Course Calendar
Below is the calendar for this semester course. This is the
preliminary schedule, which may need to be altered as the semester
progresses. It is the responsibility of the students to
frequently check this web-page for schedule, readings, and assignment
changes. As the professor, I will attempt to announce any change to
the class, but this web-page should be viewed as authoritative. If
you have any questions, please contact me (contact information is
available at the course homepage).
| Date
|
Topic
|
Assignments Due
|
Readings/Discussions
(do readings before
class) |
Slides
|
|
08/19/08
|
Introduction
| |
Syllbus
(link)
|
Slides
|
|
08/21/08
|
Cellular Network Security
|
|
P. Traynor, W. Enck, P. McDaniel and T. La Porta, Exploiting
Open Functionality in SMS-Capable Cellular Networks, Journal
of Computer Security (JCS), 2008. Presenter: Patrick Traynor
(link)
|
Slides
|
|
08/26/08
|
Cellular Network Security
|
|
P. Traynor, W. Enck, P. McDaniel and T. Porta, Mitigating
Attacks on Open Functionality in SMS-Capable Cellular
Networks, IEEE/ACM Transactions on Networking (TON), April
2009. Presenter: Patrick Traynor
(link)
G. Orwell, Politics and the English Language, 1946.
(link)
|
Slides
|
|
08/28/08
|
Cellular Network Security
|
Research Interest Profile
|
P. Traynor, P. McDaniel and T. La Porta, On Attack Causality
in Internet-Connected Cellular Networks, USENIX Security
Symposium (SECURITY), August, 2007
Presenter: Patrick Traynor
(link)
In Class Exercise: Why Publish?
|
Slides
|
|
09/02/08
|
Analog Telephony Security
| |
R. Rosenbaum, Secrets of the Little Blue Box, Esquire
Magazine, 1971.
(link)
M. Sherr, E. Cronin, S. Clark and M. Blaze, Signaling
Vulnerabilities in Wiretapping Systems, IEEE Security and Privacy.
November/December 2005.
Presenter: Frank Park
(link)
|
Overview
Wiretap
|
|
09/04/08
|
Network Security
| |
S. Bellovin, Security Problems in the TCP/IP Protocol Suite.
Computer Communications Review 2:19, pp. 32-48, April 1989.
Presenter: Brendan Dolan-Gavitt
(link)
In Class Exercise: Idea Generation - What Are My Hammers?
|
TCP/IP
Ideas
|
|
09/09/08
|
Network Security
| |
S. Staniford, V. Paxson and N. Weaver, How to 0wn the Internet
in Your Spare Time, Proceedings of the USENIX Security Symposium,
2002.
Presenter: Eric Liu
(link)
J. Bethencourt, J. Franklin, M. Vernon, Mapping Internet
Sensors With Probe Response Attacks, Proceedings of the USENIX
Security Symposium, 2005
Presenter: Chaitrali Amrutkar
(link)
|
Worm
Probes
|
|
09/11/08
|
Network Security
| |
J. Saltzer, D. Reed and D. Clark. End-to-end arguments in system
design. ACM Transactions on Computer Systems 2, 4 (November 1984),
pages 277-288.
Presenter: Ankur Aggarwal
(link)
In Class Exercise: What is an Abstract?
|
E-to-E
Probes
|
|
09/16/08
|
5 Minute Project Idea Presentations
|
|
09/18/08
|
Software Vulnerabilities
| |
Aleph One, Smashing The Stack For Fun And Profit, Phrack 49, 1995.
Presenter: Pranay Kolakkar
(link)
In Class Exercise: How Do We Publish Vulnerabilities Responsibly?
|
Stack
Disclosure
|
|
09/23/08
|
Cryptography
| |
M. Blaze, Protocol Failure in the Escrowed Encryption Standard,
Proceedings of the ACM Conference on Computer and Communications
Security (CCS), 1994. Presenter: Anirudh Ramachandran
(link)
|
Clipper
|
|
09/25/08
|
Cryptography
| |
P. Kocher, J. Jaffe, and B. Jun, Differential Power Analysis,
Advances in Cryptology (CRYPTO), 1999. Presenter: Italo Dacosta
(link)
In Class Exercise: Writing a Useful Related Work Section
|
DPA
RelWork
|
|
09/30/08
|
Cryptography
|
Abstract Due
|
D. Brumley and D. Boneh, Remote Timing Attacks are Posible,
Proceedings of the USENIX Security Symposium, 2003.
