CS558 : Network Security
Boston University, Computer Science, Spring, 2012
Instructor: Sharon Goldberg

Summary           Course Syllabus     Schedule      Google Calendar for this Course

Assignments!

Link to websubmit for submitting assignments.

Privacy assignments: HW1     HW1 with bug in ex7 fixed     HW1 partial solution     Lab1      Error propogation formulae that are helpful for Lab1

Crypto assignments: HW2     Optional Extra Practice Problems     HW2 solution    

Network Security assignments: HW3     HW3 partial solution    HW4     HW4 solution    


Class is held Mondays and Wednesdays 1:00-2:30PM in CAS 221

Important dates:


Week 1 (Wednesday only).

Welcome, adminstrivia, signup for presentations.


Week 2. Attacks on Data Privacy.

Monday Presenter: Dimitris Papadopoulos. RSA secur ID breach   slides
Wednesday Presenter: Harry Mavroforakis. DuQu worm   slides

Read for Monday: Narayanan and Shmatikov on PII CACM 2010

Topics:


Week 3. Privacy notions of k-anonymity, l-diversity. Attacks on these notions.

Monday Presenter: None
Wednesday Presenter: Larissa Spinelli For sale, your data by you slides

Reference: Lectures will be based on Li, Li, Venkatasubramanian Section 1-3 (inclusive) and Ganta, Kasiviswanathan, Smith '08 Sections 1-3 (inclusive). See also these Slides from class, borrowed with permission from V. Shmatikov. In class we also discussed Shannon entropy (read page 2 of these notes) and Kerckhoff's principle, i.e. "The enemy knows the system" (see e.g. Leo Reyzin's lecture nodes on this (3rd paragraph).)

Topics:

Optional.At very end of class Wednesday, we discussed Dwork's proof that (a formalization) of the following statement is impossible. "Anything that can be learned about a respondent from the statistical database can be learned without access to the database." See Dwork, Section 3


Week 4. Intro to Differential Privacy: Definition, c-stable transformations, sequential composition

Monday Presenter: Jonathan

Reference: Lectures will cover Section 2 of McSherry'09


Week 5. More Differential Privacy: Examples (CDF, counting search queries) and parallel composition.

Homework 1 and Lab 1 released!

Monday Presenter: Stirling  Khelios botnet slides
Wednesday Presenter: Jarad   ACTA slides

Reference: We continue with Section 2 of McSherry'09. We will also cover material (particularly algorithms for the CDF) from Section 4.1, 5.3.1 of McSherry Mahajan'10.

Optional: In class I mention a paper called differential privacy under fire, which looks at side-channel attacks on differential privacy query languages like PINQ.


Week 6. Even more Differential Privacy: Exponential mechanism, the median mechanism, and the join operator.

Wednesday Presenter: Nur secure boot slides.

Reference: References on the exponential mechanism are very messy, so here are some rough notes I wrote about the material we discuss in lecture. The original references I used to make these notes are as follows:


Weeks 7 and 8. Crypto. Class taught by Adam ONeill.

Monday Presenter: Kyle Attack on RSA slides.
Wednesday Presenter: Danny DNS bit squatting slides.
Monday Presenter: Ian Andriod OS security slides.

Lectures are based on Mihir Bellare's lectures, with material from lectures 1,3,4,5,7,11,12. Topics:


March Break!


Week 9. Symmetric Encryption and Authentication : IPsec and TLS/SSL.

Monday Presenter: Jarib Attack on HBGary slides.
Wednesday Presenter: Colin Conficker slides.
Crypto Review Session: 4PM on Friday in MCS135

We discuss how IPsec and TLS/SSL are used, covering both the high-level issues about where in the Internet each protocol is used, as well as the underlying cryptographic issues related to encryption and authentication.


Week 9. Midterm and review week.

We review material on Monday.

Midterm is on Wednesday. You are allowed to bring a two-sided handwritten aid sheet. Three-quarters of the midterm will be on privacy (k-anon and differential privacy and PINQ) and one quarter will be on basic crypto (CCA security, CPA security for encryption, and MAC security, the difference between symmetric encryption/authentication and public-key encryption/authentication.)


Week 10. IPsec and IKE (Internet Key Exchange)

Monday presenter: Tim Operation shady rat slides.
Wednesday presenter: Joe Medical device security slides.

We discuss SigMA protocols used in IPsec using Krawcyzk's slides.


Week 11.

Monday: "Buffer overflows for dummies" - class taught by Ran Canetti.

Wednesday: Availability and denial of service attacks on IP and TCP - guest lecture by Yossi Gilad.


Weeks 12-13. Public Key Infrastructures, RPKI . BGP security

Wednesday presenter: Robert Sony playstation attack
Monday presenter: Sanaz Dropbox security.
Wednesday presenter: Da Cheng slides.


Weeks 14. DNS security

Monday presenter: Valerie CISPA AND EINSTEIN slides.
Friday is the poster session!


Done! Enjoy your summer!