Lecture 21: Authentication and Passwords
Lecture 21 Outline
- Introduction
- Authentication via Passwords
- Implementing Passwords
- Session Cookies
- Phishing
- Bootstrapping/Resetting
- Password Alternatives
Lecture Slides
Reading
- Book section 11.2
Recitation 21: Why Cryptosystems Fail
- Read “Why Cryptosystems Fail (PDF)” by R. Anderson
- Why Cryptosystems Fail Assignment
Lecture 22: Secure Channels
Lecture 22 Outline
- Today’s Threat Model
- Secure Channel Primitives
- Secure Channel Abstraction
- Key Exchange
- Cryptographic Signatures for Message Authentication
- Key Distribution
- TLS: A Protocol That Does All of This
- Discussion
Lecture Slides
Reading
- Book sections 11.3, 11.4, and 11.5
Recitation 22: Domain Name System Security Extensions (DNSSEC)
- Read “Security vulnerabilities in DNS and DNSSEC (PDF)” by S. Ariyapperuma & C. Mitchell
- DNSSEC Assignment
Tutorial 12: Final Design Project Report
Having now had two rounds of feedback on your design, you’re working on your final report. Unlike the proposal document, the report should contain enough detail that it could feasibly be turned over to Facilities for implementation. It should also contain an evaluation of your design. See the Design Project section for detailed information.