Presenter: Samrit Sangal
(link)
|
RTAAP
|
|
10/02/08
|
Wireless Networks
| |
J. Walker, Unsafe at any key size; An analysis of the WEP
encapsulation, 2000. Presenter: Daniel Luo Xiapu
(link)
A. Stubblefield, J. Ioannidis, A. Rubin, Using the Fluhrer,
Mantin, and Shamir Attack to Break WEP, Proceedings of the ISOC
Symposium on Network and Distributed System Security, February,
2002. Presenter: Daniel Komaromy
(link)
|
Unsafe
FMS WEP
|
|
10/07/08
|
Wireless Networks
| |
A. Bittau, M. Handley and J. Lackey, The Final Nail in WEP's
Coffin, Proceedings of the IEEE Symposium on Security and
Privacy, 2006. Presenter: Vijay Balasubramaniyan
(link)
D. Spill and A Bittau, BlueSniff: Eve meets Alice and
Bluetooth, Proceedings of the USENIX Workshop on Offensive
Technologies (WOOT), 2007. Presenter: Junjie Zhang
(link)
|
Nail
BlueSniff
|
|
10/09/08
|
Hardware Security
|
Related Work Due
|
S. Bono, M. Green, A. Stubblefield, A. Juels, A. Rubin, M
Szydlo, Security Analysis of a Cryptographically-Enabled RFID
Device, Proceedings of the USENIX Security Symposium, August,
2005. Presenter: Ankur Aggarwal
(link)
|
RFID
|
|
10/14/08
|
No class - Fall Break
|
|
10/16/08
|
Hardware Security and Electronic Voting
| |
T. Kohno, A. Stubblefield, A. Rubin, and D. Wallach,
Analysis of an Electronic Voting System, Proc. IEEE
Symposium on Security and Privacy May, 2004. Anirudh
Ramachandran
(link)
K. Nohl, D. Evans, Starbug, and H. Plotz,
Reverse-Engineering a Cryptographic RFID Tag, Proceedings
of the USENIX Security Symposium, 2008. Presenter:
Eric Yu
(link)
|
e-voting
rfid
|
|
10/21/08
|
Electronic Voting
| |
K. Butler, W. Enck, H. Hursti, S. McLaughlin, P. Traynor
and P. McDaniel. Systemic Issues in the Hart InterCivic
and Premier Voting System: Reflections Following Project
EVEREST, Proceedings of the USENIX/ACCURATE Electronic
Voting Technology (EVT) Workshop, July, 2008. Presenter:
Patrick Traynor
(link)
A. Aviv, P Cerny, S. Clark, E. Cronin, G. Shah, M. Sherr
and M. Blaze, Security Evaluation of Voting
Machines and Election Management System,
Proceedings of the USENIX/ACCURATE Electronic
Voting Technology (EVT) Workshop, July, 2008. Presenter:
Patrick Traynor
(link)
|
everest
|
|
10/23/08
|
No class
|
|
10/28/08
|
VoIP Security
|
Description of Evaluation Due
|
C. Wright, L. Ballard, F. Monrose and G. Masson, Language
Identification of Encrypted VoIP Traffic: Alejandra y
Roberto or Alice and Bob?, Proceedings of the USENIX
Security Symposium (SECURITY), 2007. Presenter: Vijay
Subramanayan
(link)
C. Wright, L. Ballard, S. Coull, F. Monrose and G. Masson,
Spot me if you can: Uncovering spoken phrases in encrypted
VoIP conversations, Proceedings of the IEEE Symposium on
Security and Privacy (OAKLAND), 2008. Presenter: Chaitrali
Amrutkar
(link)
|
language
phrase
|
|
10/30/08
|
VoIP Security
| |
X. Wang, S. Chen and S Jajodia, Tracking Anonymous VoIP
Calls on the Internet, Proceedings of the ACM Conference
on Computer and Communications Security (CCS), 2005.
