University of Southern California


CS530L - Security Systems
lab component
David Morgan

see "Syllabus" link for email address

German "Enigma" cryptographic device




Lab policies

Student lab times

CS530 main class

DETER net testbed
  get/use an account

a vi cheat sheet


Cryptography & Key Mgmt



Application security

Packet sniffing

Firewalls (DETER)

Intrusion detection

Arp spoofing (DETER)

Tunnels and vpns (DETER)

Computer forensics (DETER)





FALL 2014
lecture 4:30p - 5:20p Fri OHE122

Until recent years, information systems security was the limited focus of the military and the financial communities. With the recent explosive growth and merging of telecommunications and computing, security has become an integral element of any reliable and robust information systems environment. This class will cover information systems security at the graduate level. Students should have a basic understanding of networking and operating systems prior to attending the class.

Thank you for your efforts and interest in this subject and class. I enjoyed the opportunity to teach it. (11/14)

CS530 lab grader opportunities 2015 - having taken the course, you are an ideal candidate. You must remain a student in Fall 2015. Contact me with expression of interest now, or subsequently. The official university hiring process can take place only next August-September but I would like to identify your interest now, and contact you then. (11/14)

Green light to perform the DETER arp spoofing exercise. The primary and essential problem has been rectified. The final section entitled "8. Manipulating the traffic stream once you have it - altering it" does not work to my satisfaction but the exercise fully reveals to anyone who performs it the operation of the attack. As far as due dates are concerned, you can refer to the original calendar below. The published due date is Friday 11/14 but let's extend that by 4 days to be due Tuesday 11/18. Note this will overlap with your upcoming lab on Tunnels and vpns so do these labs when convenient within the intervals provided for them but don't squeeze yourself. Thank you for your patience and apologies for the delay. (11/4)

This week's lab - please observe my comments about it made in today's lecture and lecture slides. (10/31) email address - please be aware of the problem described in today's lecture and lecture slides. (10/31)

Lab grades - several students have asked. I have asked the lab graders and TAs to coordinate. I expect grades will be published in a batch, upcoming, covering the first several. (10/22)

Note calendar adjustments for next week's midterm - covered in lecture and the first few lecture slides for today (on Firewalls topic). (10/10)

Lab switching from Wednesday to Friday for career fair - apparently there is a career fair scheduled on campus that coincides with Wednesday lab. A few Wednesday students contacted me requesting to switch to Friday and I individually approved. Then the number of such requests grew to, I think, more than the capacity of the room. There are not enough extra seats in the lab on Friday to accommodate all those who want to attend Friday instead of Wednesday. I suggest that any Wednesday student who wants to attend the career fair event instead of lab should do so. Then, attend lab on Friday and expect to share a computer with another student. It might be a little crowded or uncomfortable. But for our purposes I think two students can both gain the desired experience while sharing a PC. If this works OK then great, go home and write this lab up. If it proves a great catastrophe, or at least some students don't get a chance to understand the point, maybe I can set up a remote server after Friday as a partial, substitute environment and you could do the work from your own Wireshark-equipped environment. We'll cross that bridge if we come to it however. Meantime, please go to the career fair if it is important to you, and to Friday lab. Incidentally your TA Simon Woo will be substitute grader on Friday. He himself was a past CS530 lab grader, and a good one. (10/7)

DETER accounts created tonight - this should trigger auto-generated email messages to each of you, identifying your user account name and asking you to make a couple of profile changes within, I think, a 72-hour time window.. The names will be of the pattern sc530aa, sc530ab, etc. Please try to respond to the message promptly. The majority of our remaining lab exercises will be done remotely on DETER. See the links in the column at left under the heading "DETER net testbed." (10/1)

"With heartbleed, what data do I get," I was asked after class yesterday. You get whatever data is neighbor in RAM to the heartbeat payload. The payload originates from the client; the server does a write/read depositing it in memory then reading it back to boomerang it to the client. But he reads back too much. What data lies adjacent to the payload? Whatever was placed there recently, by whoever placed it. It's a multiprogramming system and we don't know. The data coming back is unpredictable and uncontrollable by the attacker. In the slide below, I used the web form just to be able to get some known-quantity thing into the server's memory. Thereafter, I ran the exploit about 10 times, scrutinizing what came back trying to spot "EAZZZ...ZY2SEE..." The first 9 times it wasn't there, the 10th time, bingo, there it is (below). A real-world web form might have solicited something sensitive, like a credit card number or credential of some kind. Web forms are, after all, how you supply your card number to an online merchant. Not just apache, as here, but any software that uses memory (which doesn't?) may place its data in heartbleed's path. So session and private keys, if any software ever used them, might show up.

