SlideShare a Scribd company logo

Chapter 16 Exercises for Cryptography Concepts

Download as PPT, PDF
D
drewz lin

This document provides exercises for part 3 of a security textbook. It lists conceptual exercises asking about advantages and disadvantages of web of trust vs certificate authority trust models and how symmetric encryption can provide authentication, confidentiality, and message integrity. It also provides a programming problem to extend an AES encryption program to compute and verify a MAC on encrypted messages using separate keys for encryption and MAC computations.

1 of 3
CHAPTER 16 Exercises for Part 3 Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern, and Anita Kesavan (ISBN 1590597842; http://www.foundationsofsecurity.com). Except as otherwise noted, the content of this presentation is licensed under the Creative Commons 3.0 License.
Conceptual Exercises  List three advantages/disadvantages of using a web of trust model vs. using a certificate authority–based trust model.  State how you can use symmetric encryption to achieve (a) authentication, (b) confidentiality, and (c) message integrity.
Programming Problem  Extend the AESEncrypter program of Section 12.1.6 to compute and verify a MAC on the message in addition to encrypting and decrypting data. Be sure to use different keys for the encryption and MAC computations.

Recommended

Steganography
SteganographySteganography
SteganographySanthosh Baswa
 
Cryptography Network Security Research Projects Help
Cryptography Network Security Research Projects HelpCryptography Network Security Research Projects Help
Cryptography Network Security Research Projects HelpNetwork Simulation Tools
 
Transforming worst nightmare leader agile2012
Transforming worst nightmare leader agile2012Transforming worst nightmare leader agile2012
Transforming worst nightmare leader agile2012drewz lin
 
Coaching ismorethantelling
Coaching ismorethantellingCoaching ismorethantelling
Coaching ismorethantellingdrewz lin
 
Agile 2012 inside out leading change from the middle
Agile 2012 inside out leading change from the middleAgile 2012 inside out leading change from the middle
Agile 2012 inside out leading change from the middledrewz lin
 
2012上海chinatest演讲 从开发看测试,从测试看开发
2012上海chinatest演讲 从开发看测试,从测试看开发2012上海chinatest演讲 从开发看测试,从测试看开发
2012上海chinatest演讲 从开发看测试,从测试看开发drewz lin
 
Top100summit 闵刚金蝶自动化测试发展之路 2
Top100summit 闵刚金蝶自动化测试发展之路 2Top100summit 闵刚金蝶自动化测试发展之路 2
Top100summit 闵刚金蝶自动化测试发展之路 2drewz lin
 
Dollars and dates are killing agile final
Dollars and dates are killing agile finalDollars and dates are killing agile final
Dollars and dates are killing agile finaldrewz lin
 

Recommended

Steganography
SteganographySteganography
SteganographySanthosh Baswa
 
Cryptography Network Security Research Projects Help
Cryptography Network Security Research Projects HelpCryptography Network Security Research Projects Help
Cryptography Network Security Research Projects HelpNetwork Simulation Tools
 
Transforming worst nightmare leader agile2012
Transforming worst nightmare leader agile2012Transforming worst nightmare leader agile2012
Transforming worst nightmare leader agile2012drewz lin
 
Coaching ismorethantelling
Coaching ismorethantellingCoaching ismorethantelling
Coaching ismorethantellingdrewz lin
 
Agile 2012 inside out leading change from the middle
Agile 2012 inside out leading change from the middleAgile 2012 inside out leading change from the middle
Agile 2012 inside out leading change from the middledrewz lin
 
2012上海chinatest演讲 从开发看测试,从测试看开发
2012上海chinatest演讲 从开发看测试,从测试看开发2012上海chinatest演讲 从开发看测试,从测试看开发
2012上海chinatest演讲 从开发看测试,从测试看开发drewz lin
 
Top100summit 闵刚金蝶自动化测试发展之路 2
Top100summit 闵刚金蝶自动化测试发展之路 2Top100summit 闵刚金蝶自动化测试发展之路 2
Top100summit 闵刚金蝶自动化测试发展之路 2drewz lin
 
Dollars and dates are killing agile final
Dollars and dates are killing agile finalDollars and dates are killing agile final
Dollars and dates are killing agile finaldrewz lin
 
