CS 854 (Fall 2006) - Hot Topics in Computer and Communications Security

Schedule

Date	Topic	Reviews	Presenter
Sept 11	Introduction		Urs Hengartner
Sept 13	Cryptography and Security I		Urs Hengartner
Sept 17	Paper choices are due
Sept 18	Cryptography and Security II		Urs Hengartner
Sept 20	Cryptography and Security III / Sample Projects		Urs Hengartner
Sept 25	Assignment is due
Sept 25	Privacy Avoiding Privacy Violations Caused by Context-Sensitive Services U. Hengartner and P. Steenkiste. PerCom 2006. K-Anonymity: A Model for Protecting Privacy L. Sweeney. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems.	Reviews Reviews	Urs Hengartner <Student presenters removed for privacy reasons>
Sept 27	Pervasive Computing I Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems M. Langheinrich. UbiComp 2001. Cerberus: A Context-Aware Security Scheme for Smart Spaces J. Al-Muhtadi, A. Ranganathan, R. Campbell, and M. D. Mickunas. PerCom 2003. Optional readings: X. Jiang, J. I. Hong, and J. A. Landay. Approximate Information Flows: Socially-based Modeling of Privacy in Ubiquitous Computing, UbiComp 2002.	Reviews Reviews
Oct 2	Pervasive Computing II The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks F. Stajano and R. Anderson. Security Protocols Workshop 1999. Key Agreement in Peer-to-Peer Wireless Networks M. Cagalj, S. Capkun, and J.P. Hubaux. IEEE (Special Issue on Security and Cryptography), 2006. Note: You can skip Section IV. The presenter should talk about distance bounding instead. Optional readings: R. Neaman, S. Gavette, L. Yonge, and R. Anderson. Protecting Domestic Power-line Communications, SOUPS 2006. J. M. McCune, A. Perrig, and M. K. Reiter. Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication, S&P 2005. A. J. Nicholson, I. E. Smith, and J. Hughes. LoKey: Leveraging the SMS Network in Decentralized, End-to-End Trust Establishment, Pervasive 2006.	Reviews Reviews
Oct 4	Location Privacy I Developing Privacy Guidelines for Social Location Disclosure Applications and Services G. Iachello, I. Smith, S. Consolvo, M. Chen, and G. D. Abowd. SOUPS 2005. Preserving Privacy in Environments with Location-Based Applications G. Myles, A. Friday, and N. Davies. IEEE Pervasive Computing Magazine. Optional readings: G. Danezis, S. Lewis, and R. Anderson. How Much is Location Privacy Worth?, WEIS 2005. D. Cvrcek, M. Kumpost, V. Matyas, and G. Danezis, A Study on the Value of Location Privacy, WPES 2006.
Oct 9	Thanksgiving
Oct 11	Location Privacy II Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking M. Gruteser and D. Grunwald. MobiSys 2003. Putting People in their Place: An Anonymous and Privacy-Sensitive Approach to Collecting Sensed Data in Location-Based Applications K. P. Tang, P. Keyani, J. Fogarty, and J. I. Hong. CHI 2006. Optional readings: A. R. Beresford and F. Stajano. Location Privacy in Pervasive Computing, IEEE Pervasive Computing Magazine.
Oct 16	Project proposals are due
Oct 16	RFID Privacy and Security Issues in Library RFID - Issues, Practices, and Architectures D. Molnar and D. Wagner. CCS 2004. Security and Privacy Issues in E-passports A. Juels, D. Molnar, and D. Wagner. SecureComm 2005. Optional readings: A. Juels. RFID Security and Privacy: A Research Survey, IEEE J-SAC. Y. Oren and A. Shamir. Power Analysis of RFID Tags.
Oct 18	Usability Why Johnny Can't Encrypt - A Usability Evaluation of PGP 5.0 A. Whitten and J. D. Tygar. USENIX Security 1999. Why Phishing Works R. Dhamija, J. D. Tygar, and M. Hearst. CHI 2006. Optional readings: N. S. Good and A. Krekelberg. Usability and Privacy: A Study of Kazaa P2P File-Sharing, CHI 2003. S. L. Garfinkel and R. C. Miller. Johnny 2: A User Test of Key Continuity Managment with S/MIME and Outlook Express, SOUPS 2005. C. Kuo, V. Goh, A. Tang, A. Perrig, and J. Walker. Empowering Ordinary Consumers to Securely Configure Their Mobile Devices and Wireless Networks.
