Below the materials for the first lectures; this page will be updated with additional materials during the course (this directory contains the currently available documents). A preview version of the slides is available (in a subdirectory.
Book Security Engineering (First edition)
Chapter 1,
Topic: General introductory text
A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs, Topic: Security requirement engineering
A metric framework to drive application security improvement, Topic: Measuring security - web page scoring
Book Security Engineering (First edition).
Chapter 5, Topic: overview cryptography
Handbook of applied cryptography,
Topic: more technical treatment of cryptography
Chapter 1, Topic: overview
Chapter 7, section 1-4: (able to understand the notions but no need
to know the definitions by heart for the notions not covered in class/lecture
notes), Topic: block ciphers
Chapter 8, section 1, remainder of Chapter 8: able to understand working of
algorithms (such as 8.2.1) (but no need to know their definitions by heart),
Topic: public-key cryptography
Lecture notes and slides on Malware
Book Security Engineering (First edition).
Chapter 18, Topic: Network Attack and Defense
Lecture notes and slides on Certificates and Trust
Book Security Engineering (First edition).
Section 5.6, Topic: hash functions.
Handbook of applied cryptography,
Chapter 9, section 1-3, Topic: hash functions.
MD5 considered harmful today. Creating a rogue CA certificate. (video of the presentation of this work)
Topic: turning MD5 hash weakness into a practical attack.
RT: A Role-based Trust-management Framework
Lecture notes and slides on Access Control, DRM and Watermarking
Book Security Engineering (First edition)
Chapter 4. Topic: Access Control
Chapter 7. Topic: multilevel security
Chapter 8. Topic: Multilateral Security.
Chapter 20. Topic: Copyrights and Privacy Protection
Digital Watermarking scheme
Main ideas only (e.g. what is a spread spectrum, collusion attack).
Tardos fingerprinting is better than we thought
Sections 1 and 2.
Patent on Digital Watermarking
Main ideas of watermarking; what does a patent look like.
Lecture notes and slides on Authentication
Book Security Engineering (First edition)
Chapter 3 on passwords
Chapter 13 on biometrics
Chapter 14 on Physical Tamper Resistance
Handbook of applied cryptography
Chapter 10 sections 1 through 3 on authentication.
Practical Biometric Authentication with
Template Protection
Upto (including) sections 2.2, for the remainder just the general principles.
Introduction to differential power analysis and related attacks
Lecture notes and slides on Security Protocols
Security
Protocol Open Repository (Spore)
Be able to understand protocols and attacks, no need to know the protocols themselves.
Original Paper by Lowe
on Needham-Schroeder
Be able to understand protocol description and attack, no need to know/understand details of the formal model used.
Lecture notes and slides on Privacy and Anonymity
Book Security Engineering (First edition)
Section 20.4 on Privacy Protection.
Privacy Policies(P3P, E-P3P, and audit logic) (Alternate link)
t-Closeness: Privacy Beyond k-Anonymity and l-Diversity (2007)
Zero knowledge proofs; introduction, Actual system(s)
Handbook of applied cryptography
Chapter 10 section 4 on zero knowledge proofs.
Short
answers to the example exam,
Slides with short answers
to some of the LN exercises.
Remember to disconnect your machine from the network before starting WebGoat; your machine is very vulnerable while WebGoat is active!
Background, exercises and solutions for the second lab session. Also contains an overview of the WebGoat topics that will be addressed in the lab sessions.
Background, exercises and solutions for the third lab session. SQL injection and XSS in WebGoat and against an example website.
Exercise with solution and challenge description.
Material directory (for the hint images)
Perl Script to hash a password
Perl Script to test a password guess (with a specific salt)
Material directory (for the hashed password file)