Tutorials for weeks 13 to 24 inclusive will mainly consist of surgeries to enable sudents to finalise project choices, obtain guidance on project scope and to obtain help identifying suitable sources of information and published documentation and how-to materials relevant to specific security investigation projects.
Tutorials for weeks 25 and 26 inclusive will involve tutor-led class discussion of topics relevant to the examination.
Lecture notes: Kerberos and centralised network password management.
Stish Sarna's Lecture Notes
Lecture notes: Malware, Viruses, Worms, Trojans and Defences.
Cross Site Scripting, SQL insertion and Buffer Overflow Exploits.
Virtual Private Networks
Legislation influencing and relevant to systems security.
Copy prevention, information hiding and DRM (Digital Restriction/Rights management) technologies.
Security and Financial Transaction Recording.
Email security, spam reduction and sender reputation.
Please make every effort to attend the lecture for week 25 (10.00 am Mon 23rd April) as I'll be focussing on areas where you will need to revise for my 2/3rds of the examination.
For the tutorial slots, I've prepared some Python source code intended to make the RSA and prime numbers maths needed for Stish's crypto questions more explorable for those of you for whom adopting an alternative learning approach might be useful, intended to reinforce Stish's materials. To complete his questions you'll need to be able to work through some of these functions. I'll show you how to instrument these functions by adding extra debugging statements so that you can work out what's going on within them to the point where you can perform similar calculations using small numbers as RSA inputs using pen and paper. Remember you won't be able to use a computer in the exam, but this does give you another opportunity to study and familiarise yourself with this particular machinery.
Week 25 tutorials I'll be going through RSA encryption and decryption assuming we've got some prime numbers to start with for the keys. Week 26 I'll be going through primality testing algorithms for generating these keys (looking inside the mechanics of the OpenSSL black box which I demonstrated for this purpose last autumn).
For the lecture on Monday 30th April, I'd been hoping to show a video of Stish's RSA/primes presentation. Unfortunately computer problems have prevented us seeing this. Instead we'll need to rely on last week's lab to cover our understanding of RSA calculations. But these assumed we already know a pair of secret and large prime numbers. So the lecture will cover the use of prime numbers in security in general, and the lab will explore the inner workings of some primality testing software which implements the Miller-Rabin tests and associated software suitable for generating very large random primes.
Prime numbers and use in security.
Download the Rabin Miller Prime Generator and Test program. A description of the Rabin Miller algorithm and the original Python program from which this was obtained is available here.