Oct 23	Phishing I Do Security Toolbars Actually Prevent Phishing Attacks M. Wu, R. C. Miller, and S. L. Garfinkel, CHI 2006. The Battle Against Phishing: Dynamic Security Skins R. Dhamija and J. D. Tygar. SOUPS 2005. Optional readings: N. Chou, R. Ledesma, Y. Teraguchi, D. Boneh, and J. C. Mitchell, Client-Side Defense Against Web-Based Identity Theft, NDSS 2004.
Oct 25	Phishing II Web Wallet: Preventing Phishing Attacks by Revealing User Intentions M. Wu, R. C. Miller, and G. Little. SOUPS 2006. Passpet: Convenient Password Management and Phishing Protection K.-P. Yee and K. Sitaker. SOUPS 2006. Optional readings: B. Parno, C. Kuo, and A. Perrig. Phoolproof Phishing Prevention, FC 2006.
Oct 30	Trusted Computing I Terra: A Virtual Machine-Based Platform for Trusted Computing T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. SOSP 2003. Pioneer: Verifying Integrity and Guaranteeing Execution of Code on Legacy Platforms A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. SOSP 2005.
Nov 1	Onion Routing Tor: The Second-Generation Onion Router R. Dingledine, N. Mathewson, and P. Syverson. USENIX Security 2004. Tor: The Errata		Nick Mathewson
Nov 6	Trusted Computing II Design and Implementation of a TCG-Based Integrity Measurement Architecture R. Sailer, S. Zhang, T. Jaeger, and L. van Doorn. USENIX Security 2004. Trusted Computing: Promise and Risk Seth Schoen. EFF. Optional readings: D. Safford. Clarifying Misinformation on TCPA.		Urs Hengartner
Nov 8	Graphical Passwords CAPTCHA: Using Hard AI Problems for Security L. von Ahn, M. Blum, N. J. Hopper, and J. Langford. Eurocrypt 2003. Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice S. Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon. SOUPS 2005. Optional readings: X. Suo, Y. Zhu, and G. S. Owen. Graphical Passwords: A Survey, ACSAC 2005.
Nov 13	Electronic Voting Analysis of an Electronic Voting System T. Kohno, A. Stubblefield, A. D. Rubin, and D. S. Wallach. S&P 2004. Cryptographic Voting Protocols: A Systems Perspective C. Karlof, N. Sastry, and D. Wagner. USENIX Security 2005. Optional readings: M. I. Shamos. Paper v. Electronic Voting Records - An Assessment, April 2004. A. J. Feldman, J. A. Halderman, and E. W. Felten, Security Analysis of the Diebold AccuVote-TS Voting Machine, September 2006.
Nov 15	Secure Software I A Virtual Machine Introspection Based Architecture for Intrusion Detection T. Garfinkel and M. Rosenblum. NDSS 2003. A Virtual Honeypot Framework N. Provos. USENIX Security 2004. Optional readings: D. Brumley, and D. Song. Privtrans: Automatically Partitioning Programs for Privilege Separation, USENIX Security 2004.
Nov 20	Secure Software II On the Effectiveness of Address-Space Randomization H. Schacham, M. Page, B. Pfaff, E. Goh, N. Modadugu, and D. Boneh. CCS 2004. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software J. Newsome and D. Song, NDSS 2005. Optional readings: N. Sovarel, D. Evans, and N. Paul. Where's the FEEB? - On the Effectiveness of Instruction Set Randomization, USENIX Security 2005.
Nov 22	Side-Channel Attacks Keyboard Acoustic Emanations Revisited L. Zhuang, F. Zhou, and J. D. Tygar. CCS 2005. Optional readings: D. Brumley and D. Boneh. Remote Timing Attacks are Practical, USENIX Security 2003. D. Song, D. Wagner, and X. Tian. Timing Analysis of Keystrokes and Timing Attacks on SSH, USENIX Security 2001. D. J. Bernstein. Cache-Timing Attacks on AES.
Nov 27	Project presentations
Nov 29	Project presentations
Dec 4	Project presentations
Dec 6	Project write-ups are due