exam review for first half of c430 2 may 2007 5pm in huxley 308 michael huth 2 may 2007 5pm in...
TRANSCRIPT
Exam Review for First Half of
C430
Exam Review for First Half of
C430
2 May 20075pm in Huxley 308
Michael Huth
2 May 20075pm in Huxley 308
Michael Huth
AdministrationAdministration
1. Statements made in this review apply only to the first half of C430; nothing should be inferred about the 2nd half of that course and its exam questions.
2. But Dr Lupu says that “everything is examinable”.
1. Statements made in this review apply only to the first half of C430; nothing should be inferred about the 2nd half of that course and its exam questions.
2. But Dr Lupu says that “everything is examinable”.
3. Each course half will have two exam questions. You will have to answer three out of these four questions.
4. Except for the links on my C430 web page for “optional material”, all course material is examinable, including BAN logic.
3. Each course half will have two exam questions. You will have to answer three out of these four questions.
4. Except for the links on my C430 web page for “optional material”, all course material is examinable, including BAN logic.
My AvailabilityMy Availability
I will be at an Identity Assurance Workshop at the DTI all day of tomorrow, 3 May 2007.
So I will be unable to see students or reply to email prior to the C430 exam.
I will be at an Identity Assurance Workshop at the DTI all day of tomorrow, 3 May 2007.
So I will be unable to see students or reply to email prior to the C430 exam.
Lecture 1 IntroductionLecture 1 Introduction
Make sure you understand key terms (confidentiality, authentication, integrity, non-repudiation, availability, and access control) in the context of network security.
Make sure you can “map” these key terms onto components or data of a security protocol where applicable.
Make sure you understand key terms (confidentiality, authentication, integrity, non-repudiation, availability, and access control) in the context of network security.
Make sure you can “map” these key terms onto components or data of a security protocol where applicable.
Introduction cont’dIntroduction cont’d
Recall the principle kinds of assets and corresponding threats in IT systems.
Be able to measure the risk of threats to a particular asset.
HINT: “The Internet Worm”; no need to retain technical details of how that attack worked.
Recall the principle kinds of assets and corresponding threats in IT systems.
Be able to measure the risk of threats to a particular asset.
HINT: “The Internet Worm”; no need to retain technical details of how that attack worked.
Lecture 2 CryptographyLecture 2 Cryptography
Ability to motivate the use of cryptography. What can/can’t it do?
Thorough understanding of the one-time pad.
Basic understanding of symmetric vs. asymmetric (public) key-based crypto.
Ability to motivate the use of cryptography. What can/can’t it do?
Thorough understanding of the one-time pad.
Basic understanding of symmetric vs. asymmetric (public) key-based crypto.
Crypto Cont’dCrypto Cont’d
Familiarity with different kinds of attacks of crypto algorithms.
HINT: No need to retain technical details of Quantum Crypto, Quantum Money or the Bennett & Brassard Protocol.
Familiarity with different kinds of attacks of crypto algorithms.
HINT: No need to retain technical details of Quantum Crypto, Quantum Money or the Bennett & Brassard Protocol.
Lecture 3 Symmetric Key Cryptography
Lecture 3 Symmetric Key Cryptography
Mostly concerned with DES and AES.
Mostly concerned with DES and AES.
DESDES
Good appreciation of its structure.
Ability to describe a round of DES encryption (decryption).
Ability to locate confusion, diffusion, and non-linearity in DES.
Ability to explain one non-basic mode of operation.
Familiarity with DES security.
Good appreciation of its structure.
Ability to describe a round of DES encryption (decryption).
Ability to locate confusion, diffusion, and non-linearity in DES.
Ability to explain one non-basic mode of operation.
Familiarity with DES security.
AESAES
Ability to explain the structure of AES.
Ability to explain how AES relies on algebraic operations over GF(2^8) and over 32-bit words.
HINT: last year’s C430 exam question on DES/AES won’t be revamped and reused as such.
Ability to explain the structure of AES.
Ability to explain how AES relies on algebraic operations over GF(2^8) and over 32-bit words.
HINT: last year’s C430 exam question on DES/AES won’t be revamped and reused as such.
Lecture 4 Public Key Crypto
Lecture 4 Public Key Crypto
Detailed knowledge of Diffie-Hellman key exchange protocol.
Detailed knowledge of RSA parameter generation, encryption, and decryption operations.
Understand implicit or explicit assumptions for RSA’s security.
Detailed knowledge of Diffie-Hellman key exchange protocol.
Detailed knowledge of RSA parameter generation, encryption, and decryption operations.
Understand implicit or explicit assumptions for RSA’s security.
Public Crypto Cont’dPublic Crypto Cont’d
Ability to design (or recall) a digital signature scheme using RSA and some hash function.
Ability to explain the working and “correctness” of signature generation and verification for that scheme.
HINT: Chaffing & Winnowing, Merkle’s Puzzle, and Elliptic Curve Crypto: no need to appreciate technical details but ability to retain main idea or attraction of such approaches.
Ability to design (or recall) a digital signature scheme using RSA and some hash function.
Ability to explain the working and “correctness” of signature generation and verification for that scheme.
HINT: Chaffing & Winnowing, Merkle’s Puzzle, and Elliptic Curve Crypto: no need to appreciate technical details but ability to retain main idea or attraction of such approaches.
Lecture 5 Mutual Authentication
Lecture 5 Mutual Authentication
Ability to specify (or recall) at least one mutual authentication protocol, and to explain how it works (and why it may be correct or incorrect).
Ability to state and explain at least one successful attack on a mutual authentication protocol.
Ability to specify (or recall) at least one mutual authentication protocol, and to explain how it works (and why it may be correct or incorrect).
Ability to state and explain at least one successful attack on a mutual authentication protocol.
Mutual Authentication Cont’d
Mutual Authentication Cont’d
HINT: Think about security protocols in which k > 1 many agents need to supply shares of a secure key to be used for symmetric encryption of broadcasts to these k agents; where the encryption and decryption of such broadcast is based on the consent of all k agents.
HINT: Think about security protocols in which k > 1 many agents need to supply shares of a secure key to be used for symmetric encryption of broadcasts to these k agents; where the encryption and decryption of such broadcast is based on the consent of all k agents.
Good luck!