Instructor:
Nadia Heninger
(604 Levine)
Office Hours Tuesdays 1:00-2:00pm 604 Levine
TAs:
Shaanan Cohney | Thu. 2:00-3:00pm | Moore 102 Conference Room |
Luke Valenta | Wed. 3:00-4:00pm | Moore 102 Conference Room |
Terry Sun | Mon. 5:00-6:00pm | Moore 102 Conference Room |
Richard Roberts | Tue. 7:00-8:00pm | Moore 102 Conference Room |
Josh Fried | Wed. 4:30-5:30pm | Moore 102 Conference Room |
Lectures:
Tuesday/Thursday 10:30am-12:00pm Berger auditorium
Tutorial Sessions:
Wednesday 5:00-6:00pm Moore 102 conference room
This course introduces principles and practices of computer and network security.
Prerequisites: CIS 160, CIS 240.
Grading will be based on homework (25%), projects (40%), a final (30%), and class participation (5%).
Topic | Assignments | Resources | |
1/14 | Introduction Threat modeling, thinking like an attacker | Homework 1 available |
Wikipedia: Teufelsberg Computer Fraud and Abuse Act Wikipedia: Aaron Swartz Wikipedia: Weev |
1/19 | Symmetric encryption Pseudorandom functions, pseudorandom generators, stream ciphers, block ciphers |
Communication Theory of Secrecy Systems by Shannon Wikipedia: Vigenère cipher | |
1/21 | Message integrity Block cipher modes of operation, message authentication codes |
Homework 1 due at 10pm Homework 2 available | |
1/26 | Hash functions Hash functions, birthday attacks, length extension attacks | ||
1/27 | Tutorial session: Python | Brief demo of Python syntax with examples. Resources: LearnPython.org, Learn Python the Hard Way | |
1/28 | Public-key cryptography Diffie-Hellman key exchange, RSA encryption |
Homework 2 due at 10pm Project 1 available | Wikipedia: Modular Arithmetic Modular arithmetic lecture notes from Berkeley CS 70 Basic number theory lecture notes from Boaz Barak New Directions in Cryptography by Whitfield Diffie and Martin E. Hellman |
2/2 | Digital Signatures RSA signatures, PKCS padding, Bleichenbacher signature forgery attack Guest lecture: Luke Valenta | ||
2/4 | Social Engineering
Guest lecture: Shaanan Cohney | ||
2/9 | Passwords and authentication Authentication factors, usability, password hygiene, challenge-response authentication, biometrics | ||
2/11 | Web overview, attacks and defenses Web threat model, HTTP, HTML, Javascript, same-origin policy, session management, cookies |
Project 1 due at 10pm Homework 3 available |
Web technology for developers Browser Security Handbook: Basic concepts behind web browsers |
2/16 | Web attacks and defenses SQL injection, CSRF, XSS and defenses |
Project 2 available |
SQL Injection cheat sheet Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet XSS Filter Evasion Cheat Sheet |
2/18 | HTTPS and crypto in practice HTTPS, RSA and DH key exchange, certificates, CAs, public-key infrastructure, trust model; PGP, the crypto wars, key management, web of trust, usability, OTR |
Homework 3 due at 10pm |
The First Few Milliseconds of an HTTPS Connection Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 by Alma Whitten and Doug Tygar Bernstein v. United States Off-the-Record Communication, or, Why Not To Use PGP by Nikita Borisov, Ian Goldberg, and Eric Brewer |
2/23 | Networking overview OSI architecture, Ethernet, IP, ICMP, ARP, DHCP Guest lecture: Behnaz Arzani |
The Design Philosophy of the DARPA Internet Protocols by Clark Brief History of the Internet Wikipedia: OSI Model Wikipedia: Ethernet Wikipedia: Internet Protocol Wikipedia: Address Resolution Protocol Wikipedia: Dynamic Host Configuration Protocol Computer Networks: A Systems Approach by Peterson and Davie | |
2/25 | Networking overview Routing basics, UDP, TCP, congestion control, DNS Guest lecture: Behnaz Arzani |
Wikipedia: Autonomous System Wikipedia: OSPF routing Wikipedia: Border Gateway Protocol Wikipedia: User Datagram Protocol Wikipedia: Transmission Control Protocol Wikipedia: Domain Name System | |
3/1 | Network threat modeling HTTPS, export controls, DROWN |
The export of cryptography in the 20th century and the 21st by Diffie and Landau DROWN Attack Attack of the week: DROWN by Green | |
3/3 | Network attacks eavesdropping, jamming, TCP injection |
Project 2 due at 10pm |
