Week 12: Security Part II

Lecture 21: Authentication and Passwords

Lecture 21 Outline

Introduction
Authentication via Passwords
Implementing Passwords
Session Cookies
Phishing
Bootstrapping/Resetting
Password Alternatives

Detailed Outline

Lecture Slides

Lecture 21 Slides: Authentication and Passwords (PDF)

Reading

Book section 11.2

Recitation 21: Why Cryptosystems Fail

Read “Why Cryptosystems Fail (PDF)” by R. Anderson
Why Cryptosystems Fail Assignment

Lecture 22: Secure Channels

Lecture 22 Outline

Today’s Threat Model
Secure Channel Primitives
Secure Channel Abstraction
Key Exchange
Cryptographic Signatures for Message Authentication
Key Distribution
TLS: A Protocol That Does All of This
Discussion

Detailed Outline

Lecture Slides

Lecture 22 Slides: Secure Channels (PDF)

Reading

Book sections 11.3, 11.4, and 11.5

Recitation 22: Domain Name System Security Extensions (DNSSEC)

Read “Security vulnerabilities in DNS and DNSSEC (PDF)” by S. Ariyapperuma & C. Mitchell
DNSSEC Assignment

Tutorial 12: Final Design Project Report

Having now had two rounds of feedback on your design, you’re working on your final report. Unlike the proposal document, the report should contain enough detail that it could feasibly be turned over to Facilities for implementation. It should also contain an evaluation of your design. See the Design Project section for detailed information.

Browse Course Material

Course Info

Instructor

Departments

As Taught In

Level

Topics

Learning Resource Types

Computer System Engineering

Lecture 21: Authentication and Passwords

Lecture 21 Outline

Lecture Slides

Reading

Recitation 21: Why Cryptosystems Fail

Lecture 22: Secure Channels

Lecture 22 Outline

Lecture Slides

Reading

Recitation 22: Domain Name System Security Extensions (DNSSEC)

Tutorial 12: Final Design Project Report

Course Info

Instructor

Departments

As Taught In

Level

Topics

Learning Resource Types