CS 683: Computer Security and Privacy
Topics
- Network 101 and Packet Sniffing
Readings: NSE Appendix D
Background on TCP/IP and Internet structure:
slides
- Passwords
Readings: NSE 11.3
slides
XKCD on Password Strength
Rainbow Tables
- CAPTCHA
slides
- Cookies
Readings:
Dos and don'ts of client authentication on the web
slides
- Secure Hash Functions
Readings: NSE 3.2
slides
- Public Key Encryption
Readings: NSE 3.4~3.5
Diffie-Hellman
slides
XKCD on Security
- Public-Key Infrastructure and PGP
Readings: NSE 3.1,4.5~4.6,8.5
Slides
- Symmetric Key Encryption
Readings: NSE 2.1~2.2, 2.5, 3.1, 3.3
slides (we only use pages 4-29, but feel free to use the rest as reference material)
- Stream Cipher
Readings: NSE 2.3~2.4
slides
ChaCha
- Replay attack
slides
- SSL/TLS
Readings: NSE 6.1~6.5
Slides
Full history of attacks on TLS
SSLStrip (2009), another explanation
Latest MITM Attack Underscores the Need for Always-On SSL (2011) - always use https
BEAST (2011) - use RC4?
RC4 attacks (2013) - use AES
POODLE but not SSLv3! (2014)
HEARTBLEED (2014) - patch openSSL!!
FREAK 512-bit keys in RSA, DH are not secure (2015)
- Spam filtering
Readings: NSE 8.1~8.3
Readings: Graham, A plan for spam
Graham, Better Bayesian Filtering
Google, Spam Explained
SpamHaus
Slides
- Midterm Review
List of topics
- Bitcoin
How a Bitcoin transaction works
Exahash
Slides from Prof. Freedman under Creative Commons license
A Bitcoin Believer's Crisis of Faith
The great cryptocurrency heist
- SQL injection
Oracle SQL Injection Tutorial
slides
XKCD: Exploits of a Mom
- Intrusion Detection, Denial of Service attack
Readings: NSE 11.1~11.2, 10.10
Intrusion Detection by Russ Spitler at AlienVault
Information Security at USF: threats(attacks), vulnerabilities, countermeatures, risk by Nick Recchia from USF ITS
DoS slides
Digital Attack Map
Comcast using TCP RST packet
- Malicious Software
Readings: NSE 10.1~10.9
- Wireless Security
Readings: NSE 7.1~7.2
Time for action cracking WEP from BackTrack 5 Wireless Penetration Testing.
Slides
- TOR
Tor Project website
Mixer slides
Details on TOR
- IPSec
Readings: NSE 8.1~8.8
Textbook slides are in Canvas.
IPSec slides
IKE slides
- Cross-Site Scripting
Same Origin Policy
Noxes: a client-side solution for mitigating cross-site scripting attacks
Prof. Shmatikov's slides
Cross-Site Scripting Explained
- Firewalls
Readings: NSE 12.1~12.5
Slides in Canvas.
- Buffer Overflow Exploits
slides
- Final exam review survey