基于Ht rca缺陷分析的测试改进-china test-张玲玲
基于Ht rca缺陷分析的测试改进-china test-张玲玲基于Ht rca缺陷分析的测试改进-china test-张玲玲
基于Ht rca缺陷分析的测试改进-china test-张玲玲drewz lin
 
移动测试中心Bmtc
移动测试中心Bmtc移动测试中心Bmtc
移动测试中心Bmtcdrewz lin
 
Agile 2012 pitfalls in agile testing - paul carvalho
Agile 2012 pitfalls in agile testing - paul carvalhoAgile 2012 pitfalls in agile testing - paul carvalho
Agile 2012 pitfalls in agile testing - paul carvalhodrewz lin
 
Minidates otv-agile2012-final hr
Minidates otv-agile2012-final hrMinidates otv-agile2012-final hr
Minidates otv-agile2012-final hrdrewz lin
 
11 exercises for part 2
11 exercises for part 211 exercises for part 2
11 exercises for part 2drewz lin
 
Vision tool
Vision toolVision tool
Vision tooldrewz lin
 
Testers role agile2012
Testers role agile2012Testers role agile2012
Testers role agile2012drewz lin
 
Top100summit 陈辉-游戏测试平台 策划资源文件自动化测试体系
Top100summit 陈辉-游戏测试平台 策划资源文件自动化测试体系Top100summit 陈辉-游戏测试平台 策划资源文件自动化测试体系
Top100summit 陈辉-游戏测试平台 策划资源文件自动化测试体系drewz lin
 
Dead codepresentation 0
Dead codepresentation 0Dead codepresentation 0
Dead codepresentation 0drewz lin
 
User driven development
User driven developmentUser driven development
User driven developmentdrewz lin
 
Sqale meaningful insights into your technical debt
Sqale meaningful insights into your technical debtSqale meaningful insights into your technical debt
Sqale meaningful insights into your technical debtdrewz lin
 
Servant leader greg hutchings agile 2012sm
Servant leader greg hutchings agile 2012smServant leader greg hutchings agile 2012sm
Servant leader greg hutchings agile 2012smdrewz lin
 
6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflowsdrewz lin
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network securityMazin Alwaaly
 
O Outro Lado BSidesSP Ed. 5 - As Nove Principais Ameaças na Computação em Nuvem
O Outro Lado BSidesSP Ed. 5 - As Nove Principais Ameaças na Computação em NuvemO Outro Lado BSidesSP Ed. 5 - As Nove Principais Ameaças na Computação em Nuvem
O Outro Lado BSidesSP Ed. 5 - As Nove Principais Ameaças na Computação em NuvemAndre Serralheiro
 
Implementation of Secure Cloud data Storage –Data Transaction by Using an Ort...
Implementation of Secure Cloud data Storage –Data Transaction by Using an Ort...Implementation of Secure Cloud data Storage –Data Transaction by Using an Ort...
Implementation of Secure Cloud data Storage –Data Transaction by Using an Ort...IJCSIS Research Publications
 
Cloud-Trust—a Security Assessment Modelfor Infrastructure as
Cloud-Trust—a Security Assessment Modelfor Infrastructure asCloud-Trust—a Security Assessment Modelfor Infrastructure as
Cloud-Trust—a Security Assessment Modelfor Infrastructure asWilheminaRossi174
 
A Two Tiered Data Origin Authentication Scheme for Adhoc Network
A Two Tiered Data Origin Authentication Scheme for Adhoc NetworkA Two Tiered Data Origin Authentication Scheme for Adhoc Network
A Two Tiered Data Origin Authentication Scheme for Adhoc Networkijsrd.com
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingEfficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingIGEEKS TECHNOLOGIES
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsKamal Spring
 
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash FunctionsCRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash FunctionsJyothishmathi Institute of Technology and Science Karimnagar
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET Journal
 

More Related Content

Viewers also liked

基于Ht rca缺陷分析的测试改进-china test-张玲玲
基于Ht rca缺陷分析的测试改进-china test-张玲玲基于Ht rca缺陷分析的测试改进-china test-张玲玲
基于Ht rca缺陷分析的测试改进-china test-张玲玲drewz lin
 
移动测试中心Bmtc
移动测试中心Bmtc移动测试中心Bmtc
移动测试中心Bmtcdrewz lin
 
Agile 2012 pitfalls in agile testing - paul carvalho
Agile 2012 pitfalls in agile testing - paul carvalhoAgile 2012 pitfalls in agile testing - paul carvalho
Agile 2012 pitfalls in agile testing - paul carvalhodrewz lin
 