Please do not conclude from this slide that I deliberately constructed what you see. I hoped for what you see. I was on a fishing expedition and got lucky, eventually. But those trophy catch photos never tell that the fisherman labored in vain since sunrise before he finally hooked the big one.

"'Come on, fish,' he said. But the fish did not come...'Fish,' he said softly, aloud, 'I'll stay with you until I am dead.'" The Old Man and the Sea, Ernest Hemingway.  (9/27)

Please use the prescribed keywords when emailing lab solutions to each week. Till now I have individurally requested re-submittal of email messages that arrive without them. From now I will stop.
The keywords bring your submittals to the graders' attention. If you don't use them they may not receive your work and you may not get credit for it. (9/26)

Last week's lab lecture online can be found at

The appearance of a link to it at has been delayed, but the video itself is up online. (9/22)

Yubikey authentication - we looked at it briefly in lecture last week. We didn't spend enough time on these slides about key sharing. The yubikey device on an application client produces an output intended for use in conjunction with an authentication server that can evaluate that output. (Incidentally while the server in my slides belonged to manufacturer Yubico,  maintained for customer use, customers also have the option of creating their own server to avoid sharing secrets with any external organization.) The slides show that part of a yubikey's output is encrypted, and the symmetric key for that is internal to the yubikey. That key therefore must be shared with the server, and my slides show it to be in the server's possession. There are different approaches to secure key sharing. One of the questions in your lab instructions asks you to think about how it was accomplished in this case. (9/19)

Email filter rule keywords used for managing the 10 reports you submit are:


for the respective labs we do over 10 weeks. Please be sure to embed these keywords in the titles of the email messages in which you will submit your work. (9/12)

New lab times published - please check and let me know of any anomalies, conflicts, problems. (9/8)

Further lab timeslot assignments - since Friday I have not yet assigned additional sign-ups. I expect to do so tomorrow, Monday, and publish a revised list at the "Student lab times" link. In the meantime, anybody not yet assigned who wishes to attend tomorrow may do so. (9/7)

Authentication without confidentiality - below is one of the slides we didn't get to yesterday. What's the stuff in the red box?

Note there is no encryption of the data, the purpose is not to obscure the data but to make certain it came from Fedora. (9/6)

Clarification - lab meeting times have been assigned, but the actual meetings don't start until next week. Those of you assigned to the Friday 3pm slot need to come next Friday but not today. Today, we have just the regular lecture in room OHE122 at 4:30pm. (9/5)

My RSA lecture available online -  The latter slides in my lecture presentation today cover the steps and math of the RSA algorithm. They are closely related to the lab activity you'll do in a week. I have those slides online, with my narration. You may listen to them if you like (it would help) before coming to the lab next week. (9/5)

Labs, due dates, lab time assignments round 2 - The lab performed in a given week will be the one that was the lecture subject on the previous Friday. The due date for submitting its result will be by your particular lab time the following week. Take as an example the cryptography topic and a student in the Wednesday lab. The lecture for it is today; you'll do the lab exercise next Wednesday September 10; your electronic submittal of the result is due the following Wednesday September 17 at lab time, 10:30am. DEN students have a Friday 4:30 deadline; the remote assignments on DETER later this semester will be due Fridays at 4:30 2 weeks after lecture date.

