CS5285 Examination Scope

1. Security requirements, access control, ACL, permission token.


2. Traffic filtering, firewall configurations, dual-homed, screened subnet, filter specifications for various applications/services, Remote dial-in, remote access VPN.


3. Properties of encryption functions, ciphertext-only attack, known plaintext attack, symmetric encryption, brute force attacks and attack effort, key distribution problem, encrypting larger messages, CBC, initialization vectors.


4. Public key encryption, RSA, breaking RSA, hybrid encryption, breaking hybrid encryption, Diffie-Hellman key agreement protocol.


5. Message integrity protocols, MIC/MAC, what makes an MIC work, hash functions, strong and weak collision resistance, cracking hash, keyed hash, HMAC.


6. Authentication factors, passwords, tapping and over-the-shoulder eavesdropping, database disclosure, authentication protocol for both eavesdropping and database disclosure, challenge-response authentication protocols, magnetic card and smart card, Needham-Schroeder KDC.


7. Digital signature with public key encryption, verifying digital signature, trusting public keys, digital certificate, PKI, verifying digital certificates, PGP trust model.


8. S/MIME messages and use of digital certificates, using hybrid encryption for email distribution. SMTP vulnerability.


9. SSL protocol, IPSec transport and tunnel modes, HTTP authentication, risks of downloaded codes, Java sandbox, authenticode scheme, web server logs, privacy leakage through url, referrers, cookies, precautions for using GET and POST.


10. Desirable features of payment system, credit card over SSL, SET, dual signature, payer anonymity, aggregate and lottery micropayment.