Minidates otv-agile2012-final hr
Minidates otv-agile2012-final hrMinidates otv-agile2012-final hr
Minidates otv-agile2012-final hrdrewz lin
 
11 exercises for part 2
11 exercises for part 211 exercises for part 2
11 exercises for part 2drewz lin
 
Testers role agile2012
Testers role agile2012Testers role agile2012
Testers role agile2012drewz lin
 
Top100summit 陈辉-游戏测试平台 策划资源文件自动化测试体系
Top100summit 陈辉-游戏测试平台 策划资源文件自动化测试体系Top100summit 陈辉-游戏测试平台 策划资源文件自动化测试体系
Top100summit 陈辉-游戏测试平台 策划资源文件自动化测试体系drewz lin
 
Dead codepresentation 0
Dead codepresentation 0Dead codepresentation 0
Dead codepresentation 0drewz lin
 
User driven development
User driven developmentUser driven development
User driven developmentdrewz lin
 
Sqale meaningful insights into your technical debt
Sqale meaningful insights into your technical debtSqale meaningful insights into your technical debt
Sqale meaningful insights into your technical debtdrewz lin
 
Servant leader greg hutchings agile 2012sm
Servant leader greg hutchings agile 2012smServant leader greg hutchings agile 2012sm
Servant leader greg hutchings agile 2012smdrewz lin
 
6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflowsdrewz lin
 

Viewers also liked (13)

基于Ht rca缺陷分析的测试改进-china test-张玲玲
基于Ht rca缺陷分析的测试改进-china test-张玲玲基于Ht rca缺陷分析的测试改进-china test-张玲玲
基于Ht rca缺陷分析的测试改进-china test-张玲玲
 
移动测试中心Bmtc
移动测试中心Bmtc移动测试中心Bmtc
移动测试中心Bmtc
 
Agile 2012 pitfalls in agile testing - paul carvalho
Agile 2012 pitfalls in agile testing - paul carvalhoAgile 2012 pitfalls in agile testing - paul carvalho
Agile 2012 pitfalls in agile testing - paul carvalho
 
Minidates otv-agile2012-final hr
Minidates otv-agile2012-final hrMinidates otv-agile2012-final hr
Minidates otv-agile2012-final hr
 
11 exercises for part 2
11 exercises for part 211 exercises for part 2
11 exercises for part 2
 
Vision tool
Vision toolVision tool
Vision tool
 
Testers role agile2012
Testers role agile2012Testers role agile2012
Testers role agile2012
 
Top100summit 陈辉-游戏测试平台 策划资源文件自动化测试体系
Top100summit 陈辉-游戏测试平台 策划资源文件自动化测试体系Top100summit 陈辉-游戏测试平台 策划资源文件自动化测试体系
Top100summit 陈辉-游戏测试平台 策划资源文件自动化测试体系
 
Dead codepresentation 0
Dead codepresentation 0Dead codepresentation 0
Dead codepresentation 0
 
User driven development
User driven developmentUser driven development
User driven development
 
Sqale meaningful insights into your technical debt
Sqale meaningful insights into your technical debtSqale meaningful insights into your technical debt
Sqale meaningful insights into your technical debt
 
Servant leader greg hutchings agile 2012sm
Servant leader greg hutchings agile 2012smServant leader greg hutchings agile 2012sm
Servant leader greg hutchings agile 2012sm
 
6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflows
 

Similar to Chapter 16 Exercises for Cryptography Concepts

Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network securityMazin Alwaaly
 
O Outro Lado BSidesSP Ed. 5 - As Nove Principais Ameaças na Computação em Nuvem
O Outro Lado BSidesSP Ed. 5 - As Nove Principais Ameaças na Computação em NuvemO Outro Lado BSidesSP Ed. 5 - As Nove Principais Ameaças na Computação em Nuvem
O Outro Lado BSidesSP Ed. 5 - As Nove Principais Ameaças na Computação em NuvemAndre Serralheiro
 
Implementation of Secure Cloud data Storage –Data Transaction by Using an Ort...
Implementation of Secure Cloud data Storage –Data Transaction by Using an Ort...Implementation of Secure Cloud data Storage –Data Transaction by Using an Ort...
Implementation of Secure Cloud data Storage –Data Transaction by Using an Ort...IJCSIS Research Publications
 
