On the Second Day of the 4th Regional Electronic Security Forum you are invited to participate to the expert Training Workshop organised in collaboration and under the scientific guidance of the Athens Information Technology – AIT. Register for 6 single-track lectures on dedicated practical topics that include:
• Cryptography and the Internet: Start by introducing basic concepts of cryptography (public/symmetric key cryptography, message authentication codes, signatures, etc.) along with the security properties they achieve and then continue with necessary requirements to make cryptography possible. Conclude by considering the penetration of cryptography in the Internet.
• Real world security protocols: Dissect three popular protocols used to secure today’s Internet communications, namely SSL, IPSEC, and KERBEROS. SSL’s lack of transparency limits it primarily to HTTP web services and some e-mail systems. IPSEC on the other hand operates at the Internet layer offering transparent layer security to all layers above it. This includes all TCP and UDP traffic as well as application layer messages. Finally, KERBEROS is a distributed architecture that provides a solution to the Single Sign On problem. Describe the benefits of each with emphasis on the services they provide rather than their low-level details.
• WEP and WPA: Outline the serious security flaws in the protocol, stemming from misapplication of cryptographic primitives in the Wired Equivalent Privacy (WEP) protocol used by the 802.11 standard for wireless networks. The flaws demonstrate that WEP fails to achieve its security goals, offering limited protection to the users of wireless services. Conclude with a look at modern standards offering significantly better security than WEP.
• Semantic attacks-Phishing: Bruce Schneier categorizes methods for attacking computer networks in waves of increasing sophistication and abstraction: Physical attacks. Syntactic attacks and Semantic attacks, which target the way we, as humans, assign meaning to content, e.g. Phishing. Describe various attack techniques used by phishers to elicit personal or sensitive information, study possible countermeasures and develop a set of hypotheses about how users are deceived. Conclude with a test, asking participants to determine if a site or email is real or fraudulent.
• Federated Identity Management: Federated identity management lets users dynamically distribute identity information across security domains, increasing the portability of their digital identities. It also raises new architectural challenges and significant security and privacy issues. Provide a range of perspectives on identity management systems and review three models of federated identity SAML, OpenID, and Cardspace. Examine usability challenges for identity management systems, including flaws and risks related to design and deployment.