CS 854 (Winter 2008) - Hot Topics in Computer and Communications Security

Suggested Schedule and Reading List

Feel free to suggest any other papers that you may find appropriate. Using the links below, you should be able to access all the papers from hosts within the UW network. There are also local copies of the papers, including a tar file with all the papers (available only from UW hosts).

Date	Topic	Presenter
Jan 8	Introduction	Urs Hengartner
Jan 10	Advice on giving Talks / Cryptography and Security I	Urs Hengartner
Jan 13	Paper choices are due
Jan 15	Sample Projects / Cryptography and Security II	Urs Hengartner
Jan 17	Location Privacy I Louis, Lester and Pierre: Three Protocols for Location Privacy G. Zhong, I. Goldberg and U. Hengartner. PET 2007. A Study on the Value of Location Privacy D. Cvrcek, M. Kumpost, V. Matyas and G. Danezis. WPES 2006.	Urs Hengartner Urs Hengartner
Jan 22	Location Privacy II Inference Attacks on Location Tracks J. Krumm. Pervasive 2007. Developing Privacy Guidelines for Social Location Disclosure Applications and Services G. Iachello, I. Smith, S. Consolvo, M. Chen, and G. D. Abowd. SOUPS 2005.	Student presenters removed for privacy reasons
Jan 24	Location Privacy III Preserving Location Privacy in Wireless LANs T. Jiang, H. J. Wang and Y.-C. Hu. MobiSys 2007. MobiHide: A Mobilea [sic] Peer-to-Peer System for Anonymous Location-Based Queries G. Ghinita, P. Kalnis and S. Skiadopoulos. SSTD 2007. Optional readings: 802.11 User Fingerprinting. J. Pang, B. Greenstein, R. Gummadi, S. Seshan and D. Wetherall. MobiCom 2007. Safeguarding Location Privacy in Wireless Ad-Hoc Networks. T. Hashem and L. Kulik. UbiComp 2007.
Jan 29	Ubiquitous Computing Devices That Tell On You: Privacy Trends in Consumer Ubiquitous Computing T. S. Saponas, J. Lester, C. Hartung, S. Agarwal and T. Kohno. USENIX Security 2007. Instant Matchmaking: Simple and Secure Integrated Ubiquitous Computing Environments D. K. Smetters, D. Balfanz, G. Durfee, T. F. Smith and K.-H. Lee. UbiComp 2006. Optional readings: How To Break Anonymity of the Netflix Prize Dataset. A. Narayanan and V. Shmatikov.
Jan 31	RFID I Privacy and Security Issues in Library RFID - Issues, Practices, and Architectures D. Molnar and D. Wagner. CCS 2004. Security and Privacy Issues in E-passports A. Juels, D. Molnar, and D. Wagner. SecureComm 2005. Optional readings: RFID Security and Privacy: A Research Survey. A. Juels, IEEE J-SAC.
Feb 5	RFID II Security Analysis of a Cryptographically-Enabled RFID Device S. C. Bono, M. Green, A. Stubblefield, A. Juels, A. D. Rubin, and M. Szydlo. USENIX Security 2005.
Feb 7	Kiosks I Trustworthy Personalized Computing on Public Kiosks S. Garriss, R. Cáceres, S. Berger, R. Sailer, L. van Doorn and X. Zhang. IBM Research Report RC24169 (A short version appeared in HotMobile 2007.). Rapid Trust Establishment for Transient Use of Unmanaged Hardware A. Surie, A. Perrig, M. Satyanarayanan and D. Farber. CMU-CS-06-176 (A short version appeared in IEEE Pervasive Computing.).
Feb 12	Kiosks II / RFID III Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer M. Mannan and P. C. van Oorschot. FC 2007. Is Your Cat Infected with a Computer Virus? M. R. Rieback, B. Crispo and A. S. Tanenbaum. PerCom 2006.
Feb 14	Passwords Simple Authentication for the Web T. W. van der Horst and K. E. Seamons. SecureComm 2007. A Large-Scale Study of Web Password Habits D. Florêncio and C. Herley. WWW 2007. Optional readings: Do Strong Web Passwords Accomplish Anything? D. Florêncio, C. Herley and B. Coskun. HotSec 2007.
Feb 15	Project proposals are due
Feb 19	Reading week
Feb 21	Reading week
Feb 26	No lecture
Feb 28	Usability I The Memorability and Security of Passwords -- Some Empirical Results J. Yan, A. Blackwell, R. Anderson and A. Grant. IEEE Security and Privacy. Why Johnny Can't Encrypt - A Usability Evaluation of PGP 5.0 A. Whitten and J. D. Tygar. USENIX Security 1999. Optional readings: Password Sharing: Implications for Security Design Based on Social Practice. S. Singh, A. Cabraal, C. Demosthenous, G. Astbrink and M. Furlong. CHI 2007.
Mar 4	Usability II Lessons Learned From the Deployment of a Smartphone-Based Access-Control System L. Bauer, L. F. Cranor, M. K. Reiter and K. Vaniea. SOUPS 2007. The Emperor's New Security Indicators S. E. Schechter, R. Dhamija, A. Ozment and I. Fischer. Oakland 2007. Optional readings: Why Phishing Works. R. Dhamija, J. D. Tygar and M. Hearst. CHI 2006.
Mar 6	Phishing Phinding Phish: An Evaluation of Anti-Phishing Toolbars Y. Zhang, S. Egelman, L. Cranor and J. Hong. NDSS 2007. CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Y. Zhang, J. Hong and L. Cranor. WWW 2007.
Mar 11	Voting I Security Analysis of the Diebold AccuVote-TS Voting Machine A. J. Feldman, J. A. Halderman and E. W. Felten. EVT 2007. Optional readings: Studying the Nedap/Groenendaal ES3B Voting Computer: A Computer Security Perspective. R. Gonggrijp and W.-J. Hengeveld. EVT 2007. Ohio's review of electronic voting systems. California's review of electronic voting systems.
Mar 13	Voting II Cryptographic Voting Protocols: A Systems Perspective C. Karlof, N. Sastry, and D. Wagner. USENIX Security 2005. The ThreeBallot Voting System R. L. Rivest.
Mar 18	New Security Architectures Securing Vehicular Ad Hoc Networks M. Raya and J.-P. Hubaux. IEEE Wireless Communications Magazine.
Mar 20	Security Economics I The Economics of Mass Surveillance G. Danezis and B. Wittneben. WEIS 2006. Information Security Economics - and Beyond R. Anderson and T. Moore. Crypto 2007 Keynote.
Mar 25	New Security Architectures II Bitfrost: the One Laptop per Child Security Model I. Krstic and S. L. Garfinkel. SOUPS 2007. Project presentation
Mar 27	Project presentations
Apr 1	Project presentations
Apr 3	Project presentations
Apr 18	Project write-ups are due