Date Topic Readings Notes
Aug 16
Aug 21
Introduction (slides)
  • Homework 1 (part 1) assigned; due Aug 28 at 11:55pm
Aug 23
Introduction and Research Methods (slides)
  • Security Engineering, Chapter 1 (link)
  • Ken Thompson, Reflections on Trusting Trust. Turing Award Lecture, 1983. (link)
  • Michael J. Hanson, Efficient Reading of Papers in Science and Technology. University of Washington, 1989. (link)
  • [Optional Deep Dive] Elizabeth Pain, How to (Seriously) Read a Scientific Paper, 2016. (link)
Aug 28
Research Methods + Crypto Intro (slides)
  • Security Engineering, Chapter 5.1-5.5 (link)
  • Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security CCS '93. (link)
Aug 30
Symmetric Crypto (slides)
  • Review Security Engineering, Chapter 5.1-5.5 (link)
Sep 4
No Class -- Labor Day
Sep 6
Hashes and Message Authentication (slides1)
  • Security Engineering, Chapter 5.6 (link)
  • Network Security (KPS) 5.1, 5.2, and 5.7 (link)
Sep 11
Hashes and Message Authentication (Continued) (slides2)
  • Homework 2: Crypto Programming Assignment Assigned. Due 10/2/17
Sep 13
Project "Speed Dating"
  • TBA
  • Project Proposals assigned; due Sep 20 at 11:59pm
Sep 18
Public Key Cryptography (slides)
  • KPS Chapter 6 (Sections 6.5, 6.7 and 6.8 are optional) (link)
  • [*Optional Deep Dive*] D. Boneh. Twenty years of attacks on the RSA cryptosystem, Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999) (link)
Sep 20
Key Agreement and PKI (slides)
  • KPS Chapter 15 (Sections 15.6--15.8 optional) (link)
  • Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure (link)
Sep 25
Research Methods 2 (slides)
  • Catch up on reading from previous classes. (Especially PKI class)
  • Related Work assigned. Due October 9.
Sep 27
User Authentication (slides)
  • The science of password selection, Troy Hunt (link)
  • Biometrics, Wikipedia (link)
  • The Quest to Replace Passwords, Bonneau et al. (link)
Oct 2
Authentication Protocols (slides)
  • Gavin Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters. Volumne 56, Issue 3, November 1995. (link)
  • Designing an Authentication System: A Dialogue in Four Scenes (link)
  • [*Optional*] B. Clifford Neuman and Theodore Ts'o, Kerberos: An Authentication Service for Computer Networks. IEEE Communications, 32(9):33-38. September 1994. (link)
  • [*Optional*]: KPS Chapter 13 (link)
Oct 4
Access Control (slides)
  • Operating Systems Security, Chapters 1, 2 (link)
Oct 9
Operating System Security (slides)
  • (Part 1A only!) J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link)
Oct 11
Exam Review + Research Methods 3 (slides)
  • Methodology Assigned. Due 10/30.
Oct 16
Midterm Exam
Oct 18
Web Security (slides)
Oct 23
TCP/IP Security (slides)
  • Security Problems in the TCP/IP Protocol Suite. Steven M. Bellovin, in Computer Communications Review 2:19, pp. 32-48, April 1989. (link)
  • Class will be recorded and posted on line. No in-person class today.
Oct 25
Routing (slides)
  • Sharon Goldberg. "Why is it Taking So Long to Secure Internet Routing?" (link)
Oct 30
Firewalls (slides)
  • Linux 2.4 Packet Filtering HOWTO (Reference) (link)
  • [*Deep Dive*] A. Wool. A quantitative study of firewall configuration errors. IEEE Computer, 37(6):62-67, 2005. (link)
Nov 1
Transport Layer Security (slides)
  • KPS Chapter 19 (Reference)
Nov 6
DNS (slides)
  • An Illustrated Guide to the Kaminsky DNS Vulnerability (link)
  • [*Optional Deep Dive*] Taejoong (tijay) Chung, Roland van Rijswijk-Deij, Bala Chandrasekaran David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson, A Longitudinal, End-to-End View of the DNSSEC Ecosystem. Usenix Security 2017. (link)
  • [*Optional Deep Dive*] Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis, The Wolf of Name Street Hijacking Domains Through Their Nameservers. CCS 2017. (link)
Nov 8
Internet Maliciousness (slides)
  • Antonakakis et al., 'Understanding the Mirai Botnet.' Usenix Security 2017 (link)
  • Abstract Assigned. Due 11/17.
Nov 13
Intrusion Detection (slides)
  • S. Axelsson, The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. (link)
  • [*Optional Deep Dive*] A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link)
Nov 15
Telephone Network Security (slides)
  • [*Reference*] STIR Problem Statement. RFC 7340 (link)
  • [*Reference*]Reaves et al., 'AuthentiCall: Efficient Identity and Content Authentication for Phone Calls.' Usenix Security 2017. (link)
  • [*Reference*]Reaves et al., 'Authloop: Practical End-to-End Cryptographic Authentication for Telephony over Voice Channels.' Usenix Security 2016. (link)
Nov 20
Cryptocurrencies (slides)
  • [*Reference*] S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System (link)
  • [*Reference*] Bonneau et al, 'SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies.' IEEE Security & Privacy 2015 (link)
  • [*Optional Deep Dive*] Narayan and Clark, 'Bitcoin's Academic Pedigree,' Communications of the ACM, Vol. 60 No. 12 (link)
Nov 22
Nov 27
Course Review (slides)
Nov 29
Poster Presentations
Dec 8
Final Exam (1--4pm)