CourseWare Wiki
Search
Log In
old
courses
a4m36bis
Warning
This page is located in archive.
Differences
This shows you the differences between two versions of the page.
View differences:
Side by Side
Inline
Go
Link to this comparison view
Both sides previous revision
Previous revision
2015/12/18 09:46 stiboja2 [Points]
2015/12/18 09:35 stiboja2 [Points]
2015/12/10 13:49 stiboja2 [Points]
2015/11/22 11:28 stiboja2 [Homework:]
2015/11/12 16:23 stiboja2 [Homework:]
2015/11/05 16:09 stiboja2 [Lab 5 - 5.11.2014 - Cryptography in java + Homework : timing attack]
2015/11/05 16:07 stiboja2 [Labs 1 - 8.10.2015 - Intro, first assignment]
2015/10/30 14:01 pevnytom [Steganalysis]
2015/10/22 18:59 pevnytom [Steganalysis]
2015/10/22 18:55 pevnytom [Steganalysis]
2015/10/22 18:49 pevnytom [Steganalysis]
2015/10/15 18:37 pevnytom [Steganography/steganalysis]
2015/10/15 18:36 pevnytom [Steganography/steganalysis]
2015/10/15 14:58 pevnytom [Steganography/steganalysis]
2015/10/15 14:55 pevnytom [Steganography/steganalysis]
2015/10/15 14:46 pevnytom [Steganography/steganalysis]
2015/10/15 14:18 pevnytom [Points]
2015/10/08 15:49 stiboja2 [Points]
2015/10/08 14:51 stiboja2 [Labs]
2015/10/08 14:50 stiboja2
2015/10/08 14:49 stiboja2 [Points]
2015/10/08 14:47 stiboja2 [Points]
2014/11/20 07:33 pevnytom [Lab 5 - 30.10.2014 - Steganography part 2]
2014/11/14 14:59 stiboja2 [Requirements]
2014/11/14 14:58 stiboja2 [Security]
2014/11/14 14:58 stiboja2 [Points]
2014/11/14 14:57 stiboja2 [Requirements]
2014/11/12 09:58 stiboja2 [Homework:]
2014/11/12 09:58 stiboja2 [Homework:]
2014/11/12 09:57 stiboja2 [Homework:]
Go
Next revision
Previous revision
2015/12/18 09:46 stiboja2 [Points]
2015/12/18 09:35 stiboja2 [Points]
2015/12/10 13:49 stiboja2 [Points]
2015/11/22 11:28 stiboja2 [Homework:]
2015/11/12 16:23 stiboja2 [Homework:]
2015/11/05 16:09 stiboja2 [Lab 5 - 5.11.2014 - Cryptography in java + Homework : timing attack]
2015/11/05 16:07 stiboja2 [Labs 1 - 8.10.2015 - Intro, first assignment]
2015/10/30 14:01 pevnytom [Steganalysis]
2015/10/22 18:59 pevnytom [Steganalysis]
2015/10/22 18:55 pevnytom [Steganalysis]
2015/10/22 18:49 pevnytom [Steganalysis]
2015/10/15 18:37 pevnytom [Steganography/steganalysis]
2015/10/15 18:36 pevnytom [Steganography/steganalysis]
2015/10/15 14:58 pevnytom [Steganography/steganalysis]
2015/10/15 14:55 pevnytom [Steganography/steganalysis]
2015/10/15 14:46 pevnytom [Steganography/steganalysis]
2015/10/15 14:18 pevnytom [Points]
2015/10/08 15:49 stiboja2 [Points]
2015/10/08 14:51 stiboja2 [Labs]
2015/10/08 14:50 stiboja2
2015/10/08 14:49 stiboja2 [Points]
2015/10/08 14:47 stiboja2 [Points]
2014/11/20 07:33 pevnytom [Lab 5 - 30.10.2014 - Steganography part 2]
2014/11/14 14:59 stiboja2 [Requirements]
2014/11/14 14:58 stiboja2 [Security]
2014/11/14 14:58 stiboja2 [Points]
2014/11/14 14:57 stiboja2 [Requirements]
2014/11/12 09:58 stiboja2 [Homework:]
2014/11/12 09:58 stiboja2 [Homework:]
2014/11/12 09:57 stiboja2 [Homework:]
2014/11/12 09:56 stiboja2 [Homework:]
2014/11/12 09:55 stiboja2 [Homework:]
2014/11/07 15:25 pevnytom [Lab 5 - 30.10.2014 - Steganography part 2]
2014/11/06 18:52 stiboja2 [Lab 6 - 6.11.2014 - Cryptography in java + Homework : timing attack]
2014/11/06 18:28 stiboja2 [Lab 6 - 6.11.2014 - Cryptography in java + Homework : timing attack]
2014/11/06 16:56 stiboja2 [Homework:]
2014/11/06 16:49 stiboja2 [Lab 6 - 6.11.2014 - Cryptography in java + Homework : timing attack]
