Date Details
01/20/2015 Orientation and logistics [slides]
Required reading:
• None
Suggested reading:
Introduction to Information Assurance
01/22/2015 Information Hiding: Watermarking and Steganography [slides]
Required reading:
Information Hiding--A Survey (Read Sections I and II only)
01/27/2015 Snow Day - University Closed
01/29/2015 Information Hiding: Covert Channels [slides]
Required reading:
Embedding Covert Channels into TCP/IP
Suggested reading:
Detection of Covert Channel Encoding in Network Packet Delays
CoCo: coding-based covert timing channels for network flows
02/03/2015 Information Leakage: Side Channels [slides1, slides2]
Required reading:
Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow
Suggested reading:
Preventing Side-Channel Leaks in Web Traffic: A Formal Approach
Cross-VM Side Channels and Their Use to Extract Private Keys
02/05/2015 Anonymous Communication: Mixes, Tor, etc. [slides]
Required reading:
Tor: The Second-Generation Onion Router
Suggested reading:
Mixminion: Design of a Type III Anonymous Remailer Protocol
Shining Light in Dark Places: Understanding the Tor Network
02/10/2015 Deadline for project proposals
02/10/2015 Censorship Resistance: Parrots [slides]
Required reading:
SkypeMorph: Protocol Obfuscation for Tor Bridges
Suggested reading:
The Parrot is Dead: Observing Unobservable Network Communications
I want my voice to be heard: IP over Voice-over-IP for unobservable censorship circumvention
02/12/2015 Censorship Resistance: Decoy Routing [slides]
Required reading:
Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability
Suggested reading:
Telex: Anticensorship in the Network Infrastructure
No Direction Home: The True Cost of Routing Around Decoys
02/17/2015 No Class (Presidents' Day)
02/19/2015 Privacy-preserving Services: Social Networks [slides1,slides2]
Required reading:
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider
Suggested reading:
Persona: an online social network with user-defined privacy
EASiER: Encryption-based Access Control in Social Networks with Efficient Revocation
02/24/2015 Privacy-preserving Services: Storage [slides1,slides2]
Required reading:
Vanish: Increasing Data Privacy with Self-Destructing Data
Suggested reading:
Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs
FADE: Secure Overlay Cloud Storage with File Assured Deletion
02/26/2015 Privacy in the Cloud: PIR and ORAM [slides]
Required reading:
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval
Suggested reading:
Private Information Retrieval
ObliviStore: High Performance Oblivious Cloud Storage
03/03/2015 Privacy of Emerging Technologies [slides]
Required reading:
A Scanner Darkly: Protecting User Privacy from Perceptual Applications
Suggested reading:
Robust De-anonymization of Large Sparse Datasets
Private-by-Design Advertising Meets the Real World
03/05/2015 Midterm Exam (Includes lectures before 03/03/2015. Only from the content discussed in the class.)
03/10/2015 Usable Security: Passwords [slides]
Required reading:
How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation
Suggested reading:
A Second Look at the Usability of Click-Based Graphical Passwords
The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers
03/12/2015 Web Security: JavaScript (Guest lecture by Prof. Guha )
Required reading:
Type-based Verification of JavaScript Sandboxing
Suggested reading:
Privilege Separation in HTML5 Applications
Automated Analysis of Security-Critical JavaScript APIs
03/17/2015 No Class (Spring Break)
03/19/2015 No Class (Spring Break)
03/24/2015 Project progress reports are due
03/24/2015 Security and Privacy of Future Internet Architectures: Named-Data Networking [slides]
Required reading:
ANDaNA: Anonymous Named Data Networking Application
Suggested reading:
Privacy in Content-Oriented Networking: Threats and Countermeasures
Named Data Networking
03/26/2015 Secure Digital Currency: Bitcoin [slides]
Required reading:
Zerocoin: Anonymous Distributed E-Cash from Bitcoin
Suggested reading:
Bitcoin : A Peer-to-Peer Electronic Cash System
Sybil-Resistant Mixing for Bitcoin
03/31/2015 Hardware Security: Trusted Platform Module [slides]
Required reading:
cTPM: A Cloud TPM for Cross-Device Trusted Applications
Suggested reading:
Design and Implementation of a TCG-based Integrity Measurement Architecture
vTPM: Virtualizing the Trusted Platform Module
04/02/2015 Mobile Security: Android [slides]
Required reading:
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Suggested reading:
A Study of Android Application Security
Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets
04/07/2015 Economics of Malware: Spam [slides]
Required reading:
Click Trajectories: End-to-End Analysis of the Spam Value Chain
Suggested reading:
Show Me the Money: Characterizing Spam-advertised Revenue
Knock It Off: Profiling the Online Storefronts of Counterfeit Merchandise
04/09/2015 Online Tracking [slides]
Required reading:
Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting
Suggested reading:
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
Third-Party Web Tracking: Policy and Technology
04/14/2015 Botnet Detection [slides]
Required reading:
BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection
Suggested reading:
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic
BotHunter Detecting Malware Infection Through IDS-Driven Dialog Correlation
04/16/2015 Traffic Analysis: Flow Correlation [slides]
Required reading:
RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows
Suggested reading:
Timing analysis in low-latency mix networks: Attacks and defenses
Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet
04/21/2015 Project Presentations
• Armand, Side channel attacks in games
• Benjamin, Cloud services security
04/23/2015 Project Presentations
• Manuel, Security and Privacy in the Internet of Things
• Roman, Privacy in next-generation Internet architectures
• David, Identity theft
04/28/2015 Project Presentations
• Christopher, Multi-Key Cryptosystems and Key Management
• Cody, Cryptocurrencies
• Dylan, Authentication and Passwords
5/4/2015 Final Exam
Time: 10:30AM - 12:30PM, location: CS 140
05/08/2015 Project reports are due