/Th from 1 to 2:15 p.m. in Helen C. White 4208. For grad students, they take LIS 663 and should go through Andrea Poehling in the SLIS main office. For undergrads, they take Legal Studies 663 and should contact Irene Katele in the Legal Studies office.
---------------------------------------------------------------------------------------------
Apr 10, Th, 2008 (Lecture 17): This was a lecture on network-based attacks, such as
port scanning, OS fingerprinting, and denial-of-service (DOS) attacks. The slides can
be found here.
Monday, April 21, 2008
Week 11
Apr 01, Tu, 2008 (Lecture 14): We finished our discussion on Kerberos (our focus was on
use of authenticators to address replay attacks and inter-realm authentication). We discussed
X.509, a standard for signed certificates. We also covered the idea of "chain of certificates" when
there isn't a trust relationship between the two entities. We also covered the authentication
protocols associated with X.509
Apr 03, Th, 2008 (Lecture 15): This lecture was on firewalls and was delivered by our
guest lecturer David Parter. Slides can found here.
use of authenticators to address replay attacks and inter-realm authentication). We discussed
X.509, a standard for signed certificates. We also covered the idea of "chain of certificates" when
there isn't a trust relationship between the two entities. We also covered the authentication
protocols associated with X.509
Apr 03, Th, 2008 (Lecture 15): This lecture was on firewalls and was delivered by our
guest lecturer David Parter. Slides can found here.
Week 10
Mar 25, Tu, 2008 (Lecture 12): We started discussing authentication protocols, which
are of two types (one using symmetric key and other using public key cryptography). We covered the Needham-Schroeder and the Denning protocol. We also discussed one-way
authentication protocols, which is useful for applications such as email.
Mar 27, Th, 2008 (Lecture 13): We started discussing Kerberos, a widely used distributed
authentication protocol. We discussed the protocol in versions, each version adding a feature
to address attacks in the previous version. Please read the discussion of Kerberos in
the book.
are of two types (one using symmetric key and other using public key cryptography). We covered the Needham-Schroeder and the Denning protocol. We also discussed one-way
authentication protocols, which is useful for applications such as email.
Mar 27, Th, 2008 (Lecture 13): We started discussing Kerberos, a widely used distributed
authentication protocol. We discussed the protocol in versions, each version adding a feature
to address attacks in the previous version. Please read the discussion of Kerberos in
the book.
Friday, April 18, 2008
Week 9
Mar 18 (Tu) and Mar 20 (Th) we did not have a class. This was the spring recess for
the university.
the university.
Week 8
Mar 11, Tu (Lecture 12): We discussed some of the problems from the midterm and
covered an extra credit problem from HW 2. We covered the digital signature algorithm (DSA) in great detail. We discussed various types of attacks on a digital signature algorithm.
We started our discussion on authentication protocols.
Mar 13, Th: Due to the impending break, there were a lot of requests to not have the class.
The instructor obliged and there was no lecture on this day.
covered an extra credit problem from HW 2. We covered the digital signature algorithm (DSA) in great detail. We discussed various types of attacks on a digital signature algorithm.
We started our discussion on authentication protocols.
Mar 13, Th: Due to the impending break, there were a lot of requests to not have the class.
The instructor obliged and there was no lecture on this day.
Week 7
March 04, Tu, (Lecture 10): We discussed the specific hash function SHA-1, which
produces a 160-bit digest. We covered SHA-1 with analogy with MD-5. We also
discussed an attack on hash functions that is based on the birthday paradox.
March 07, Th (Lecture 11): We started discussing MACs. We covered a "nested
hash function" called HMAC and briefly discussed the security of this scheme.
We covered some topics to review for the midterm.
produces a 160-bit digest. We covered SHA-1 with analogy with MD-5. We also
discussed an attack on hash functions that is based on the birthday paradox.
March 07, Th (Lecture 11): We started discussing MACs. We covered a "nested
hash function" called HMAC and briefly discussed the security of this scheme.
We covered some topics to review for the midterm.
Subscribe to:
Comments (Atom)