2014/11/06 16:44 stiboja2 [Lab 5 - 30.10.2014 - Steganography part 2]
2014/11/03 07:45 pevnytom [Lab 5 - 30.10.2014 - Steganography part 2]
2014/11/03 07:44 pevnytom [Lab 5 - 30.10.2014 - Steganography part 2]
2014/10/31 07:39 pevnytom [Lab 5 - 30.10.2014 - Steganography part 2]
2014/10/31 07:23 pevnytom [Lab 5 - 30.10.2014 - Steganography part 2]
2014/10/30 18:32 pevnytom [Lab 5 - 30.10.2014 - Steganography part 2]
2014/10/30 14:23 pevnytom [Lab 4 - 23.10.2014 - Steganography part 1]
2014/10/30 14:13 pevnytom [Steganalysis]
2014/10/30 14:13 pevnytom [Steganography/steganalysis]
2014/10/23 15:44 pevnytom [Steganography/steganalysis]
2014/10/23 15:43 pevnytom [Lab 3 - 9.10.2014 - Penetration testing - metasploit]
2014/10/23 15:29 pevnytom [Steganography/steganalysis]
2014/10/20 14:48 rehakmar [Lectures]
2014/10/20 14:48 rehakmar [Lectures]
Go
Last revision
Both sides next revision
courses:a4m36bis:start [2015/11/12 16:23]
stiboja2
[Homework:]
courses:a4m36bis:start [2015/12/18 09:35]
stiboja2
[Points]
Line 17:
Line 17:
| DefCon | 5 points | 3 points |
| DefCon | 5 points | 3 points |
| Timing attack | 5 points | 5 points |
| Timing attack | 5 points | 5 points |
-
| Steganography/steganalysis |
8
points | 0 points |
+
| Steganography/steganalysis |
10
points | 0 points |
| AVAST - part 1 | 2 points | 3 points |
| AVAST - part 1 | 2 points | 3 points |
| AVAST - part 2 | 2 points | 3 points |
| AVAST - part 2 | 2 points | 3 points |
Line 23:
Line 23:
^ Grade ^ Points ^
^ Grade ^ Points ^
-
| A |
21 -
22 |
+
| A | 22
- 24
|
-
| B | 18 -
20
|
+
| B | 18 -
21
|
| C | 15 - 17 |
| C | 15 - 17 |
| D | 13 - 14 |
| D | 13 - 14 |
Line 87:
Line 87:
* HARD - 7 points
* HARD - 7 points
* HARDEST - 10 points
* HARDEST - 10 points
+
+
Example how to run the HMAC verifier:
+
<code java>
+
Verifier keyCzarVerifier = new Verifier("keys"); //Directory containing a key set - for more info see JavaDoc
+
byte[] message = "Hello world".getBytes(); //original message in plain-text
+
byte[] hMAC = new byte[]{}; //HMAC signature of the message
+
boolean result = keyCzarVerifier.verify(message, hMAC);
+
</code>
Extra points (3 extra points) for performing the attack by interprocess communication (via stdin/out - class cz.cvut.keyczar.homework.VerificationServer) instead of directly calling and timing the verifier.
Extra points (3 extra points) for performing the attack by interprocess communication (via stdin/out - class cz.cvut.keyczar.homework.VerificationServer) instead of directly calling and timing the verifier.
Line 95:
Line 103:
- You can help the timing by issuing a longer sleep, but justification is required.
- You can help the timing by issuing a longer sleep, but justification is required.
- You can use keyczar bindings for another language, eg. python or C++. Make sure you’ve got the correct (vulnerable) version: revision 412. You can modify the array comparison to include a sleep or similar call.
- You can use keyczar bindings for another language, eg. python or C++. Make sure you’ve got the correct (vulnerable) version: revision 412. You can modify the array comparison to include a sleep or similar call.
-
=== Lab 6 - 12.11.2015 - Penetration testing - Intro, information gathering ===
=== Lab 6 - 12.11.2015 - Penetration testing - Intro, information gathering ===
courses/a4m36bis/start.txt
· Last modified: 2015/12/18 09:46 by
stiboja2