instructor home

attacking security systems (600.412)

about this course

This course serves as an introduction to how security systems are broken in the real world. Topics include software flaws and reverse-engineering, protocol analysis and the misuse of cryptography, side channel attacks, and attacks on physical security measures such as locks and tamper-resistant devices.

Each week we will tackle a particular class of security problem, starting with a discussion of the theory behind each of the attacks. The bulk of the class will focus on real-life case studies; specifically, we will be interested in how each attack has been used to break deployed systems and what lessons we can learn from each failure.

logistics

• Instructor: Adam Stubblefield (astubble@)
• Course time: MTW 2-3 (n.b. time change)
• Course location: Shaffer 100 (n.b. location change)
• Office hours: TW 3:30-4:30 or by appt.

prerequisites

The formal prequisite for the course is any of the 400-level security courses. However, any student with a background in security is welcome. If you are considering taking the course, but have not fulfilled the prerequisites, please email the instructor at astubble@ with a little about your background.

More precisely, students should have a foundation in most of the following areas:

• Interpreting the meaning of programs in assembly language (either x86 or MIPS) and C(though no large coding efforts will be required)
• Computer architecture (especially how programming language function calls are implemented and how memory is organized)
• Computer networks, specifically the TCP/IP network stack
• Cryptographic primatives such as one-way functions, encryption functions (block ciphers and public-key systems), and pseudorandom number generators
• Very basic number or group theory

course requirements

The course grade will be based on two take-home examinations, each approximately 3-4 hours in length. The first exam will be distributed on the second Wednesday of the course (2/4) and will be due in class the following Monday (2/9). The second (comprehensive) exam will be distributed on the last day of class (2/18) and will be due by 3:00 PM on the following Monday (2/23).

Though reading assignments from the textbook, relevant research papers, and online versions of the lecture slides will be made available, these resources are not guaranteed to cover all material presented in class. Class attendance is almost certainly a good idea.

course text

The recommended course text is Ross Anderson's Security Engineering. Suggested readings that correspond to each week's lectures are listed in the syllabus below.

For the interested student, the following books provide different treatments of many topics covered in the course:

• Practical Cryptography
• Building Secure Software
• Firewalls and Internet Security

syllabus

(Papers listed in the syllabus provide extra information on attacks covered in class. They are provided for interested students, but are not required reading.)

Week 1:	Software flaws and reverse engineering (Anderson, Chapter 4) Some topics were not covered due to snow day Decompilation and reverse engineering Locating cryptographic operations and keys (PDF) Exploiting buffer overflows (TXT) Exploiting heap-based memory corruptions (TXT)
Week 2:	Protocol Analysis and the Misuse of Cryptography (Anderson, Chapters 2 and 5) Man-in-the-middle attacks (PS) Version rollback attacks (PDF) The pitfalls of nonces, sequence numbers, and time-stamps (PDF) Misuse of cryptographic primitives (PDF | PDF) Attacks on composition of primitives (PDF)
Week 3:	Side Channel Attacks (Anderson, Chapter 15) Power attacks (PDF) Timing attacks (PDF) TEMPEST/EM attacks (PDF) Reaction attacks (PDF)
Week 4:	Attacks on Physical Security (Anderson, Chapter 14) Data remanence (PDF) Fault injection (PDF) Pin-tumbler lock-picking Master keying (PDF)
Bonus Week:	Full Attacks Diebold Voting Systems (HTML) Denial of Service via Algorithmic Complexity Attacks (HTML)

lectures

The course lectures are available as Quicktime files:

• Lecture 1: "That's their job." (Introduction, 1.7MB)
• Lecture 2: "We're not learning the lessons of the past." (Software, 2.9MB)
• Lecture 3: "The generation of random numbers is too important to be left to chance" (PRNG, 2.2MB)
• Lecture 4: "Good order is the foundation of all things." (Composition of Primatives, 2.1MB)
• Lecture 5: "Anyone who thinks his problem can be solved by cryptography..." (Modes of Operation, 1.5MB)
• Lecture 6: "We must use time as a tool, not as a crutch." (Timing Analysis, 1.3MB)
• Lecture 7: "Knowledge is power and power is knowledge." (Power and EM Analysis, 2.2MB)
• Lecture 8: "A man's silence is wonderful to listen to." (Reaction Attacks, 4.4MB)
• Lecture 9: "Like taking candy from a baby." (Physical Hardware Security, 2.5MB)
• Lecture 10: "Every lock can be picked with a big enough hammer." (Lock picking, not online)

exams

• Exam 1: (PDF) (Solutions)
• Exam 2: (PDF) (Solutions)