Saturday, July 28, 2007
ACG assignment
(found by Zhan Hong and his group)Site about the main threat of diffie-hellman(man-in-the-middle):
http://gauss.ececs.uc.edu/Courses/C653/PPT/dh.pdf
(found by me =X)Site about packages and tools for encryption:
http://java.sun.com/javase/6/docs/technotes/guides/security/
Focus on "API Specification>General Security" to see packages
and "Tools" for important tools like keytool.
(found by Zhan Hong and his group)Site about overall diffie-hellman:
http://en.wikipedia.org/wiki/Diffie-Hellman
Inside "Description>chart" segment has good information.
And i think that both CA and Digital Signature must be implemented to prevent man-in-the-middle attack... not very sure... =X
_______________________________________________________
Some questions which i asked lecturer are:
1. Can we make the application 2 way?
Of couse, you can. That is the whole idea. If make 2-way, that is ideal situation.
2. Inside Report Requirements, point number 4, "Handouts (or print-outs) of presentation slides on your findings." Is this same as presentation slides?
The group supposed to demo their project. Therefore you need to prepare the powerpoint slides. The presentation is to highlight "why you implement your solution with justification". Your powerpoint should be ready and submit together with your report. The powerpoint should be used for your presentation.
3. Inside Report Requirements, point number 6,
"Avoid mentioning high tech, sophisticated attacks using technology."
Say, you want to ensure integrity. This is how you do it... blah blah.
Say, you want to ensure confidentiality. This is how you do it in your application... blah blah
So don't mention very COMPLEX stuff... such as session highjacking.... syn attack...
3. Does this mean that we should only focus on "man-in-the-middle" attack and other basic flaws in the system?
You can mentioned man-in-the-middle attack, but i am more interested in your justification and how you implement it.
4. About learning reflection, are we supposed to do 1 for each member or submit 1 as a group?
Individual.
5. How do we do peer evaluation?
Just create a table and give a score out of a scale of 10 for each member. Rank them. Please don't give me all with 10 points.
Answers are in exact quotes... only changed the questions abit to look shorter...
_______________________________________________________
(found by Jack and his group)From a piece of print out during acg class(about the 3 types of diffie-hellman)
The current codes is "Anonymous Diffie-Hellman", the ideal situation should be to make it into a "Ephemeral Diffie-Hellman" which includes signing with RSA keys and certificate authentication.(Digital Signature and use of CA)
http://gauss.ececs.uc.edu/Courses/C653/PPT/dh.pdf
(found by me =X)Site about packages and tools for encryption:
http://java.sun.com/javase/6/docs/technotes/guides/security/
Focus on "API Specification>General Security" to see packages
and "Tools" for important tools like keytool.
(found by Zhan Hong and his group)Site about overall diffie-hellman:
http://en.wikipedia.org/wiki/Diffie-Hellman
Inside "Description>chart" segment has good information.
And i think that both CA and Digital Signature must be implemented to prevent man-in-the-middle attack... not very sure... =X
_______________________________________________________
Some questions which i asked lecturer are:
1. Can we make the application 2 way?
Of couse, you can. That is the whole idea. If make 2-way, that is ideal situation.
2. Inside Report Requirements, point number 4, "Handouts (or print-outs) of presentation slides on your findings." Is this same as presentation slides?
The group supposed to demo their project. Therefore you need to prepare the powerpoint slides. The presentation is to highlight "why you implement your solution with justification". Your powerpoint should be ready and submit together with your report. The powerpoint should be used for your presentation.
3. Inside Report Requirements, point number 6,
"Avoid mentioning high tech, sophisticated attacks using technology."
Say, you want to ensure integrity. This is how you do it... blah blah.
Say, you want to ensure confidentiality. This is how you do it in your application... blah blah
So don't mention very COMPLEX stuff... such as session highjacking.... syn attack...
3. Does this mean that we should only focus on "man-in-the-middle" attack and other basic flaws in the system?
You can mentioned man-in-the-middle attack, but i am more interested in your justification and how you implement it.
4. About learning reflection, are we supposed to do 1 for each member or submit 1 as a group?
Individual.
5. How do we do peer evaluation?
Just create a table and give a score out of a scale of 10 for each member. Rank them. Please don't give me all with 10 points.
Answers are in exact quotes... only changed the questions abit to look shorter...
_______________________________________________________
(found by Jack and his group)From a piece of print out during acg class(about the 3 types of diffie-hellman)
The current codes is "Anonymous Diffie-Hellman", the ideal situation should be to make it into a "Ephemeral Diffie-Hellman" which includes signing with RSA keys and certificate authentication.(Digital Signature and use of CA)
posted by DISM 1B02 at
1:44 PM
0 Comments
