COMP715/815GB:2013 A Team


 * Home
 * [A Team (Robert)]
 * Gold Team (Daniel)
 * Team One (James)
 * Team Memorable (Gabriel)

Info

 * Planned Meeting Times:
 * Mondays 6:30pm - 7:30pm


 * Group leader:
 * Robert
 * Students:
 * Brian
 * Bego
 * Forrest
 * Melissa M
 * Joshua
 * Justin

Week of Sept 11th
Meeting Time/Location:
 * 7:15 PM (during class break)/Pandora 132

Agenda:
 * 1) Decide upon easiest/most effective communication tools
 * 2) Review class deliverables/topics - attempt to gauge individual member's familiarity with such. Intent is to identify course topic areas that would benefit from shared research prior to.
 * 3) Decide upon basic workflow.

Discussion
 * 1) Email and google docs
 * 2) Not discussed - Bob will propose prior to next mtg.
 * 3) Bob plans upon proposing an agenda prior to each meeting - for member review/contribution. Meeting notes will be taken and distributed for review.

Week of Sept 16th
Meeting Time/Location: 9/16/13 6:30 PM/Pandora 127

Agenda (proposed topics):
 * 1) General discussion – study group approach, methods, etc.
 * 2) Homework 1 - general status of progress, pain points
 * 3) Course topics/syllabus review - note questions/possible clarifications
 * 4) Discuss/note helpful resources

Topics Discussed/Noted: Several members were unable to attend. Mtg duration ~45 min.
 * 1) Consider Google hangouts for future meetings - need input from more members
 * 2) Brief review of homework expectations - reviewed in summary individual progress. Most discussion was about lab exercise: a) discussed expectations regarding handling of string vs int as password b) hash function proposed for both - discussed team member's solution c) hash reviewed in more detail on white board - see image file
 * 3) Not covered
 * 4) Question raised about available Javascript debugger. The understanding is that use of an IDE is strongly discouraged. Firebug was mentioned as a possible debug tool.

Week of Sept 23th
Meeting Time/Location: 9/16/13 6:30 PM/Pandora 127

Agenda (proposed topics):
 * 1) Homework 1 review: discussion and lab sections.
 * 2) Book chapters 1 and to review (if/as needed).
 * 3) Discuss/note helpful resources

Topics Discussed/Noted: One member was unable to attend. Mtg duration 1 hour
 * 1) Homework 1 review: a) Discussed password hashing function - 'called' from encrypt/decrypt. b) Reviewed random number generator as detailed in "Random.pdf" on course site - values of N, P1 and P2 defined. c) Discussed rationale of multiplying index in for loop - provide a weight to each letter. d) Brief discussion about Rainbow tables and their use in decrypting a hash
 * 2) Minimal discussion
 * 3) Several resources identified

Week of Sept 30th
Meeting Time/Location: 9/30/13 6:30 PM/Pandora 127

Agenda (proposed topics):
 * 1) Homework 2 review: discussion and lab sections.
 * 2) Discuss/note helpful resources

Topics Discussed/Noted: Several members were able to attend. Mtg duration 2 hours.
 * 1) Homework 2 review: a) Reviewed lab requirements of multi-pass encryption; adding text box for input of pass count. The understanding is that this input value must be reconstructed into 3 unique values. Members could not determine effective solution - decided to wait for clarification in class two days hence b) Spent majority of extended meeting time on discussion question #2: 5-number bike  lock. Used binary combination (e.b. ABC, ACB, BAC, BCA, etc.) technique to determine remaining combinations after each "try"; finally resulting in realization (agreement upon) that a function often used in combinatorics can be applied.
 * 2) Several resources accessed

Week of Oct 7th
Meeting Time/Location: 10/7/13 6:30 PM/Pandora 127

Agenda (proposed topics):
 * 1) Homework 2 review: discussion and lab sections.
 * 2) Discuss/note helpful resources

Topics Discussed/Noted: Six of seven members were able to attend. Mtg duration 1 hr. and 40 min.
 * 1) Homework 2 review
 * Discussion topics
 * Lock bumping -how could pins of pin tumbler lock technology be modified to prevent lock bumping?
 * Reviewed mechanics of pin tumbler lock bumping on white board. Assumptions: no additional pin locations nor change in basic lock design. Discussed that bumping attempts to transfer vibration (force) to underside of pins to move and keep pin bottom above shear line. Possible modification to pin (design) discussed so that at least one pin reacts differently (than other pins) to force, e.g. a) pin size/shape to create/reduce friction, B) pin material to absorb/distribute force (dynamic varying of pin length as reaction to force).
 * 5 number bike lock -
 * Reviewed approach discussed during 9/30 mtg - determine remaining combinations after each "try". Revisited requirements - determine maximum number of attempts to open lock, use hint of showing how many tries for 4 keys and one unknown. Unable to determine/agree upon sufficient mathematical representation. Discussed other means of satisfying requirement.
 * Windows event viewer - minimal discussion, no issues
 * Describe how salting a password improves security. How much does it improve given 500k dictionary and 16-bit salt?
 * Reviewed that salt concatenated with password then processed by hash. Discussed possible amount of keys for each password by adding salt. Essentially every combination is appended - book has relevant example.
 * Lab questions:
 * Briefly discussed -
 * Reviewed multi-pass encryption and possible solution to create function to handle # of times on encrypt/decrypt

Week of Oct 14th
Meeting Time/Location: 10/14/13 6:30 PM/Pandora 127

Agenda (proposed topics):
 * 1) Homework 3 review: discussion and lab sections.
 * 2) Discuss/note helpful resources

Topics Discussed/Noted: Five of seven members were able to attend. Mtg duration 1 hr.
 * 1) Homework 3 review
 * Discussion topics
 * Packet Sniffing: Wireshark (downloaded, installed, presented). Discussed objective of question/answer - Research/describe two other free similar tools. Compare/contrast all three.
 * Port scanning/sniffing. Reviewed (downloaded, installed, presented) "Advanced Port Scanner"
 * Lab questions:
 * Briefly discussed -
 * Group decided that more instruction/description of this portion of the assignment was needed. Expect this to be covered in upcoming class.