If your name does not appear among the listed student lab times it is because you did not supply preferences or supplied them malformed. I will hold another round of time assignments for you. (You will have second priority, that is, I will not disturb or move any of the students already assigned to meet your preferences.) Please visit the web form today and express preferences. I will randomly give times to students who do not. (9/5)

Student lab times
- please see the link at left entitled "Student lab times". The lab times are set for:

Mondays 12:30pm-1:50pm
Wednesdays 10:30pm-11:50am
Fridays 3:00pm-4:20pm

The number of students of record is 68. 48 of them appear in the "Student lab times" schedule. 9 did not provide preferences. 11 supplied preferences in improper form which therefore were not processed.

preferences not provided: briggs, guptaan, guptaav, mante, maraliga jayaram, palaniappan, patwardhan, tuse, venugopal

preferences provided in improper form: wadhawan, balakrishnan, balasubramanya, narayanan, vemuri, thakur, shamanur, khatri, shiroor, poobalan, luo   (9/4)


Which machine do we use, for which lab? - the various lab activities were developed to work on one or another of the 4 virtual machines installed in the lab. The instructions for each lab should tell you on which platform to do it. As a matter of record, here are the platforms corresponding the activities.


Revised lab calendar (below) - to reflect the 10/17 midterm. (8/30)

First homework tasks -
 1) express your lab timeslot preferences (unless you are a DEN student) deadline: end of day Tuesday 9/2/14
If you are a DEN student, install VMWare Player 6 (or other version of VMware) if you do not have it already. See "DEN students" comments below.
 2) as a tourist, visit the informational links listed at left under the heading "DETER net testbed". Gain initial familiarity with DETER at tourist level. We will arrange DETER accounts for you shortly.
 3) visit link at left entitled "Cryptography" under the heading "Labs." Our upcoming initial lab topic will be on the subject of cryptography. My lecture on the subject will be September 5, with corresponding lab exercise (the first one) performed the following week. (8/29)

Individual lab timeslot assignments

You will be assigned to a particular lab session. You will express preference among the timeslots using this web form:

On the form (which unfortunately does not validate entries) please take care to enter a unique explicit digit from among 0, 1, 2, and 5 for each of the seven lab timeslot possibilities.
 - enter 0 for any slot with which you have a bona fide conflict (other commitment that cannot be changed)
 - enter 1 for your most preferred non-conflicting timeslot
 - enter 2 for your second-most preferred non-conflicting timeslot
 - enter 5s for your less preferred non-conflicting timeslots

The software that will process your entry will filter it out if it deviates from that. So fill in the form correctly to avoid adversely affecting our meeting your preference. I will do my best to follow student preference within my ability to control. (8/29)

The web form is here . To use it, you need to supply an ID. Your ID is your last name, all lower case. On-campus  students who were registered as of yesterday are in the web form's database. There are multiple guptas and multiple kims. In those cases suffix your last name with 1 or 2 characters of your first name. I will make a supplemental update with names of later registrants sometime next week as a fresh class roster is made available to me. (8/29)

Slides from today's lecture in color or greyscale.(8/29)

Strong recommendation - each week, preview or scan (visually) the lab instructions in advance before your lab session. It will enable you to do the exercises more efficiently, with greater understanding, and ensure you can finish before the lab ends. (8/29)

Support questions - try the "Labs" category of the discussion board found on DEN/Blackboard for CS530. If it's a question of general interest (maybe somebody else has the same question in mind) put it there. Alternatively, or for more specifically personal questions, email address, shared by me and the lab graders. (8/29)

Your graders - Serhat Yilmaz and Adhip Gupta. Adhip took CS530 last year, Serhat did so earlier and was a lab grader last year. Both are helpful and familiar with the lab exercises you will do. (8/29)

Lab location - room OHE406. The hardware-identical computers in this room have removable hard drives. You will be assigned a drive. You will insert it in one of the computers when you arrive at the lab each week. You will put it in a locker afterward, where it will be stored for you until the following week's session. (8/29)

DEN students - most if not all of the lab exercises are performed in VMware virtual machines. We will make available images of the same vm's that are installed in the lab, for you to install on your machine. You will then be able to run that vm using VMware player, which is distributed free from The lab handouts (instructions) will be posted online, here on this website, weekly. I intend to distribute the vm images to you via download, details to be posted on this website. (These are not for the consumption of on-campus students.) (8/29)

The University of Southern California does not screen or control the content on this website and thus does not guarantee the accuracy, integrity, or quality of such content. All content on this website is provided by and is the sole responsibility of the person from which such content originated, and such content does not necessarily reflect the opinions of the University administration or the Board of Trustees