Final Study Guide

This is simply a guide of topics that I consider important for the final. I don't promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these, as well as anything we discussed in class or that is in the reading.

1. Anything from the Midterm Study Guide
2. Cryptography
   1. Types of attacks: ciphertext only, known plaintext, chosen plaintext
   2. Cæsar cipher, Vigenère cipher, one-time pad, DES
   3. Public key cryptosystems; RSA
   4. Confidentiality and authentication with secret key and public key systems
3. Key Distribution Protocols
   1. Kerberos and Needham-Schroeder
   2. Certificates and public key infrastructure
4. Passwords (selection, storage, attacks, aging)
   1. One-way hash functions (cryptographic hash functions)
   2. UNIX password scheme, what the salt is and its role
   3. Password selection, aging
   4. Challenge-response schemes
   5. Attacking authentication systems: guessing passwords, spoofing system, countermeasures
5. Identity
   1. UNIX real, effective, saved, login UIDs
   2. Host names and addresses
   3. Cookies and state
6. Access Control
   1. ACLs, C-Lists, lock-and-key
   2. UNIX protection scheme
   3. Multiple levels of privilege
   4. MULTICS ring protection scheme
7. Computerized Vermin
   1. Trojan horse, computer virus
   2. Computer worm
   3. Bacteria, logic bomb
   4. Countermeasures