University of Southern California

 

CS530L - Security Systems
lab component
David Morgan

see "Syllabus" link for email address

German "Enigma" cryptographic device

 

Home

Syllabus

Lab policies

Student lab times

CS530 main class

DETER net testbed
  home
  get/use an account
  FAQ
  tutorial


a vi cheat sheet


Labs
(instructions/slides)

Cryptography & Key Mgmt

Authentication

Authorization

Application security

Packet sniffing

Firewalls (DETER)

Intrusion detection

Arp spoofing (DETER)

Tunnels and vpns (DETER)

Computer forensics (DETER)

 

 

 



 

FALL 2017
lecture 4:30p - 5:20p Fri OHE122

Until recent years, information systems security was the limited focus of the military and the financial communities. With the recent explosive growth and merging of telecommunications and computing, security has become an integral element of any reliable and robust information systems environment. This class will cover information systems security at the graduate level. Students should have a basic understanding of networking and operating systems prior to attending the class.

Lab calendar adjusted - to avoid lab responsibilities during midterm exam week.

 - no earlier lab due exam week app security is due 10/13 instead
 - no current lab performed exam week packet sniffing performed week of 10/9 instead
 - no lab lecture exam week Im going fishing, will return on 10/13 (9/15)

Open labs - the extra seats in Tuesday's and Wednesday's labs may be used by students not assigned to those days if they wish. This is subject to the grader's discretion on a first-come first-served basis. Her priority is the current lab, for that day's assigned students. You are welcome to occupy extra seats and work independently and unobtrusively. (9/15)

Cassini space mission - symbolizes the enterprise of human science of which we are small parts, and ends today. I knew a couple people on Jet Propulsion Laboratory's Cassini team where I learned that rocket scientists are just people, applied people first then rocket scientists a consequential second. People like you. Anything's possible.

(9/15)

RSA key size recommendations - have traditionally been published by RSA.
NSA key size recommendations were newly published in January 2016 by NSA's Information Assurance Directorate. Encryption technologies' adequacy depends on key lengths. It diminishes as computers become faster and altogether new computing technologies emerge. NSA is anticipating, in particular, the maturation of quantum computing and its effect on public-key cryptography.
Former student Glenn Johnson researched this and called it to our attention. (9/8)

Email filter rule keywords used for managing the 10 reports you submit are:

 cryptolab
 authenticationlab
 authorizationlab
 applicationsecuritylab
 snifflab
 firewallslab
 idslab
 arpspooflab
 tunnelslab
 forensicslab

for the respective labs we do over 10 weeks. Please be sure to embed these keywords in the titles of the email messages in which you will submit your work. (9/8)

Published: student lab times Please see link at left entitled "Student lab times." First meeting tomorrow morning for those assigned to it. Check your timeslot assignment and attend accordingly please.  (9/4)

Website is now up for expressing your timeslot availability, below. This is for on-campus students only; if you are a DEN student there is no need (or point) for you to respond. (8/27)

Manual RSA encryption/decryption of 23901 - 23901 is a popular number among you students in our class. Friday it had a bad day, didn't cooperate in our live demo. I gave it aspirin and now, screenshot below, you can see how it encrypts to some other number (like maybe 11409, or 30606 or something) and how these can be back-processed to the self-same original 23901.

To do this you have to know what numbers to use for the math involved (what exponent? what divisor?). If you have the right ones, it works. If not... sorry. Coming up with numbers that work is called key derivation. (8/27)

Online student availability questionnaire
 is up
   at  /http://ftp.artbynitsa.com/~artbynit/cs530.html

Please go there and express your schedule availability for labs. You will type in your name, but note the form only accepts names typed precisely as they appear on the student list I obtained from USC, which you can examine on the form. Look yourself up on that list and enter your name into the form. Please do so as soon as possible, once the site/form is announced and available (here and via email in a few days). Thanks. (8/25)

Slides from today's lecture in color or greyscale.(8/25)

First homework tasks -
 1) check this website regularly in the next few days for announcement of availability of a web URL where you can indicate your timeslot availability. Respond as soon as possible please.
 2) as a tourist, visit the informational links listed at left under the heading "DETER net testbed". Gain initial familiarity with DETER at tourist level. We will arrange DETER accounts for you shortly.
 3) visit link at left entitled "Cryptography" under the heading "Labs." Our upcoming initial lab topic will be on the subject of cryptography. My lecture on the subject will be September 1, with corresponding lab exercise (the first one) performed the following week. (8/25)

My RSA lecture available online - Here are online slides, with my narration,  from the portion of next week's lecture covering the steps and math of the RSA algorithm. They are closely related to the first lab activity you'll do. You should listen to them if you like (it would definitely help) before coming to the lab. (8/25)

Which machine do we use, for which lab? - the various lab activities were developed to work on one or another of the 4 virtual machines installed in the lab. The instructions for each lab should tell you on which platform to do it. As a matter of record, here are the platforms corresponding the activities.

(8/25)

Lab calendar schedule - in specific detail for whole semester, to be posted here shortly. (8/25)

Strong recommendation - each week, preview or scan (visually) the lab instructions in advance before your lab session. It will enable you to do the exercises more efficiently, with greater understanding, and ensure you can finish before the lab ends. (8/25)

Support questions - try the "Labs" category of the discussion board found on DEN/Blackboard for CS530. If it's a question of general interest (maybe somebody else has the same question in mind) put it there. Alternatively, or for more specifically personal questions, csci530l@usc.edu email address, shared by me and the lab graders. (8/25)

Your graders - to be hired and announced. They will be former CS530 students, therefore familiar with the lab exercises you will do. (8/25)

Lab location - room OHE406. The hardware-identical computers in this room have removable SSD drives. You will be assigned a drive. You will insert it in one of the computers when you arrive at the lab each week. You will put it in a locker afterward, where it will be stored for you until the following week's session. (8/25)

DEN students - most if not all of the lab exercises are performed in VMware virtual machines. We will make available images of the same vm's that are installed in the lab, for you to install on your machine. You will then be able to run that vm using VMware Workstation Player, which is distributed free from VMware. The lab handouts (instructions) will be posted online, here on this website, weekly. I intend to distribute the vm images to you via download, details to be communicated to you by email. (These are not for the consumption of on-campus students.) (8/25)