Introduction to Security & Class Mechanics - Luke Anderson 1st March 2019 University Of Sydney - ELEC5616

Page created by Benjamin Mccormick
 
CONTINUE READING
Introduction to Security & Class Mechanics - Luke Anderson 1st March 2019 University Of Sydney - ELEC5616
Introduction to Security &
Class Mechanics

Luke Anderson
luke@lukeanderson.com.au

1st March 2019

University Of Sydney
Overview

  1. Class Mechanics
  1.1 The Lecturer
  1.2 Overview
  1.3 Mechanics
  1.4 Assessment
  1.5 Expectations
Class Mechanics
About Me

  Luke Anderson - Lecturer

   # Security lecturer at USYD & previously UTS.
   # Director of Sigma Prime
   # Previously:
         ◦ PhD Candidate @ USYD - researching blockchain technology.
         ◦ Security Engineer @ Freelancer.com
         ◦ Tech. Lead @ Hagglr (web startup)

  B.I.T. (Hons) / B.Sc (adv.) @ Sydney University
  Double Degree in Computer Science + Physics
Contacting Luke

   Luke Anderson - Lecturer

   The best way to get in touch with me is via e-mail:

                       luke@lukeanderson.com.au

    Check yo’ spam!
    Luke’s domain has SPF, DKIM, and DMARC enabled.
    If you configured your university e-mails to forward to a different inbox,
    DKIM will be broken. This will cause Luke’s e-mails to end up in your
    spam folder.
    Make sure you whitelist Luke’s e-mail address!
Overview

           elec5616.com
Course Mechanics

   One 2 hour Lecture per Week - Friday 15:00

   One 2 hour Lab per Week - Tuesday or Friday 12:00
Assessment

    # Quizzes - 2.5% total
    # Project - 25%
      Involves programming!
            Part 1: 9% – Due Week 6 (5th April)
            Part 2: 9% – Due Week 8 (19th April)
            Part 3: 7% – Due Week 11 (17th May)
    # Assignment - 10% (Week 12/13)
    # Wargames - 12.5% (Week 13)
    # Exam - 50%
Expectations

    # All lectures are compulsory
    # All labs are compulsory
    # Attendance below 50% is grounds for failure
    # It is your responsibility to make up for missed classes
Programming

                 No complaints if you can’t program
     Programming is fundamental for this course and your future career.

  It is 2019.
  If you can’t program by the time you leave university you will be road kill
  in the real world.

   Learn Programming Now
   You can learn to program during this course!
   We will spend the first few weeks ensuring everyone is up-to-speed.
   Get started now, there are lots of resources online.
   Try: groklearning.com
Project: Defeating Skynet

   It’s 2019. Almost every device has a CPU in it and is connected to the
   Internet. Whilst this is a stunning advance for humanity, the security for
   these devices has come as an afterthought or not at all. Millions of
   computers and devices, all with valuable information and processing
   power, are left vulnerable to attack.
   Blackhats, and even possibly governments, have created viruses, worms
   and other dastardly schemes to mine for information and turn a profit
   using these weaknesses.
Project: Defeating Skynet
   In this project, we’ll be specifically looking at why botnets can be
   valuable and why its so difficult to defeat them.

   Botnets perform various tasks including but not limited to:
    #   Stealing confidential information (passwords, banking details, etc.)
    #   Sending spam email
    #   Distributed Denial of Service (DDoS) against chosen websites
    #   Mining for CryptoCurrency
    #   Providing a secure proxy network for other illegal enterprise
   You are to work in teams of 2 or 3 in the labs.

   This project will run all semester long and be in three parts.
   Part one you will play the role of a blackhat and implement a
   cryptographic protocol for your botnet to communicate using:
    #   strong cryptography
    #   key exchange
    #   message tampering resistance
    #   replay attack resistance
Wargames

  WarGames consists of a set of problems, or challenges.

  Challenges can be done individually or in teams
       (max: 4, can be different from project)
  Some challenges are easy, some are near-impossible. It’s up to you to
  choose the right challenges.
  There will be some cool prizes for the winning team, and getting the
  marks for wargames helps with the $1,000 CBA Cyber Prize.
  Due: Midnight, Thursday before last lecture in week 13. Yes, midnight
  exactly.
Wargames Marking

  Each challenge is worth a different number of points based upon difficulty.

  There are several types of challenges that include:
  Single Solution: Points decay as more people get it correct. If you
                cheat and tell other teams the answer, you will all get
                lower scores.
  Infinite Solutions: There may be an infinite number of solutions! The
                 best solution gets the highest points. You may submit
                 multiple solutions as you find better answers.
                 Yes, this class is responsible for the secret load that suddenly
                 hits the computer labs at the end of semester.

  Your team’s final mark will be scaled against the other teams competing
  in the Wargames, with a threshold to make the resulting marks fair.

  Some tasks do have a first‐mover advantage, so be sure to pay attention
  when challenges are released. These will be announced ahead of time.
Wargames Rules

   # No attacking / breaking into the Wargames website
     This rule has been revoked, have at it.
     However, destructive actions to the system will result in a score of zero!

   # No breaking the law (obviously)
   # No signing up under multiple teams
   # No destructive behaviour (e.g. no DoS – that’s not cool)
   # High‐value questions must be accompanied by an explanation of how
     it was solved, and must have been done fairly, to retain the points.
Course Assistance

   Lectures, projects, assignments and notices can be found at both:

       https://elec5616.com/ OR https://canvas.sydney.edu.au/

   The discussion board is available via Ed, where lecturers, tutors, and
   studnets can answer questions:

                https://edstem.org/courses/3480/discussion/

   (you will receive an invite e‐mail at your university e‐mail address)

   Failing that, e‐mail also works:
            Tutor: arob8086@uni.sydney.edu.au
        Lecturer: luke@lukeanderson.com.au
You can also read