Week of Oct 21st
Meeting Time/Location: 10/21/13 6:30 PM/Pandora 127

Agenda (proposed topics):
 * 1) Mid-term exam review.
 * 2) Discuss/note helpful resources

Topics Discussed/Noted: Four of seven members were able to attend. Mtg duration 1 hr. 35 min.
 * 1) Mid-term exam review
 * Discussion topics
 * Book chapters 1 - 4 review:
 * Located online pdf presentations provided by book author. Used these while referencing class notes to review and discuss possible exam questions/intent.
 * Reviewed -
 * Security: CIA goals and tools that support. Security concept AAA. Threats and attacks. Ten security principles (could not confirm from notes that all were covered in class). Access Control - matrices, lists, capabilities, role-based. Cryptographic concepts/system - symmetric, public key, digital signatures, hash, MAC.
 * Authentication: Barcodes, smartcards, biometrics.
 * Direct attacks.
 * Locks and Keys: Destructive/non entry. Lock types. Lock compromising. Number/possibility of combinations.
 * Buffer overflow: Attacks/exploits. Stack, heap. Virtual memory. Shell coder injection (covered?). How and why overflow happens, mitigation.
 * File system security: ACE, ACL, DAC (covered?). Unix, Linux, Windows. Octal notation (covered?).
 * Operating systems: Kernel. I/O. Process calls. File systems/permissions. Memory management. Paging. Virtual machines.
 * Oper Sys Security: Boot sequence. Memory, filesystem security. Dictionary attack. Password salt (incl. search space).
 * Malware: Viruses, worms, trojans, rootkits. Backdoors, logic bombs. Virus phases. Malware financial impact. Detection.
 * Lab material on exam:
 * Briefly discussed possible questions.

Week of Oct 28th
Meeting Time/Location: 10/28/13 6:30 PM/Pandora 127

Agenda (proposed topics):
 * 1) Homework review.

Topics Discussed/Noted: Four of seven members were able to attend. Mtg duration 1 hr. 20 min.
 * 1) Homework review
 * Discussion topics
 * Worm and Virus attacks examples - brief review.
 * Revisited functionality of Wireshark. Discussed other packet and port scanning tools members had researched.
 * Lab material discussion:
 * Began with process - generate unique value from password, generate a checksum from the message.
 * Some questioning regarding whether need to encrypt again using same password.
 * Signature: will increase as message increases. Reviewed Prof Jonas' class example -
 * Could use:
 * digSign = encrypt(key , str)
 * keeps characters in a certain range
 * checksum of message returns integer used as key
 * Correlation with password not lenth of message
 * When decrypt, using seed of “text”
 * Modulus wraps around

Week of Nov 4th
Meeting Time/Location: 11/4/13 6:30 PM/Pandora 127

Agenda (proposed topics):
 * 1) No meeting - Robert unavailable. Attempted,to reschedule using Google hangouts - unsuccessful.

Week of Nov 11th
Meeting Time/Location: 11/11/13 6:30 PM/Pandora 127

Agenda (proposed topics):
 * 1) Homework and Project Proposal progress.
 * 2) No meeting - holiday. Meeting schedule issue - assumed campus open. Attempted to find alternative location w/out success. However, did meet with one member online and assisted with homework.

Week of Nov 18th
Meeting Time/Location: 11/18/13 6:30 PM/Pandora 127

Agenda (proposed topics): Topics Discussed/Noted: Four of seven members were able to attend. Mtg duration 1 hr. 10 min.
 * 1) Homework review
 * 1) Homework review
 * Hint: Veni, Vidi, Vici - I came, I saw, I conquered (attr. Julius Caesar). Discussed possible cypher. Reviewed different approaches to solution, including Excel.

Week of Nov 25th
Meeting Time/Location: 11/25/13 6:30 PM/Pandora 127
 * 1) No meeting - five of seven members unable to attend (Thanksgiving plans)

Week of Dec 2nd
Meeting Time/Location: 12/2/13 6:30 PM/Pandora 127 - FINAL MEETING

Agenda (proposed topics):
 * 1) Discuss possible exam topics.
 * 2) General progress of Hwk#5

Topics Discussed/Noted: Six of seven members were able to attend. Mtg duration 2 hr. 10 min.
 * Final review
 * Located online pdf presentations provided by book author (ch. 5 - 7). Used these while referencing member class notes and Prof Jonas' notes to review and discuss possible exam questions/intent.
 * Example of items reviewed:
 * Five network layers, TCP/UDP, Sniffers, Firewalls (rules), Web Security (HTTPS, SSL), Tunneling (SSH, VPN), Threats/Attacks (session highjacking, DNS, phishing/pharming, cross site scripting, intrusion detection (types).
 * Homework review
 * Revisited briefly (~20 min.)