For Recitation: Tuesday, April 4
Read "Kerberos authentication and authorization system" by Miller et al., reading #28.Your one-page reading report should address the following question. One of the main uses of an authentication system such as Kerberos is to ensure that only authorized users are able to read certain files. Knowing that Athena uses Kerberos, Ben Bitdiddle keeps his secret recipe for chocolate chip cookies in a file on Athena that only he can access. One day Ben is logged into a machine at LCS and wants to show the recipe to his friend Eva Luator, so he telnets to an Athena dialup machine, displays the secret recipe file on the screen, and logs out soon thereafter.
Ben thinks that, because of Kerberos, even someone with packet sniffers all over the MIT network could not have read his secret recipe file while he was showing it to his friend. Is he right? If so, explain how Kerberos defeats packet sniffers. If not, identify one or two ways in which someone with a packet sniffer (placed anywhere on the MIT network) could have read Ben's recipe file, and describe what additional precautions could be taken to foil the packet sniffer.
This paper on Kerberos is an important paper; read it with care: try to understand the protocols and what the line of reasoning is behind the protocols.
For Lecture, Wednesday, April 5
Read Tanenbaum Section 4.5. Read it with care, since it describes the two fundamental protection mechanisms.
For Recitation, Thursday, April 6
Read "Why cryptosystems fail" by Anderson, reading #29. It is pretty easy reading, but read it with care; he provides many interesting examples and insights. We are likely to generate more reading for this recitation, if we discover some new interesting development related to security between handing this handout and April 6. We will keep you posted.
Friday, April 7
No quiz today. Quiz II has been moved to later in the term. The new date is Friday, April 21. Of course, you are welcome to review the material so far on your own.
For Lecture, Monday, April 10
The last lecture on security. Read Appendix 6.A from reading #30, "The protection of information in computer systems" by Saltzer and Schroeder. Appendix 6.A consists of the pages 6-34 to 6-47; the page 6-40 to 6-47 are missing from the readings; we will distribute them as handout #18.