An introduction to Security Engineering, including how we think in this area, and how case studies help us develop a coherent way of thinking. We also look at the history of hacking.
A primer on how humans are unreliable when it comes to emotions and trust. Confidentiality, Integrity and Authentication are three key aspects to security, and we discuss how old ciphers let us have some confidentiality.
Risk is a large part of security, especially events that have high risk and low probability. We also observe Merkle's public key cryptography and the Diffie-Hellman Key Exchange.
We highlight again the weaknesses of humans, and how training and drilling is key to preventing human error. Message integrity from hashing is discussed, and pre-image, collision and second pre-image attacks show how they are weak.
We look at vulnerabilities, bugs and exploits and examples of various types of them. Assets form a key part in determining what level of security we want in a system.
This week, more awesome ciphers like the Feistal network, and guest speaker Finbar speaks about red teaming and different types of stack vulnerabilities.
Information about how 'top men' should never be trusted, and different ways of attacking - side-channel attacks and how information leaks very easily. We also discuss how RSA works.
We now look at how people can authenticate themselves - through something we have, something we are, and something we know. We also look at two authentication protocols - S/Key and SKID.
We continue our conversation on authentication for the larger community, and the use of Certificate Authorities and the Web of Trust. We also look at time of check/time of use errors, and perfect forward secrecy.
A case study on WannaCry, followed by more on time and knowledge. We propose the Zero Knowledge Protocol - a way of convey a prover possess some knowledge, without sharing that knowledge.
A look into how we respond to incidents, followed by the benefits and risks to personal privacy. It is followed by notes from two guest speakers: the Privacy Commissioner and her role in working with companies to prevent privacy breaches, and three Westpac Red-Teamers, who discuss their attack strategies.
Finishing off the semester with information about whistleblowers and sharing internal secrets. We then had two guest speakers who shared their thoughts on bug bounties and vulnerability disclosure.