Colorado School of Mines: Develop a Repository of Online User Authentication Security Lab Exercises

Colorado School of Mines
Undergraduate and Graduate level.
“Develop a Repository of Online User Authentication Security Lab Exercises.”

The course materials described below are available via the Cyber Curriculum Library online portal - CLICK HERE TO LOGIN.

Topics and Subtopics include:

“Password Strength Lab Exercises” with emphasis on offensive and defensive perspectives including John the Ripper, password files generated from hash algorithms, evaluation and comparison of cracking times for weak and strong passwords, and understanding of password length, complexity, and unpredictability in passwords. In addition, creation of client-side and server-side password checkers, and proactive password checking techniques are focused on.

“Password Reuse Lab Exercises” with emphasis on client-side solutions and password managers.

“Phishing Lab Exercises” with emphasis on offensive and defensive perspectives including student creation of phishing sites, Extended Validation certificate application and deployment processes, and phishing detection and warning mechanisms in popular browsers.The creation of videos explaining phishing warning and EV certificates is also part of this lab.

“Password Storage Lab Exercises” with emphasis on server-side and client-side password storage techniques, salted hashing, experimental user authentication servers, and verification and observation of vulnerabilities in password managers.

And “Multi-factor User Authentication Lab Exercises” with emphasis on 2-step verification, universal second factor protocol, analyzing advantages of different design approaches including convenience and cost, as well as disadvantages of each approach including trade-offs between security and usability, whether saving verification codes to a browser as a persistent cookie is advisable, extending password-based user authentication component o fa simple Web application by adding U2F functionalities such as public key registration, challenge generations and digital signature verification.

NCWF Categories included:

Securely Provision (SP)

NCWF Specialty Areas included:

Software Development (DEV)

Systems Development (SYS)

NCWF KSAs included:

K0001: Knowledge of computer networking concepts and protocols, and network security methodologies.

K0004: Knowledge of cybersecurity and privacy principles.

K0005: Knowledge of cyber threats and vulnerabilities.

Summary:

Five lab exercises total. Lab exercises and quizzes are included in this curriculum. These lab exercises are designed to be incorporated into other curricula.