CSE 599 G/H (Autumn 2006)

09/27/2006

Course Introduction

Assigned Readings: None

10/02/2006

Usability

Assigned Readings:

• A Usability Study and Critique of Two Password Managers. Sonia Chiasson, P.C. van Oorschot, Robert Biddle. USENIX Security, 2006. This paper is mirrored here. Presenter: Yoshi.
• Secrecy, Flagging, and Paranoia: Adoption Criteria in Encrypted E-Mail. Shirley Gaw, Edward W. Felten, and Patricia Fernandez-Kelly. CHI, 2006. Presenter: Yoshi.

10/04/2006

Usability

Assigned Readings:

• Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheep's Clothing. Lucas Ballard, Fabian Monrose and Daniel Lopresti. Usenix Security, 2006. Presenter: Yoshi.
• On User Choice in Graphical Password Schemes. Darren Davis, Fabian Monrose, and Michael K. Reiter. Usenix Security, 2004. Presenter: Yoshi.

10/09/2006

Usability and Ubiquitous Devices

Assigned Readings:

• A Comparison of Perceived and Real Shoulder-surfing Risks between Alphanumeric and Graphical Passwords. Furkan Tari, A. Ant Ozok, and Stephen H. Holden. SOUPS, 2006. Presenter: Eytan.
• Smart-Phone Attacks and Defenses. Chuanxiong Guo, Helen J. Wang, and Wenwu Zhu. HotNets, 2004. Presenter: Armin.

10/11/2006

RFIDs

Presenter: Nick.

Assigned Readings:

• Privacy and Security in Library RFID Issues, Practices, and Architectures. David Molnar and David Wagner. CCS, 2004.
• Authenticating Pervasive Devices with Human Protocols. Ari Juels and Stephen A. Weis. Crypto, 2005. You do not need to read Sections 5.2--5.5, Appendix B, and Appendix C.

10/16/2006

Limits of Encryption

Assigned Readings:

• Inferring the Source of Encrypted HTTP Connections. Marc Liberatore and Brian Neil Levine. ACM CCS, 2006. Presenter: Stefan.
• BLINC: Multilevel Traffic Classification in the Dark. Thomas Karagiannis, Konstantina Papagiannaki, and Michalis Faloutsos. SIGCOMM, 2005. In case the above link doesn't work, another copy of the paper is available here. Presenter: Colin.

10/18/2006

Covert Channels

Presenter: Carl.

Assigned Readings:

• Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet. Xinyuan Wang, Shiping Chen, and Sushil Jajodia. ACM CCS, 2005.
• Keyboards and Covert Channels. Gaurav Shah, Andres Molina, and Matt Blaze. Usenix Security, 2006.

10/20/2006

Project

Project proposals due.

10/23/2006

Social Applications (Guest Lecture: David W. McDonald)

Guest Lecture: David W. McDonald.

Assigned Readings: None.

Related Papers:

• Social matching: A framework and research agenda. Loren Terveen and David W. McDonald. ACM TOCHI, 2005.

10/25/2006

Electronic Voting (Guest Lecture: Josh Benaloh)

Guest Lecture: Josh Benaloh.

Title: Verifiable Election Technologies: Simplifying a Quarter Century of Research

Abstract: Extensive cryptography research over last quarter century has produced verifiable election protocols which offer integrity guarantees far better than any widely-deployed election technology, yet these methodologies have rarely (if ever) been used in actual elections. One reason for this lack of use is the complexity of these techniques. This talk reviews some of the historical approaches to cryptographic elections and describes a relatively simple but still effective approach to achieving verifiability in elections. By sacrificing some of the properties of prior verifiable election designs, it is possible to offer a design which is more accessible and therefore more suitable for broad public consumption.

Bio: Josh Benaloh is a cryptographer at Microsoft Research. He earned his bachelor's degree from M.I.T. in 1981, and his Ph.D. from Yale University in 1987 where his dissertation "Verifiable Secret-Ballot Elections" and other writings introduced the so-called "homomorphic" paradigm for cryptographic elections. Before joining Microsoft in 1994, he served as a postdoctoral fellow at the University of Toronto and an Assistant Professor at Clarkson University. He has served as a director of the International Association for Cryptologic Research since 1999 and was the General Chair of the Crypto 2006 conference held this past August.

Assigned Readings: None.

Related Papers:

• Cryptographic Voting Protocols: A Systems Perspective. Chris Karlof, Naveen Sastry, and David Wagner. Usenix Security, 2005.
• Strategies for Software Attacks on Voting Machines. John Kelsey. NIST Threats to Voting Systems, 2005.

10/30/2006

Information Hiding and DRM

Presenter: Tanya.

Assigned Readings:

• Information Hiding --- A Survey. Fabien A.P. Petitcolas, Ross J. Anderson, and Markus G. Kuhn. Proceedings of the IEEE, 1999.

Additional/Related Papers: We will discuss some of these papers, but you are not required to read them.