Presenter: Eric Liu
(link)
N. Kiyavash, A. Houmansadr, and N. Borisov, Multi-flow
Attacks Against Network Flow Watermarking Schemes,
Proceeding of the USENIX Security Symposium (SECURITY),
2008. Presenter: Samrit Sangal
(link)
|
voip
watermark
|
|
11/04/08
|
Physical World Attacks
| |
S. Byers, A. Rubin, and D. Kormann, Defending Against an
Internet-based Attack on the Physical World, ACM
Transactions on Internet Technology
(TOIT), August, 2004. Presenter: Frank Park
(link)
D. Halperin, T.S. Heydt-Benjamin, B. Ransford, S.S. Clark,
B. Defend, W. Morgan, K. Fu, T. Kohno, and W.H. Maisel,
Pacemakers and Implantable Cardiac Defibrillators:
Software Radio Attacks and Zero-Power Defenses,
Proceedings of the IEEE Symposium on Security and Privacy
(OAKLAND), 2008. Presenter: Brendan Dolan-Gavitt
(link)
|
postal
medical
|
|
11/06/08
|
Lock Picking
| |
M. Blaze, Cryptology and Physical Security: Rights
Amplification in Master-Keyed Mechanical Locks, March
2003. IEEE Security and Privacy. March/April 2003.
Presenter: Daniel Luo Xiapu
(link)
M. Blaze, Safecracking for the computer scientist, 2004.
Presenter: Chaitrali Amrutkar
(link)
|
locks
safes
|
|
11/11/08
|
DRM
| |
S. Craver, M. Wu, B. Liu, A. Stubblefield, B. Swartzlander,
D. Wallach, D. Dean and E. Felten, Reading Between the
Lines: Lessons from the SDMI Challenge, Proceedings of the
USENIX Security Symposium (SECURITY), 2001. Presenter:
Ankur Aggarwal
(link)
A. Halderman, Evaluating New Copy-Prevention Techniques
for Audio CDs, Proceedings of the ACM Workshop on Digital
Rights Management (DRM), 2002. Presenter: Italo Dacosta
(link)
|
sdmi
marker
|
|
11/13/08
|
DRM
| |
A. Shamir and N. van Someren, Playing hide and seek with
stored keys, Proceedings of the International Conference
on Financial Cryptography, 1999.
Presenter: Daniel Komaromy
(link)
S. Byers, L. Cranor, D. Korman, P. McDaniel and E. Cronin,
Analysis of security vulnerabilities in the movie
production and distribution process, Proceedings of the
ACM Workshop on Digital Rights Management (DRM), 2003.
Presenter: Brendan Dolan-Gavitt
(link)
|
keys
movies
|
|
11/18/08
|
Misc
| |
S. King, P. Chen, Y. Wang, C. Verbowski, H. Wang and J.
Lorch. SubVirt: Implementing malware with virtual
machines, IEEE Symposium on Security and Privacy, 2006.
Presenter: Pranay Kolakkar
(link)
L. Ballard, F. Monrose and D. Loprest, Biometric
Authentication Revisited: Understanding the Impact of
Wolves in Sheep's Clothing, Proceedings of the USENIX
Security Symposium, 2006. Presenter: Junjie Zhang
(link)
|
subvirt
handwriting
|
|
11/20/08
|
Final Project Prep -- No class
|
|
11/25/08
|
Final Project Prep -- No class
|
|
11/27/08
|
Thanksgiving Break -- No class
|
|
12/02/08
|
Project Final Presentations
|
|
12/04/08
|
Project Final Presentations
|
|
12/8/08
|
Final Projects Writeups Due
|
|
CS8803
|