Authentication

Slides

• 02-Authentication
• 03-Authentication
• 03-Phishing

Recommended Reading

• Security in Computing - Chapter 2.1 and 2.2
• Video 17 minutes: What’s wrong with your pa$$w0rd?

News

• Exclusive: how the Atlantic’s Jeffrey Goldberg got added to the White House Signal group chat
• Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years by Brian Krebs

Laws, regulations, and guidance

• NIST SP 800-63-4 Section 3.1.1.
• NIST proposes barring some of the most nonsensical password rules by Dan Goodin (arsTechnica)
• Password administration for system owners by the National Cyber Security Center of the United Kingdom - one of the first countries to officially advocate for user-friendly password rules

Research

• Joseph Bonneau. The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. In Proceedings of IEEE SP 2012.
• Blase Ur, Felicia Alfieri, Maung Aung, Lujo Bauer, Nicolas Christin, Jessica Colnago, Lorrie Faith Cranor, Henry Dixon, Pardis Emami Naeini, Hana Habib, Noah Johnson, William Melicher. Design and Evaluation of a Data-Driven Password Meter In Proceedings of CHI 2017.
• Florian Mathis, John H. Williamson, Kami Vaniea, Mohamed Khamis (2020). RubikAuth: Fast and Secure Authentication in Virtual Reality. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems.
• Ur, Blase, et al. “How does your password measure up? The effect of strength meters on password creation.” 21st USENIX security symposium (USENIX Security 12). 2012.

Random Fun Stuff

• * The password game - Simple game that keeps giving you new harder, more crazy, password rules as you progress.

Cryptography

Cryptography is the study of encryption approaches and is one of the most basic tools used in security. In this module we will cover some of the basic principles of cryptography and some of the most common cryptography aprroaches.

Slides

• 06 Cryptography Introduction
  • Topics: Man in the Middle, substitution ciphers, one time pad, stream ciphers, block ciphers
  • 06-Handout
• 07 Cryptography
  • Topics: Playfair cipher, crypto errors, hash functions, hmac, sp-networks
  • 07-Handout – (Answers)
• 08 Cryptography

Recommended Reading

Security in Computing - Chapter 2.1 and 2.2

Learning Goals

Understand

Encryption is not magic, it does not protect all things from all attacks, it is built on assumptions and like all tools is designed to perform specific tasks. Different types of cryptography are designed to solve different problems, think about the problems, constraints, and assumptions that can be made before selecting a cryptographic approach.

Remember

Difference between symetric and asymetric cryptography Keys, what they are for, assumptions about them, and what they do Stream and block ciphers

Apply

Think about the different tools that you use on a daily basis that claim they use encryption to protect you. Try looking up what kind of encryption they use and reason about why that type was chosen.

Additional Resources

• Vigenère cipher
• One-time-pad
  • Online one-time-pad encoder/decoder
• A Stick Figure Guide to the Advanced Encryption Standard (AES)

Networking

Slides

• 09 Networking Introduction
  • Packets, IP addressing, OSI network model, ports, TCP
• 10 Networking
  • Autonomous Systems, BGP Routing, VPNs
• 11 Networking
  • Threat Models, Onion Routing, Denial of Service, Firewalls, NAT

Educational Games

• CS4G Network Simulator - an easy to understand and play simulator game that takes you through some of the most basic attacks in networking such as spoofing and a man in the middle attack
• Permission Impossible - a simple drag-and-drop game designed to teach firewall concepts and rules
• Blue Team - a more complicated firewall game that has you set firewall policies for multiple computers in a network, upper levels include some simple interaction with an intrusion detection system

Additional Resources

• Clark, David. “The design philosophy of the DARPA Internet protocols.” Symposium proceedings on Communications architectures and protocols. 1988.
• Mockapetris, Paul, and Kevin J. Dunlap. “Development of the domain name system.” Symposium proceedings on Communications architectures and protocols. 1988.