Digital Certificate and
Public Key Infrastructure (PKI)
Certification authority (CA): binds public key to particular entity, E.
E (person, router) registers its public key with CA.
E provides proof of identity to CA.
Public Key Cryptography
Motivation for Public Key Cryptography
In symmetric key or secret key cryptosystems, the
communication parties must have some pre-share secret, i.e.
the master key
Distribution of such keys in a secure and scalable manner is a
Message Authentication Code
Hash Function and Message Digest
What is Message Authentication ?
Procedure that allows communicating parties to verify that received
messages are authentic, namely
source is authentic not from masquerading
Four elements of a Crypto-system
Only need to keep the Key secret, can afford to have the
Again, can facilitate implementation by the mass
It is easy to change the Key, but difficult to design and
describe /communicate a new
Intro. to Computer Security
Prof. Shiuhpyng Shieh, Dept of CS, NCTU
ACM Distinguished Scientist
Office: EC624, Tel: ext31876, 035731876
Minghua: 54705, direct line 5744788
Wen: 54808, direct 5744788
Office Hour: after the c
Introduction to Cyber Security
Spring Semester, 2013
Prof. Kehuan Zhang
Overview of this course
Goal, content, format, evaluation, etc.
These slides are mostly based on the mate
Web Applications Security
The slides of this lecture are adapted from the following sources:
Yehuda Afek, An Overview of Internet Attacks.
Defenses against Stack Buffer Overflow
The following slides are from:
Profs. Dan Boneh, John Mitchell, Stanford
Preventing Buffer Overflow attacks
Automated tools: Coverity, Prefast/Prefix.
Rewrite software in a t
Single biggest software security threat the buffer overflow
The most common form of security vulnerability till 2005 or so.
Buffer overflow vulnerabilities dominate in the area of remote network
Review on IP datagram format
IP protocol version
type of data
used in traceroute)
16-bit identifier flgs