CS 683: Computer Security and Privacy

Topics

• Network 101 and Packet Sniffing Readings: NSE Appendix D
  Background on TCP/IP and Internet structure:
  • Subnetwork.
  • Overview of TCP/IP and the Internet Gary Kessler.
  • A Technical Overview of TCP/IP IBM Redbooks
  • Another free guide to TCP/IP
slides



• Passwords
  Readings: NSE 11.3
  slides
  XKCD on Password Strength Rainbow Tables
  
  
  
• CAPTCHA
  slides
  
  
  
• Cookies
  Readings:
  Dos and don'ts of client authentication on the web
  slides
  
  
  
• Secure Hash Functions
Readings: NSE 3.2
slides



• Public Key Encryption
Readings: NSE 3.4~3.5
Diffie-Hellman
slides
XKCD on Security


• Public-Key Infrastructure and PGP
Readings: NSE 3.1,4.5~4.6,8.5
Slides



• Symmetric Key Encryption
Readings: NSE 2.1~2.2, 2.5, 3.1, 3.3
slides (we only use pages 4-29, but feel free to use the rest as reference material)



• Stream Cipher
Readings: NSE 2.3~2.4
slides
ChaCha



• Replay attack
slides



• SSL/TLS
  Readings: NSE 6.1~6.5
  Slides
  Full history of attacks on TLS
  SSLStrip (2009), another explanation
  Latest MITM Attack Underscores the Need for Always-On SSL (2011) - always use https
  BEAST (2011) - use RC4?
  RC4 attacks (2013) - use AES
  POODLE but not SSLv3! (2014) HEARTBLEED (2014) - patch openSSL!! FREAK 512-bit keys in RSA, DH are not secure (2015)
  • Factoring as a Service
  
  
  
• Spam filtering
  Readings: NSE 8.1~8.3
  Readings: Graham, A plan for spam
  Graham, Better Bayesian Filtering
  Google, Spam Explained
  SpamHaus
  Slides
  
  
  
• Midterm Review
List of topics



• Bitcoin
  How a Bitcoin transaction works
  Exahash
  Slides from Prof. Freedman under Creative Commons license
  A Bitcoin Believer's Crisis of Faith
  The great cryptocurrency heist
  


• SQL injection
  Oracle SQL Injection Tutorial
  slides
  XKCD: Exploits of a Mom
  
  
• Intrusion Detection, Denial of Service attack
  Readings: NSE 11.1~11.2, 10.10
  Intrusion Detection by Russ Spitler at AlienVault
  Information Security at USF: threats(attacks), vulnerabilities, countermeatures, risk by Nick Recchia from USF ITS
  DoS slides
  Digital Attack Map
  Comcast using TCP RST packet
  
  
• Malicious Software
  Readings: NSE 10.1~10.9
  
  
  
• Wireless Security
  Readings: NSE 7.1~7.2
  Time for action cracking WEP from BackTrack 5 Wireless Penetration Testing.
  Slides
  
  
  
• TOR
  Tor Project website
  Mixer slides
  Details on TOR
  
  
  
• IPSec
  Readings: NSE 8.1~8.8
  Textbook slides are in Canvas.
  IPSec slides
  IKE slides
  
  
  
• Cross-Site Scripting
  Same Origin Policy
  Noxes: a client-side solution for mitigating cross-site scripting attacks
  Prof. Shmatikov's slides
  Cross-Site Scripting Explained
  
  
  
• Firewalls
  Readings: NSE 12.1~12.5
  Slides in Canvas.
  
  
  
• Buffer Overflow Exploits
  slides
  
  
  
• Final exam review survey