Course outlines
There are two versions of this course, each of which has its own expectations and evaluation scheme.
What is the classic weakness of Diffie–Hellman key exchange?
What is a Dolev–Yao attacker? Why are they important?
After an example security protocol is run, what might Alice, Bob, Eve and Mallory believe re: who sent which messages, who might have read them, etc.?
Does the use of security protocols change the trust relationship we have with the underlying network? If so, how? If not, why not?
What is the difference between DPI and a traditional firewall?
Given the following bytes of an Ethernet frame carrying an HTTP packet, identify the protocol in use, the User Agent used to send the request and the attack being carried out (XSS, CSRF, SQL injection, etc.). How should we defend against this attack?
0000 98 90 96 b8 79 17 3c 18 a0 41 c3 86 08 00 45 00 ....y.<..A....E.
0010 01 10 00 00 40 00 40 06 f2 e0 86 99 1e 11 86 99 ....@.@.........
0020 1b c4 d8 c4 00 50 94 a4 12 6b ce ec 63 3a 80 18 .....P...k..c:..
0030 08 0a c8 ff 00 00 01 01 08 0a 82 82 10 b0 9c f1 ................
0040 6a d6 50 4f 53 54 20 2f 65 78 61 6d 70 6c 65 2d j.POST /example-
0050 61 70 70 2f 73 69 67 6e 75 70 20 48 54 54 50 2f app/signup HTTP/
0060 31 2e 31 0d 0a 48 6f 73 74 3a 20 74 6f 6e 79 2e 1.1..Host: tony.
0070 65 6e 67 72 2e 6d 75 6e 2e 63 61 0d 0a 55 73 65 engr.mun.ca..Use
0080 72 2d 41 67 65 6e 74 3a 20 63 75 72 6c 2f 37 2e r-Agent: curl/7.
0090 38 34 2e 30 0d 0a 41 63 63 65 70 74 3a 20 2a 2f 84.0..Accept: */
00a0 2a 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 *..Content-Lengt
00b0 68 3a 20 35 32 0d 0a 43 6f 6e 74 65 6e 74 2d 54 h: 52..Content-T
00c0 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e ype: application
00d0 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 /x-www-form-urle
00e0 6e 63 6f 64 65 64 0d 0a 0d 0a 75 73 65 72 6e 61 ncoded....userna
00f0 6d 65 3d 6a 6f 6e 26 63 69 74 79 3d 53 74 2e 25 me=jon&city=St.%
0100 32 30 4a 6f 68 6e 27 3b 64 72 6f 70 25 32 30 74 20John';drop%20t
0110 61 62 6c 65 73 3b 27 73 2c 25 32 30 4e 4c ables;'s,%20NL
There are two versions of this course, each of which has its own expectations and evaluation scheme.
This course has no required textbook, but there are some recommended books.
How to get help in the course.