Week 12: Security Part II

Lecture 21: Authentication and Passwords

Lecture 21 Outline

1. Introduction
2. Authentication via Passwords
3. Implementing Passwords
4. Session Cookies
5. Phishing
6. Bootstrapping/Resetting
7. Password Alternatives

• Detailed Outline

Lecture Slides

• Lecture 21 Slides: Authentication and Passwords (PDF)

Reading

• Book section 11.2

Recitation 21: Why Cryptosystems Fail

• Read "Why Cryptosystems Fail (PDF)" by R. Anderson
• Why Cryptosystems Fail Assignment

Lecture 22: Secure Channels

Lecture 22 Outline

1. Today's Threat Model
2. Secure Channel Primitives
3. Secure Channel Abstraction
4. Key Exchange
5. Cryptographic Signatures for Message Authentication
6. Key Distribution
7. TLS: A Protocol That Does All of This
8. Discussion

• Detailed Outline

Lecture Slides

• Lecture 22 Slides: Secure Channels (PDF)

Reading

• Book sections 11.3, 11.4, and 11.5

Recitation 22: Domain Name System Security Extensions (DNSSEC)

• Read "Security vulnerabilities in DNS and DNSSEC (PDF)" by S. Ariyapperuma & C. Mitchell
• DNSSEC Assignment

Tutorial 12: Final Design Project Report

Having now had two rounds of feedback on your design, you're working on your final report. Unlike the proposal document, the report should contain enough detail that it could feasibly be turned over to Facilities for implementation. It should also contain an evaluation of your design. See the Design Project section for detailed information.