Recent Changes - Search:

Instructor

  • who: Michael Swift
  • where: Room 7369
  • when: Monday 11-12, Thursday 1:30-2:30
  • email: swift 'at' cs.wisc.edu
  • TAs

Lecture:

HomePage

Resources

edit SideBar

Lectures /

Midterm2Review

  1. Encryption
    1. One-time pads are NOT on the exam
    2. Block ciphers
      1. Modes of operation
        1. Electronic code book (ECB)
        2. Cypher-block chaining (CBC)
        3. Counter mode
    3. Message authentication codes
      1. Basis on hash functions
      2. HMAC
      3. Encrypt-then-MAC, MAC-then-encrypt, MAC-and-encrypt
    4. Password-based encryption
      1. Password-based key derivation (PBKDF) with salt
      2. Slowing down brute-force attacks
    5. Asymmetric Encryption
      1. Trapdoor function idea
      2. RSA
        1. Basis on factoring prime numbers & modular arithmetic
        2. Public key: N = P*Q, private/secret key = D, E = constant
      3. PKCS RSA encryption
      4. Hybrid encryption: mix asymmetric + symmetric encryption
    6. Digital signatures
      1. Encrypting with secret key
    7. TLS handshake
      1. Sequence of messages
    8. Certificate authorities and chains
      1. Certificate idea: signed data structure with key, name
      2. Certificate authorities as roots of trust
      3. Where clients get public keys for certificate authorities
      4. Chains of certificates from root CA through multiple certificates
      5. What does a certificate prove?
      6. How to verify a certificate
        1. Check name
        2. Check signature
        3. Check scope: is issuer allowed to issue a certificate for this name?
        4. Recurse back to root CA
      7. Compromises: installing rogue root CA certificate in a machine
  2. Networking
    1. MAC layer attacks
      1. ARP poisoning
    2. IP layer attacks
      1. Fragmentation
      2. Address spoofing
      3. Denial of service
    3. TCP layer attacks
      1. Connection spoofing
      2. Syn flood
    4. DNS
      1. DNS functioning
      2. Recursive vs iterative lookups
      3. DNS poisoning
    5. BGP
      1. Address range hijacking
    6. Network defenses
      1. Firewalls, intrusion detection, intrusion prevention
      2. Layers of defense: IP, TCP, Application level firewalls
      3. Evasion attacks
        1. TTL
        2. Fragmentation
        3. Algorithmic complexity
      4. Challenges of accurately detecting attacks
    7. Surveillance and censorship
      1. Censorship techniques
        1. DNS blocking
        2. IP address blocking
        3. URL filtering
        4. Deep packet inspection
      2. Defenses
        1. Simple anonymizing proxies
        2. TLS/SSH tunnels
        3. TOR: hiding connectivity
        4. End-to-end encryption
  3. Privacy
    1. Privacy issues with multiple data sets
    2. Increasing privacy by adding noise to data
  4. Virtualization and cloud computing
    1. Basic of virtualization
      1. Types 1 and 2 hypervisors
      2. Full vs paravirtualization
    2. Use of virtualization
      1. Server consolidation
      2. Cloud computing
      3. Studying malware
        1. Detection of virtual machines by malware
    3. Risks of virtualization
      1. Reset attacks on randomness
      2. Cache-based side-channel attacks
        1. On RSA exponentiation
        2. Achieving frequent interruptions
      3. Achieving co-location/coresidenc
      4. Performance interference
        1. Memory, cache, network I/O, disk I/O
      5. Leaking information through virtual machine images
        1. Passwords
        2. Secret keys
        3. Cloud security tokens
    4. Virtualization defenses
      1. Scheduling for side-channel attacks
  5. Processor security
    1. TPM - trusted platform model
      1. Measurements via PCRs
      2. Attestations
      3. Sealed storage
      4. Static vs dynamic root of trust
    2. SGX enclaves
      1. Memory encryption
      2. Secure entry/exit
      3. Creating enclave from unencrypted code
      4. Weaknesses: cache based sidechannels based on Meltdown attack
    3. Spectre
      1. Cache-based covert channel based on indexing into an array
      2. Speculation on inaccessible value
      3. Zone of operation - within address space
    4. Meltdown
      1. Speculation around page-table validity and user/kernel bit
      2. Zone of operation - from user to kernel, from user to SGX enclave
    5. Rowhammer
      1. Operation: repeated read trigger random bit flips
      2. Exploitation by replication sensitive data/code in memory
        1. Page tables entries for kernel attack
        2. Sandboxed code for JVM attack
      3. Defenses
        1. Better memory allocation
  6. Security Economics
    1. Who pays for security features
      1. Users
      2. Company
    2. Who should pay to defend against DDoS attacks and why?
    3. Liability - who is responsible today
  7. Blockchain and Bitcoin
    1. Double spending attack
      1. Centralized solution: validate at banki
      2. Distributed solution: global, public ledger
    2. Cryptographic chains of transactions around digital coins
      1. Verifying a chain: no double spending, chains back to a coin issue
    3. Chain of blocks comprised of transactions (block chain)
    4. Proof of work to commit a transaction block
      1. Hash function with leading zeroes
    5. Incentives to validate/mine
      1. Minting new bitcoin
      2. Transaction fees
Edit - History - Print - Recent Changes - Search
Page last modified on May 06, 2019, at 10:22 PM