SSS - CurryDulcie AlexWong Overview Background Codesample Analysis Conclusions RelatedWorks Background Securitysoftware!=Softwaresecurity o

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Secure Security Software Curry Dulcie Alex Wong
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Overview Background Code sample Analysis Conclusions Related Works 
Background image of page 2
Background Security software != Software security o But since security software is software, it should be  developed securely, too! In this project, we will demonstrate why software  security is necessary in security software o Failure to verify input o Command injection Privilege Escalation Even if you follow secure guidelines for your software,  insecure implementation will make it insecure overall    Implementing your own security or cryptography  routines is nearly always a bad idea!
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background: One Time Passwords Used to prevent replay of passwords o Can also be used to prevent reuse "Zero knowledge password proof" o Makes captured passwords near worthless to an attacker o Demonstrates knowledge of password without revealing  the password (or revealing a way to derive the password) o Shared key (password) never goes across the wire in  cleartext  Well-known schemes o S/KEY o OTPW o RSA SecurID / SoftID
Background image of page 4
Background: One Time Passwords While OTP schemes are useful, they're not often used o Complexity Setting up the infrastructure Multiple users Handling bad logins Generating challenges Provisioning keys User interfaces Training users how to use an OTP o Cost OTP calculators -- extra hardware o Security Disclosure of password list (OTPW, S/KEY) Still requires protection from MITM attacks
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background: One Time Passwords Both OTPW and S/KEY (Lamport's Scheme) use 
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 548 taught by Professor Farkas during the Spring '10 term at South Carolina.

Page1 / 14

SSS - CurryDulcie AlexWong Overview Background Codesample Analysis Conclusions RelatedWorks Background Securitysoftware!=Softwaresecurity o

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online