Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer security: certification Frans Kaashoek 6.033 Spring 2007.

Published byMoses Edwards Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer security: certification Frans Kaashoek 6.033 Spring 2007."— Presentation transcript:

1 Computer security: certification Frans Kaashoek 6.033 Spring 2007

2 How confidential is traffic in this lecture room? sudo tcpdump -s 0 -Ai en1 –Complete trace of all packets on wirelessc3d4 c3d4 a1b2 0002 0004 0000 0000 –You shouldn’t do this Example: 13:57:53.794429 IP 18.188.69.36.mdns > 224.0.0.251.mdns: 0 [4a] [4q] SRV? Ben’s music._daap._tcp.local. TXT? Ben’s music._daap._tcp.local. A? ben-powerbook-g4- 15.local. AAAA? ben-powerbook-g4-15.local. (367)

3 Example Data inside packet GET /tracking/tracking.cgi?tracknum=1Z1836810375022812 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shock wave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application /msword, */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;.NET CLR 1.1.4322; InfoPath.1) Host: wwwapps.ups.com Connection: Keep-Alive

4 URLs are visible in Referer and in the GET command

5 Auxiliary Material for Lecture

6 Research into Video Streaming for DP2?

7 GMail is not encrypted by default Passed in the clear: –Contacts lists –GCalendar events GZipped text –Inbox entries –Mail messages ["112677a23fed4887",0,0,"12:58 pm","\u003cspan id\u003d\"_upro_rms@ gnu.org\"\>Richard Stallman\u003c/span\>"," ","[csail- related] Thwart big brother--trade charlie cards. 13:45 Tuesday at rm 381","I have a charlie card with zero value currently stored on on it which I used for a couple of …",[],"","112677a23fed4887",0,"Mon May 7 2007_12:58 PM",0,"",0,0,1] Hint: Change the GMail URL to https:// !

8 IChat is Plaintext strings log.dump | grep ichatballoon | cut -d\> -f 4- A: it's just better not to reveal personal information B: why? A: I dunno, identity theft and stuff B: oh, okay A: maybe I just won't worry about it

9

10 Authentication logic (p 11-83) 1. Delegation of authority: –If A says (B speaks for A)  B speaks for A 2. Use of delegated authority: –If B speaks for A and B says (A says X)  A says X 3. Chaining of delegation –If B speaks for A and A speaks for C  B speaks for C

11 Example 0. {A: M} KApriv if verify(..., K Apub ) accepts then: 1.K Apriv says A says M if K Apriv speaks for K Apub, apply rule 3: 2.K Apub says A says M if K Apub speaks for A, apply rule 2: 3.A says M does K Apub speak for A?

12 1. {K Apub speaks for A} KMITpriv if verifies with K MITpub 2. K MITpriv says K Apub speaks for A if K MITpriv speaks for K MITpub 3. K MITpub says K Apub speaks for A if K MITpub speaks for MIT 4. MIT says K Apub speaks for A if MIT speaks for A 5. K Apub speaks for A

Download ppt "Computer security: certification Frans Kaashoek 6.033 Spring 2007."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
DEV034 -Web Applications, Introduction

DEV034 -Web Applications, Introduction
State of Connecticut Department of Information Technology Single Sign On and The Identity Vault Presented by Edward Wilson.

State of Connecticut Department of Information Technology Single Sign On and The Identity Vault Presented by Edward Wilson.
School of Computer and Security Science Edith Cowan University Hooray for Reading The Kindle and You Peter Hannay

School of Computer and Security Science Edith Cowan University Hooray for Reading The Kindle and You Peter Hannay
Introduction to the Internet September 7, 2005 Lecture 1.

Introduction to the Internet September 7, 2005 Lecture 1.
Skills: none Concepts: protocol, hypertext transfer protocol, standard This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike.

Skills: none Concepts: protocol, hypertext transfer protocol, standard This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike.
The Information School of the University of Washington Oct university of washington1 Networking INFO/CSE 100, Fall 2006 Fluency in Information.

The Information School of the University of Washington Oct university of washington1 Networking INFO/CSE 100, Fall 2006 Fluency in Information.
Embracing the chaos mark lorenc

Embracing the chaos mark lorenc
Lecture 7, 20-755: The Internet, Summer 1999 1 20-755: The Internet Lecture 7: Web Services I David O’Hallaron School of Computer Science and Department.

Lecture 7, : The Internet, Summer : The Internet Lecture 7: Web Services I David O’Hallaron School of Computer Science and Department.
1 HTTP and some other odds and ends Nelson Padua-Perez Bill Pugh Department of Computer Science University of Maryland, College Park.

1 HTTP and some other odds and ends Nelson Padua-Perez Bill Pugh Department of Computer Science University of Maryland, College Park.
1 HTTP – HyperText Transfer Protocol Part 1. 2 Common Protocols In order for two remote machines to “ understand ” each other they should –‘‘ speak the.

1 HTTP – HyperText Transfer Protocol Part 1. 2 Common Protocols In order for two remote machines to “ understand ” each other they should –‘‘ speak the.
CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.

CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.
CSE 190: Internet Commerce Lecture 4: Web Servers.

CSE 190: Internet Commerce Lecture 4: Web Servers.
Programming Project #3CS-4513, D-Term 20071 Programming Project #3 Simple Web Server CS-4513 D-Term 2007 (Slides include materials from Operating System.

Programming Project #3CS-4513, D-Term Programming Project #3 Simple Web Server CS-4513 D-Term 2007 (Slides include materials from Operating System.
The Information School of the University of Washington Oct university of washington1 Hypertext Markup Language INFO/CSE 100, Fall 2006 Fluency.

The Information School of the University of Washington Oct university of washington1 Hypertext Markup Language INFO/CSE 100, Fall 2006 Fluency.
HTTP over SSL RFC 2818 RFC 2817.

HTTP over SSL RFC 2818 RFC 2817.
1 Web Search Interfaces. 2 Web Search Interface Web search engines of course need a web-based interface. Search page must accept a query string and submit.

1 Web Search Interfaces. 2 Web Search Interface Web search engines of course need a web-based interface. Search page must accept a query string and submit.
Outcomes Know what are CGI Environment Variables Know how to use environment variables How to process A simple Query Form Able to use URL Encoding rules.

Outcomes Know what are CGI Environment Variables Know how to use environment variables How to process A simple Query Form Able to use URL Encoding rules.
CS 142 Lecture Notes: HTTPSlide 1 HTTP Request GET /index.html HTTP/1.1 Host: User-Agent: Mozilla/5.0 Accept: text/html, */* Accept-Language:

CS 142 Lecture Notes: HTTPSlide 1 HTTP Request GET /index.html HTTP/1.1 Host: User-Agent: Mozilla/5.0 Accept: text/html, */* Accept-Language:
CSC 2720 Building Web Applications Servlet – Getting and Setting HTTP Headers.

CSC 2720 Building Web Applications Servlet – Getting and Setting HTTP Headers.

Similar presentations

Ads by Google