Date Topic Readings Notes
Wednesday
Aug 16
Cancelled
Monday
Aug 21
Introduction (slides)
  • Homework 1 (part 1) assigned; due Aug 28 at 11:55pm
Wednesday
Aug 23
Introduction and Research Methods (slides)
  • Security Engineering, Chapter 1 (link)
  • Ken Thompson, Reflections on Trusting Trust. Turing Award Lecture, 1983. (link)
  • Michael J. Hanson, Efficient Reading of Papers in Science and Technology. University of Washington, 1989. (link)
  • [Optional Deep Dive] Elizabeth Pain, How to (Seriously) Read a Scientific Paper, 2016. (link)
Monday
Aug 28
Research Methods + Crypto Intro (slides)
  • Security Engineering, Chapter 5.1-5.5 (link)
  • Anderson, R. 1993. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security CCS '93. (link)
Wednesday
Aug 30
Symmetric Crypto (slides)
  • Review Security Engineering, Chapter 5.1-5.5 (link)
Monday
Sep 4
No Class -- Labor Day
Wednesday
Sep 6
Hashes and Message Authentication (slides1)
(slides2)
  • Security Engineering, Chapter 5.6 (link)
  • Network Security (KPS) 5.1, 5.2, and 5.7 (link)
Monday
Sep 11
Hashes and Message Authentication (Continued) (slides2)
  • Homework 2: Crypto Programming Assignment Assigned. Due 10/2/17
Wednesday
Sep 13
Project "Speed Dating"
  • TBA
  • Project Proposals assigned; due Sep 20 at 11:59pm
Monday
Sep 18
Public Key Cryptography (slides)
  • KPS Chapter 6 (Sections 6.5, 6.7 and 6.8 are optional) (link)
  • [*Optional Deep Dive*] D. Boneh. Twenty years of attacks on the RSA cryptosystem, Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999) (link)
Wednesday
Sep 20
Key Agreement and PKI (slides)
  • KPS Chapter 15 (Sections 15.6--15.8 optional) (link)
  • Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure (link)
Monday
Sep 25
Research Methods 2 (slides)
  • Catch up on reading from previous classes. (Especially PKI class)
  • Related Work assigned. Due October 9.
Wednesday
Sep 27
User Authentication (slides)
  • The science of password selection, Troy Hunt (link)
  • Biometrics, Wikipedia (link)
  • The Quest to Replace Passwords, Bonneau et al. (link)
Monday
Oct 2
Authentication Protocols (slides)
  • Gavin Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters. Volumne 56, Issue 3, November 1995. (link)
  • Designing an Authentication System: A Dialogue in Four Scenes (link)
  • [*Optional*] B. Clifford Neuman and Theodore Ts'o, Kerberos: An Authentication Service for Computer Networks. IEEE Communications, 32(9):33-38. September 1994. (link)
  • [*Optional*]: KPS Chapter 13 (link)
Wednesday
Oct 4
Access Control (slides)
  • Operating Systems Security, Chapters 1, 2 (link)
Monday
Oct 9
Operating System Security (slides)
  • (Part 1A only!) J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308. (link)
Wednesday
Oct 11
Exam Review + Research Methods 3 (slides)
  • Methodology Assigned. Due 10/30.
Monday
Oct 16
Midterm Exam
Wednesday
Oct 18
Web Security (slides)
Monday
Oct 23
TCP/IP Security (slides)
  • Security Problems in the TCP/IP Protocol Suite. Steven M. Bellovin, in Computer Communications Review 2:19, pp. 32-48, April 1989. (link)
  • Class will be recorded and posted on line. No in-person class today.
Wednesday
Oct 25
Routing (slides)
  • Sharon Goldberg. "Why is it Taking So Long to Secure Internet Routing?" (link)
Monday
Oct 30
Firewalls (slides)
  • Linux 2.4 Packet Filtering HOWTO (Reference) (link)
  • [*Deep Dive*] A. Wool. A quantitative study of firewall configuration errors. IEEE Computer, 37(6):62-67, 2005. (link)
Wednesday
Nov 1
Transport Layer Security (slides)
  • KPS Chapter 19 (Reference)
Monday
Nov 6
DNS (slides)
  • An Illustrated Guide to the Kaminsky DNS Vulnerability (link)
  • [*Optional Deep Dive*] Taejoong (tijay) Chung, Roland van Rijswijk-Deij, Bala Chandrasekaran David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson, A Longitudinal, End-to-End View of the DNSSEC Ecosystem. Usenix Security 2017. (link)
  • [*Optional Deep Dive*] Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis, The Wolf of Name Street Hijacking Domains Through Their Nameservers. CCS 2017. (link)
Wednesday
Nov 8
Internet Maliciousness (slides)
  • Antonakakis et al., 'Understanding the Mirai Botnet.' Usenix Security 2017 (link)
  • Abstract Assigned. Due 11/17.
Monday
Nov 13
Intrusion Detection (slides)
  • S. Axelsson, The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. (link)
  • [*Optional Deep Dive*] A Sense of Self for UNIX Processes . S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, In Proceedings of the IEEE Symposium on Security and Privacy, 1996. (link)
Wednesday
Nov 15
Telephone Network Security (slides)
  • [*Reference*] STIR Problem Statement. RFC 7340 (link)
  • [*Reference*]Reaves et al., 'AuthentiCall: Efficient Identity and Content Authentication for Phone Calls.' Usenix Security 2017. (link)
  • [*Reference*]Reaves et al., 'Authloop: Practical End-to-End Cryptographic Authentication for Telephony over Voice Channels.' Usenix Security 2016. (link)
Monday
Nov 20
Cryptocurrencies (slides)
  • [*Reference*] S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System (link)
  • [*Reference*] Bonneau et al, 'SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies.' IEEE Security & Privacy 2015 (link)
  • [*Optional Deep Dive*] Narayan and Clark, 'Bitcoin's Academic Pedigree,' Communications of the ACM, Vol. 60 No. 12 (link)
Wednesday
Nov 22
THANKSGIVING
Monday
Nov 27
Course Review (slides)
Wednesday
Nov 29
Poster Presentations
Friday
Dec 8
Final Exam (1--4pm)