Course info
In this course, we will discuss and read papers on a wide range of systems security topics including: anonymity, application security, cryptocurrencies, government surveillance, physical security, private communication, side-channel attacks, and more.
| Location: | ECEE 1B32 |
| Time: | Tue/Thu 6:30pm - 7:45pm |
| Professor: | Eric Wustrow <ewust@colorado.edu> ECOT 352 |
| Office Hours: | Wed 1-2pm or by appointment |
Grading
This course will include reading 3-4 papers per week, with written reviews and in-class discussion on the topics. Each student must complete an open-ended final project on a security topic, with the goal of submitting it to a computer security conference or workshop. In addition, each student must pick and present a security tool, trick or attack during the semester.
- 50% - Final project
- 25% - Paper reviews
- 20% - In-class tool presentation
- 5% - Participation
Paper reviews
For each paper we read, please submit a short (~100-200 word) summary that describes the paper, and some of your comments about the paper; for example, insights, questions, future directions, or what lessons are learned, etc. Please send these to ewust@colorado.edu with the subject "5014 reading", and include your review as inline text in the email. It's ok to include both reviews in the same email, just make the separation clear.
Final Project
Each group will give a 10-15 minute presentation in class (Tue, Apr 26), describing
what problem they are solving, how they solved it, and anything they plan to do by the due
date of the final project. There will be a couple minutes for Q&A for each group.
Final papers will be due Friday, Apr 29Tuesday, May 3, 11:59PM MDT. Please submit papers in
USENIX format
as a single PDF, 5-8 pages in length, including references.
In-class presentations
Each student will pick a topic (or propose a new one!) and present it to the class. Presentations should be 10-15 minutes, and we will have a short Q&A session. Send your top 2 choices to me (ewust@colorado.edu) by class on Thursday, Jan 14.
- TLS - (Tue, Jan 19) Set up a webserver with a signed certificate (you can obtain free ones from Let's Encrypt). Walk us through what happens during a TLS connection handshake between a popular web browser and your server. Show us packets in Wireshark, and explain the purpose of each packet. Describe how you can invoke such connections progamatically (either through command line, or in a programming language/library of your choice).
- Dining cryptographers networks - (Tue, Feb 2) Describe the dining cryptographers problem, and how it is solved. Pick an existing implementation or system that uses dining cryptographers (such as Dissent), and describe its operation in detail.
- DNS tunneling - (Tue, Feb 9) Describe iodine and how it works, by setting up your own server/client. Show us in Wireshark how it works, and describe how it could be improved and defended against.
- Application Security - (Tue, Feb 23) Implement and demonstrate a simple buffer overflow on a vulnerable application you write. Show how modern defenses prevent such attacks, and how you could circumvent them.
- Web Security - (Thu, Feb 25) Create an example web application that is vulnerable to cross-site request forgery (CSRF) and cross-site scripting (XSS) attacks. Describe how these attacks can have real impact on users' and servers' security. Demonstrate attacking the server (both CSRF and XSS), and describe how to defend against it.
- Post-Quantum Crypto - (Tue, Mar 15) Choose a post-quantum cryptographic primitive (e.g. lattice-based crypto, hash-based signatures, code-based crypto), and describe its operation in detail.
- Oblivious RAM - (Tue, Apr 5) Describe the concept, and pick one (reasonably) practical implementation or design, and walk through its operation. Describe what attacks this stops, and how much overhead (in practical terms) the scheme requires.
- Zero-knowledge proofs - (Thu, Apr 14) Describe how zero-knowledge proofs work by using a concrete example. It's ok if you describe an existing scheme, but it should be more interesting than either conveying a single bit or password hashing). Bonus: describe your scheme with a non-interactive zero-knowledge proof!