• Lessons from the Sony CD DRM Episode. J. Alex Halderman and Edward W. Felten. Usenix Security, 2006. (An extended version is available here.)
• Reading Between the Lines: Lessons from the SDMI Challenge. Scott A. Craver, Min Wu, Bede Liu, Adam Stubblefield, Ben Swartzlander, Dan S. Wallach, Drew Dean, and Edward W. Felten. Usenix Security, 2001.
• Replacement Attack on Arbitrary Watermarking Systems. Darko Kirovski and Fabien A. P. Petitcolas. ACM DRM Workshop, 2002.

11/01/2006

No class.

11/06/2006

Worms

Assigned Readings:

• Inferring Internet Denial-of-Service Activity. David Moore, Geoffrey M. Voelker, and Stefan Savage. Usenix Security, 2001. Presenter: Armin.
• Mapping Internet Sensors With Probe Response Attacks. John Bethencourt, Jason Franklin, and Mary Vernon. Usenix Security, 2005. Presenter: Stefan.

Additional/Related Papers:

• Vulnerabilities of Passive Internet Threat Monitors. Yoichi Shinoda, Ko Ikai, and Motomu Itoh. Usenix Security, 2005.

11/08/2006

No class.

11/13/2006

Malware

Presenter: Alex.

Assigned Readings:

• A Crawler-based Study of Spyware on the Web. Alexander Moshchuk, Tanya Bragin, Steven D. Gribble, and Henry M. Levy. NDSS, 2006. (Please read and come prepared to discuss, but do not submit a written evaluation.)
• Malware Prevalence in the KaZaA File-Sharing Network Malware Prevalence in the KaZaA File-Sharing Network. Seungwon Shin, Jaeyeon Jung, Hari Balakrishnan. IMC, 2006.

Additional/Related Papers:

• Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. Yi-Min Wang, Doug Beck, Xuxian Jiang, Roussi Roussev, Chad Verbowski, Shuo Chen, and Sam King. NDSS, 2006.

11/15/2006

(Date Change)

Assigned Readings:

• Designing Ethical Phishing Experiments: A study of (ROT13) rOnl query features. Markus Jakobsson and Jacob Ratkiewicz. WWW, 2006. Presenter: Eytan.
• How Much is Location Privacy Worth?. George Danezis, Stephen Lewis, and Ross Anderson. Workshop on the Economics of Information Security, 2005. Presenter: Jean.

Related Papers:

• Social Phishing. Tom Jagatic, Nathaniel Johnson, Markus Jakobsson, and Filippo Menczer. CACM, to appear.
• Valuating Privacy. Bernardo A. Huberman, Eytan Adar, and Leslie R. Fine. IEEE Security and Privacy, September/October, 2005.

11/20/2006

Malware

Assigned Readings:

• SubVirt: Implementing malware with virtual machines. Samuel T. King, Peter M. Chen, Yi-Min Wang, Chad Verbowski, Helen J. Wang, and Jacob R. Lorch. IEEE Symposium on Security and Privacy, 2006. Presenter: Jean.
• Guidelines and Strategies for Secure Interaction Design. Ka-Ping Yee. Security and Usability. Presenter: Kate.

11/22/2006

Identity Theft and Worms

Assigned Readings: Please read and review two of the following three papers.

• Identity in digital government. Civic Scenario Workshop, Kennedy School of Government, Harvard, 2003. Presenter: Leith.
• On Identity Theft and a Countermeasure based on Digital Uniqueness and Location Cross-Checking. P.C. van Oorschot and Stuart G. Stubblebine. Financial Crypto, 2005. Presenter: Leith.
• A Preliminary Investigation of Worm Infections in a Bluetooth Environment. Presenter: Gabriel.

11/27/2006

Botnets and Spam (Date Change)

Presenter: Harsha.

Assigned Readings:

• A Multifaceted Approach to Understanding the Botnet Phenomenon. Moheeb Rajab, Jay Zarfoss, Fabian Monrose and Andreas Terzis. IMC, 2006.
• Understanding the Network-Level Behavior of Spammers. Anirudh Ramachandran and Nick Feamster. SIGCOMM, 2006.

11/29/2006

Humans in Protocols and Worms

Assigned Readings: Please read and review two of the following three papers.

• CAPTCHA: Using Hard AI Problems For Security. Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford. Eurocrypt, 2003 Presenter: Scott.
• Mitigating Dictionary Attacks on Password-Protected Local Storage. Ran Canetti, Shai Halevi, Michael Steiner. Crypto, 2006. Presenter: Scott.
• Search Worms. Niels Provos, Joe McClain, and Ke Wang. ACM WORM Workshop, 2006. Presenter: Gabriel.

12/04/2006

Humans in Protocols, Network Security, and Virtualization

Assigned Readings:

• When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments. Tal Garfinkel and Mendel Rosenblum. HotOS, 2005 Presenter: Charlie.
• SybilGuard: Defending Against Sybil Attacks via Social Networks. Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman. SIGCOMM, 2006. Presenter: Colin.

12/06/2006

Anonymity

Assigned Readings:

• Free Haven. Roger Dingledine, Michael J. Freedman, and David Molnar. Peer-To-Peer, 2000. Presenter: Kate.
• Crowds: Anonymity for Web Transactions. Michael K. Reiter and Aviel D. Rubin. ACM TISSEC, 1998. Presenter: Charlie.