Final Study Guide

This is simply a guide of topics that I consider important for the final. I don’t promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these, as well as anything we discussed in class, in the discussion section, or that is in the readings (including the papers).
  1. Everything contained in the midterm study guide
  2. Clark-Wilson model
  3. Cryptography
    1. Types of attacks: ciphertext only, known plaintext, chosen plaintext
    2. Classical ciphers, Cæsar cipher, Vigenère cipher, one-time pad, DES
    3. Public key cryptosystems; RSA
    4. Confidentiality and authentication with secret key and public key systems
    5. Cryptographic hash functions
    6. Digital signatures
    7. Attacking encryption and signature schemes
  4. Key Distribution Protocols
    1. Kerberos and Needham-Schroeder
    2. Certificates and public key infrastructure
  5. Authentication
    1. Passwords (selection, storage, attacks, aging)
    2. One-way hash functions (cryptographic hash functions)
    3. UNIX password scheme, what the salt is and its role
    4. Password selection, aging
    5. Challenge-response schemes
    6. EKE protocol
    7. Attacking authentication systems: guessing passwords, spoofing system, countermeasures
    8. Biometrics and other validation techniques
  6. Access Control
    1. ACLs, C-Lists, lock-and-key
    2. UNIX protection scheme
    3. Multiple levels of privilege
    4. Lock and key
    5. MULTICS ring protection scheme
  7. Malware
    1. Trojan horse, computer virus
    2. Computer worm
    3. Bacteria, logic bomb
    4. Countermeasures
  8. Network security
    1. Firewalls
    2. Network organization
  9. Electronic voting
  10. Assurance
You can also obtain a PDF version of this. Version of May 30, 2013 at 4:24PM