-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcontents.tex
126 lines (102 loc) · 4.56 KB
/
contents.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
\title{Lab: Tools of the Trade}
\subtitle{A lab on the practicalities of security}
\author{%
Daniel Bosk
}
\institute{%
Department of Information and Communication Systems\\
Mid Sweden University, SE-851\,70 Sundsvall
}
\maketitle
\section{Introduction}%
\label{sec:intro}
The main purpose of security is that it should be used in applications and
systems produced.
This laboratory assignment focuses on the practical parts of security.
You have probably read a lot about different cryptographic mechanisms,
e.g.~AES~\cite{aes} and CBC~\cite{blockmodes}.
You know that you should use huge prime numbers in RSA~\cite{rsa}, but how do
you actually choose these in practice?
In this lab you are supposed to answer questions such as this and get to know
some implementations of what you previously only knew in theory.
\subsection{Scope and Aim}%
\label{sec:aim}
The main idea of the assignment is that the participants choose different
practical issues, find solutions to them, and finally present them for the
class.
This way everyone will get knowledge of a variety of practical problems facing
developers.
The intended learning outcomes are as follows, after completion of this
assignment you will be able to:
\begin{itemize}
\input{aims.tex}
\end{itemize}
The next section covers what you must read before you understand this
assignment and how to do the work.
\Cref{sec:tasks} covers the work to be done, i.e.~how you should learn this.
\Cref{sec:exam} covers how it will be examined, i.e.~how you show that you have
fulfilled the intended learning outcomes given above.
\section{Theory}%
\label{sec:theory}
\input{literature.tex}
\section{Assignment}%
\label{sec:tasks}
Now, you should come up with a question related to practice which you would
like to have an answer for.
There are a lot of questions of this type, for example:
\begin{itemize}
\item In a Diffie-Hellman key exchange you need a generator for a group, how
do you find this one?
\item How do you choose the RSA prime factors when generating a key?
\item There is no randomness in a computer program --- since these are fully
deterministic --- but how do we then get randomness to do cryptography
using a computer?
\item How do you actually use SHA-256~\cite{shs} or bcrypt~\cite{bcrypt} to
protect a password: how should you use them, what values should you use?
\item How do you use anonymous credentials (Identity Mixer) on HyperLedger
Fabric?
\item How do you use a Trusted Execution Environment, \eg Intel SGX enclaves?
What can you do with it?
\end{itemize}
These are just examples, feel free to pick other questions.
Please discuss possible questions with the course tutor.
Remember: the questions must be oriented towards solving problems in practice.
Once you have settled for a question, post it in the course forum.
This way no one else will try to find the answer to the same question.
Now you will go find the answer of the question.
Since this is a problem about practice, this means someone has already solved
the problem.
Thus, a good place to look is probably in a related implementation, especially
in its documentation.
Here you can see how someone solved this problem, you can see references to
standards documenting how to do it --- which is a preferable source for
information.
When you have solved the problem, you should prepare a presentation for the
class.
This presentation should contain at least the following:
\begin{itemize}
\item What the question is.
\item Why this is an interesting question.
\item What the answer to the question is.
\item What you have to support your claims (preferably references to
standards, RFCs and software library documentation).
\item A short usage example (i.e.~a demo program).
\end{itemize}
\section{Examination}%
\label{sec:exam}
As you will prepare a presentation, this will be presented for the class (check
the course schedule for the date of this presentation).
You are required to have some slides to make your presentation more
comprehensible.
Your presentation should be at most 15 minutes long, and it must have some
technical depth --- in particular, you must motivate your findings.
After the presentation, you must make your presentation available for others
for future reference.
\subsubsection*{Acknowledgements}
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
Unported license.
To view a copy of this license, visit
\url{http://creativecommons.org/licenses/by-sa/3.0/}.
You can find the original source code in
\url{https://github.com/OpenSecEd/toolslab/}.
\printbibliography{}