Readings
| Date | Topic | Readings |
|---|---|---|
| Tue, Jan 12 | Crypto | No reading Crypto Notes |
| Thu, Jan 14 | Crypto | The
Moral Character of Cryptographic Work Rogaway No response required |
| Tue, Jan 19 | Crypto Failures | TLS presentation Null Prefix Attack Marlinspike Lucky Thirteen: Breaking the TLS and DTLS Record Protocols AlFardan and Paterson |
| Thu, Jan 21 | Crypto Failures | The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software Georgiev, Iyengar, Jana, Anubhai, Boneh, and Shmatikov Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice Adrian, Bhargavan, Durumeric, Gaudry, Green, Halderman, Heninger, Springall, Thomé, Valenta, VanderSloot, Wustrow, Zanella-Béguelin, and Zimmermann |
| Tue, Jan 26 | Web Tracking | Third-Party Web Tracking: Policy and Technology Mayer and Mitchell |
| Thu, Jan 28 | Web Tracking | "You Might Also Like:" Privacy Risks of Collaborative Filtering Calandrino, Kilzer, Narayanan, Felten, and Shmatikov Selling Off Privacy at Auction Olejnik, Minh-Dung, and Castelluccia |
| Tue, Feb 2 | Anonymity | Dining cryptographers networks presentation Tor: The Second-Generation Onion Router Dingledine, Mathewson, and Syverson Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries Johnson, Wacek, Jansen, Sherr, and Syverson |
| Thu, Feb 4 | Anonymity/Censorship | Examining How the Great Firewall Discovers Hidden Circumvention Servers Ensafi, Fifield, Winter, Feamster, Weaver, and Paxson Scramblesuit: A Polymorphic Network Protocol to Circumvent Censorship Winter, Pulls, and Fuss |
| Tue, Feb 9 | Anticensorship |
DNS tunneling presentation Protocol Misidentifcation Made Easy with Format-Transforming Encryption Dyer, Coull, Ristenpart, and Shrimpton StegoTorus: A Camouflage Proxy for the Tor Anonymity System Weinberg, Wang, Yegneswaran, Briesemeister, Cheung, Wang, and Boneh |
| Thu, Feb 11 | Anticensorship | Telex: Anticensorship in the Network Infrastructure Wustrow, Wolchok, Goldberg, and Halderman Blocking-resistant communication through domain fronting Fifield, Lan, Hynes, Wegmann, and Paxson |
| Tue, Feb 16 | No class | No class - go see Edward Snowden speak instead! |
| Thu, Feb 18 | Network Security | Increased DNS Forgery Resistance Through 0x20-Bit Encoding Dagon, Antonakakis, Vixie, Jinmei, and Lee Your Botnet is My Botnet: Analysis of a Botnet Takeover Stone-Gross, Cova, Cavallaro, Gilbert, Szydlowski, Kemmerer, Kruegel, and Vigna |
| Tue, Feb 23 | Application Security | Application Security presentation Smashing the Stack for Fun and Profit Aleph One The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) Shacham |
| Thu, Feb 25 | Web Security | Web security presentation I Still Know What You Visited Last Summer: Leaking browsing history via user interaction and side channel attacks Weinberg, Chen, Jayarman, and Jackson Protecting Browsers from DNS Rebinding Attacks Jackson, Barth, Bortz, Shao, and Boneh |
| Tue, Mar 1 | Secure Communication | Off-the-Record Communication, or, Why Not To Use PGP Borisov, Goldberg, and Brewer SoK: Secure Messaging Unger, Dechand, Bonneau, Fahl, Perl, Goldberg, and Smith |
| Thu, Mar 3 | Data at Rest | Lest We Remember: Cold Boot Attacks on Encryption Keys Halderman, Schoen, Heninger, Clarkson, Paul, Calandrino, Feldman, Appelbaum, and Felten |
| Tue, Mar 8 | Usability | Why Johnny Can't
Encrypt: A Usability Evaluation of PGP 5.0 Whitten and Tygar Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness Akhawe and Felt |
| Thu, Mar 10 | Final Project Proposals | |
| Tue, Mar 15 | Government Backdoors | Post-Quantum Crypto presentation On the Practical Exploitability of Dual EC in TLS Implementations Checkoway, Fredrikson, Niederhagen, Everspaugh, Green, Lange, Ristenpart, Bernstein, Maskiewicz, and Shacham Keys under doormats Abelson, Anderson, Bellovin, Benaloh, Blaze, Diffie, Gilmore, Green, Landau, Neumann, Rivest, Schiller, Schneier, Specter, and Weitzner |
| Thu, Mar 17 | Government Threats | Decoding the Summer of Snowden Sanchez W32.Stuxnet Dossier Falliere, Murchu, and Chien |
| Tue, Mar 22 | No Class | Spring Break |
| Thu, Mar 24 | No Class | Spring Break |
| Tue, Mar 29 | Hardware Security | Stealthy Dopant-Level Hardware Trojans Becker, Regazzoni, Paar, and Burleson Designing and implementing malicious hardware King, Tucek, Cozzie, Grier, Jiang, and Zhou |
| Thu, Mar 31 | The Cloud | Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds Ristenpart, Tromer, Shacham, and Savage |
| Tue, Apr 5 | Theoretical Privacy | Oblivious RAM presentation Differential Privacy Dwork Robust De-anonymization of Large Sparse Datasets Narayanan and Shmatikov |
| Thu, Apr 7 | Medical Privacy | Final project checkpoint due Security and Privacy for Implantable Medical Devices Halperin, Heydt-Benjamin, Fu, Kohno, and Maisel |
| Tue, Apr 12 | Cryptocurrency | Bitcoin Nakamoto
Majority is not enough: Bitcoin mining is vulnerable Eyal and Sirer |
| Thu, Apr 14 | Cryptocurrency | Zero-knowledge proofs presentation Zerocoin Miers, Garman, Green, and Rubin |
| Tue, Apr 19 | Electromagnetics | Emission Security Anderson |
| Thu, Apr 21 | Side Channels | Remote
Physical Device Fingerprinting Kohno, Broido, and Claffy Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks On PCs Genkin, Pipman, and Tromer |
| Tue, Apr 26 | Final Project Presentations | |
| Thu, Apr 28 | Physical Security | Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks Blaze |