Cloud-Trust—a Security Assessment Modelfor Infrastructure as
Cloud-Trust—a Security Assessment Modelfor Infrastructure asCloud-Trust—a Security Assessment Modelfor Infrastructure as
Cloud-Trust—a Security Assessment Modelfor Infrastructure asWilheminaRossi174
 
A Two Tiered Data Origin Authentication Scheme for Adhoc Network
A Two Tiered Data Origin Authentication Scheme for Adhoc NetworkA Two Tiered Data Origin Authentication Scheme for Adhoc Network
A Two Tiered Data Origin Authentication Scheme for Adhoc Networkijsrd.com
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingEfficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingIGEEKS TECHNOLOGIES
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsKamal Spring
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET Journal
 
A Survey of the Homomorphic Encryption Approach for Data Security in Cloud Co...
A Survey of the Homomorphic Encryption Approach for Data Security in Cloud Co...A Survey of the Homomorphic Encryption Approach for Data Security in Cloud Co...
A Survey of the Homomorphic Encryption Approach for Data Security in Cloud Co...Patel Dasharathbhai
 
TAM new report
TAM new reportTAM new report
TAM new reportSuzit Punk
 
Security in Computing IT
Security in Computing ITSecurity in Computing IT
Security in Computing ITZairul Nizam
 
IRJET- Storage Security in Cloud Computing
IRJET- Storage Security in Cloud ComputingIRJET- Storage Security in Cloud Computing
IRJET- Storage Security in Cloud ComputingIRJET Journal
 
Proposed system for data security in distributed computing in using triple d...
Proposed system for data security in distributed computing in using triple d...Proposed system for data security in distributed computing in using triple d...
Proposed system for data security in distributed computing in using triple d...IJECEIAES
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingEfficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingIGEEKS TECHNOLOGIES
 
Circuit ciphertext policy attribute-based hybrid encryption with verifiable
Circuit ciphertext policy attribute-based hybrid encryption with verifiableCircuit ciphertext policy attribute-based hybrid encryption with verifiable
Circuit ciphertext policy attribute-based hybrid encryption with verifiablePvrtechnologies Nellore
 
Prevention of Cheating Message based on Block Cipher using Digital Envelope
Prevention of Cheating Message based on Block Cipher using Digital EnvelopePrevention of Cheating Message based on Block Cipher using Digital Envelope
Prevention of Cheating Message based on Block Cipher using Digital Envelopeiosrjce
 

Similar to Chapter 16 Exercises for Cryptography Concepts (20)

Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network security
 
O Outro Lado BSidesSP Ed. 5 - As Nove Principais Ameaças na Computação em Nuvem
O Outro Lado BSidesSP Ed. 5 - As Nove Principais Ameaças na Computação em NuvemO Outro Lado BSidesSP Ed. 5 - As Nove Principais Ameaças na Computação em Nuvem
O Outro Lado BSidesSP Ed. 5 - As Nove Principais Ameaças na Computação em Nuvem
 
Implementation of Secure Cloud data Storage –Data Transaction by Using an Ort...
Implementation of Secure Cloud data Storage –Data Transaction by Using an Ort...Implementation of Secure Cloud data Storage –Data Transaction by Using an Ort...
Implementation of Secure Cloud data Storage –Data Transaction by Using an Ort...
 
Cloud-Trust—a Security Assessment Modelfor Infrastructure as
Cloud-Trust—a Security Assessment Modelfor Infrastructure asCloud-Trust—a Security Assessment Modelfor Infrastructure as
Cloud-Trust—a Security Assessment Modelfor Infrastructure as
 
A Two Tiered Data Origin Authentication Scheme for Adhoc Network
A Two Tiered Data Origin Authentication Scheme for Adhoc NetworkA Two Tiered Data Origin Authentication Scheme for Adhoc Network
A Two Tiered Data Origin Authentication Scheme for Adhoc Network
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingEfficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure clouds
 
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash FunctionsCRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
 
A Survey of the Homomorphic Encryption Approach for Data Security in Cloud Co...
A Survey of the Homomorphic Encryption Approach for Data Security in Cloud Co...A Survey of the Homomorphic Encryption Approach for Data Security in Cloud Co...
A Survey of the Homomorphic Encryption Approach for Data Security in Cloud Co...
 
