Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,
Advertisements

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
L0. Introduction Rocky K. C. Chang, January 2013.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Metadata Issues in a Cryptographic File System David Bindel IRAM/ISTORE/OceanStore Retreat.
Public Key Model 8. Cryptography part 2.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
COEN 351 E-Commerce Security Essentials of Cryptography.
Cryptography, Authentication and Digital Signatures
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Secure Operating System. Mandatory Protection Systems Problem of discretionary access control: untrusted processes can modify protection states Mandatory.
Chapter 7 Securing Commercial Operating Systems. Chapter Overview Retrofitting Security into a Commercial OS History of Retrofitting Commercial OS's Commercial.
Chapter 7: Cryptographic Systems
A Quick Tour of Cryptographic Primitives Anupam Datta CMU Fall A: Foundations of Security and Privacy.
Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Class 4 Asymmetric Cryptography and Trusting Internal Components CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Cryptography: Digital Signatures Message Digests Authentication
COEN 351 E-Commerce Security
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.
Ch 13 Trustworthiness Myungchul Kim
Private key
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Part 1  Cryptography 1 Integrity Part 1  Cryptography 2 Data Integrity  Integrity  detect unauthorized writing (i.e., modification of data)  Example:
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Key management issues in PGP
Computer Communication & Networks
Exam Review.
NET 311 Information Security
How to Mitigate the Consequences What are the Countermeasures?
Outline Using cryptography in networks IPSec SSL and TLS.
Lecture 10: Network Security.
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Introduction to Cryptography (1)
Presentation transcript:

Final Exam Review

Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Quiz Which one of the mitigations can be circumvented by the advanced version of stack overflow? A.Canary B. W^X C. ASLR 1.indirect jump 2.return into libc 3.ROP

Basic Cryptography Four primitives – Cryptographic hash – Symmetric encryption – Asymmetric encryption – Digital signature

Quiz Which property of cryptographic hash ensures that if password hash matches the one stored on the system, the password is the correct one? Which property of cryptographic hash ensures that the stored hash does not jeopardize the secrecy of passwords

Authentication Password-based authentication – How is authentication state stored – How is verification done – Attacks and mitigation

Quiz Adversary obtains authentication state from the system and conduct brute-force attacks. If the authentication state is salted, would the attack be more difficult than if it is not?

Authentication Protocol Challenge-response – Why need it? Example ones using the various cryptographic primitives – MAC – Encryption – Digital signature

Quiz Using symmetric encryption for authentication. Alice sends m to Bob, Bob encrypts m using shared key K and send it back to Alice, Alice decrypts it and send Bob the plaintext. Bob verifies that the plaintext is the same as m. – Can Alice authenticates to Bob using this?

UNIX Protection Basics File system protection Setuid

Quiz What is the security problem you can see? -rwsr-xrwx 1 simon fac Jul 30 20:08 getscore

Secure Operating System Mandatory Access Control – Complete Mediation: all security-sensitive ops – Tamperproof: untrusted processes cannot modify access enforcement system – Verifiable: small TCB

Concrete OS Examples SELinux – Only need to understand the basic protection concept. – Policy language not required Android – Basic security architecture – Security problems

Security Models Bell LaPadula (Secrecy) Biba (Integrity)

Trusted Infrastructure TPM – Root of trust for storage – Root of trust for reporting – Root of trust for measurement* Measured boot

DNS Security DNS poisoning problem – How the attack is carried out – Consequence of a successful attack DNSSEC – Basic concepts – How this will address the insecurity problem of DNS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.