TAM new report
TAM new reportTAM new report
TAM new report
 
Security in Computing IT
Security in Computing ITSecurity in Computing IT
Security in Computing IT
 
IRJET- Storage Security in Cloud Computing
IRJET- Storage Security in Cloud ComputingIRJET- Storage Security in Cloud Computing
IRJET- Storage Security in Cloud Computing
 
Proposed system for data security in distributed computing in using triple d...
Proposed system for data security in distributed computing in using triple d...Proposed system for data security in distributed computing in using triple d...
Proposed system for data security in distributed computing in using triple d...
 
50120130406006
5012013040600650120130406006
50120130406006
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingEfficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing
 
Circuit ciphertext policy attribute-based hybrid encryption with verifiable
Circuit ciphertext policy attribute-based hybrid encryption with verifiableCircuit ciphertext policy attribute-based hybrid encryption with verifiable
Circuit ciphertext policy attribute-based hybrid encryption with verifiable
 
561 1530-1-pb (1)
561 1530-1-pb (1)561 1530-1-pb (1)
561 1530-1-pb (1)
 
J017667582
J017667582J017667582
J017667582
 
Prevention of Cheating Message based on Block Cipher using Digital Envelope
Prevention of Cheating Message based on Block Cipher using Digital EnvelopePrevention of Cheating Message based on Block Cipher using Digital Envelope
Prevention of Cheating Message based on Block Cipher using Digital Envelope
 

More from drewz lin

Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin
 
Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013drewz lin
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13drewz lin
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrichdrewz lin
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
 
I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2drewz lin
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfdrewz lin
 
Csrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equalCsrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equaldrewz lin
 
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21drewz lin
 
Appsec usa roberthansen
Appsec usa roberthansenAppsec usa roberthansen
Appsec usa roberthansendrewz lin
 
Appsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaolaAppsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaoladrewz lin
 
Appsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_editsAppsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_editsdrewz lin
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentationdrewz lin
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsdrewz lin
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
Amol scadaowasp
Amol scadaowaspAmol scadaowasp
Amol scadaowaspdrewz lin
 
Agile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usaAgile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usadrewz lin
 
Vulnex app secusa2013
Vulnex app secusa2013Vulnex app secusa2013
Vulnex app secusa2013drewz lin
 
基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架drewz lin
 
新浪微博稳定性经验谈
新浪微博稳定性经验谈新浪微博稳定性经验谈
新浪微博稳定性经验谈drewz lin
 

More from drewz lin (20)

Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-keary
 
Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrich
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
 
I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
 
Csrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equalCsrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equal
 
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
 
Appsec usa roberthansen
Appsec usa roberthansenAppsec usa roberthansen
Appsec usa roberthansen
 
Appsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaolaAppsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaola
 
Appsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_editsAppsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_edits
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentation
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
Amol scadaowasp
Amol scadaowaspAmol scadaowasp
Amol scadaowasp
 
Agile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usaAgile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usa
 
Vulnex app secusa2013
Vulnex app secusa2013Vulnex app secusa2013
Vulnex app secusa2013
 
基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架
 
新浪微博稳定性经验谈
新浪微博稳定性经验谈新浪微博稳定性经验谈
新浪微博稳定性经验谈
 

Chapter 16 Exercises for Cryptography Concepts

  • 1. CHAPTER 16 Exercises for Part 3 Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern, and Anita Kesavan (ISBN 1590597842; http://www.foundationsofsecurity.com). Except as otherwise noted, the content of this presentation is licensed under the Creative Commons 3.0 License.
  • 2. Conceptual Exercises  List three advantages/disadvantages of using a web of trust model vs. using a certificate authority–based trust model.  State how you can use symmetric encryption to achieve (a) authentication, (b) confidentiality, and (c) message integrity.
  • 3. Programming Problem  Extend the AESEncrypter program of Section 12.1.6 to compute and verify a MAC on the message in addition to encrypting and decrypting data. Be sure to use different keys for the encryption and MAC computations.

Editor's Notes

  1. Welcome to SEC103 on Secure Programming Techniques. In this course, I assume that you have some background in computer security, but now you want to put that background to use. For example, in the Computer Security Principles and Introduction To Cryptography courses, we cover topics such concerning trust and encryption. In this course, we put these principles into to practice, and I’ll show you have to write secure code that builds security into your applications from the ground up.