Mark Klein Declaration in Heptig v. ATT/NSA APCO P25 digital two-way radio system by Blaze, Clark, Goodspeed, Metzger, Wasserman, Xu Security problems in the TCP/IP protocol suite by Bellovin |
3/8 | Spring Break | ||
3/10 | Spring Break | ||
3/15 | Network attacks and defenses denial of service, SYN flooding, SYN cookies,CAPTCHA, client puzzles | ||
3/17 | Network attacks and defenses DNS hijacking, ARP spoofing, BGP routing issues |
Project 3 available |
|
3/22 | Network defenses DNSSEC, IPsec, S-BGP, firewalls, packet filtering, application proxies, tunneling, VPNs, intrusion detection |
||
3/24 | Network defenses Application proxies, tunneling, IPsec, VPNs |
||
3/29 | Anonymity Anonymous remailers, Tor, Tor hidden services, data deanonymization |
Homework 4 available | Tor: The Second-Generation Onion Router by Roger Dingledine, Nick Mathewson, and Paul Syverson Robust De-anonymization of Large Sparse Datasets by Arvind Narayanan and Vitaly Shmatikov |
3/31 | Control hijacking Normal control flow, buffer overflow, integer overflows, format string vulnerabilities, DEP, ASLR |
Project 3 due at 10pm | Smashing the stack for fun and profit by Aleph One Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade by Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole Low-level Software Security by Example by Ulfar Erlingsson, Yves Younan, and Frank Piessen Return-Oriented Programming: Systems, Languages, and Applications by Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage |
4/5 | Control hijacking, defenses, and malware Stack canaries, heap spraying, malware |
Project 4 available | |
4/7 | Access control and OS security ACLs, capabilities, unix file privileges |
Homework 4 due at 10pm | Operating System Security by Trent Jaeger |
4/12 | OS security Confinement, isolation, sandboxing, virtual machines | ||
4/14 | The underground economy Spam, phishing, botnets, measurement studies | Measuring the cost of cybercrime by Ross Anderson et al. Spamalytics: An empirical analysis of spam marketing conversion by Chris Kanich et al. PharmaLeaks: Understanding the business of online pharmaceutical affiliate programs by Damon McCoy et al. | |
4/19 | Advanced threats Government-sponsored malware, spearphishing, advanced persistent threats |
Project 4 due at 10pm Homework 5 available | W32.Stuxnet Dossier Symantec Report APT1: Exposing one of China's cyber espionage units Mandiant Technical Report Counter-cryptanalysis by Marc Stevens |
4/21 | Ethics, law, and policy |
Privacy and the Limits of Law by Ruth Gavison Cyber-security Research Ethics Dialog & Strategy Workshop (CREDS 2013) Going Bright: Wiretapping without Weakening Communications Infrastructure by Steve Bellovin, Matt Blaze, Sandy Clark, and Susan Landau | |
4/26 | Special requests: Side-channel attacks and bitcoin Guest lecture: Daniel Genkin |
Homework 5 due at 10pm |
ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels by Genkin Pachmanov Pipman Tromer and Yarom ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs by Genkin Pachmanov Pipman and Tromer Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation by Genkin Pachmanov Pipman and Tromer RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis by Genkin, Shamir, and Tromer Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks On PCs by Genkin, Pipman, and Tromer Lest We Remember: Cold Boot Attacks on Encryption Keys by J. Alex Halderman, Seth Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph Calandrino, Ariel Feldman, Jacob Appelbaum, and Edward Felten Bitcoin: A Peer-to-Peer Electronic Cash System by Satoshi Nakamoto |
5/3 | Review session 3pm Town 337 | ||
5/4 | Final Exam 12pm-2pm Towne 100 |
There will be five homework assignments to be done individually and four projects to be done in teams of two.
Late Work: You will have a budget of five late days (24-hour periods) over the course of the semester that you can use to turn assignments in late without penalty and without needing to ask for an extension. You may use a maximum of two late days per assignment. Late pair projects will be charged to both partners. Once your late days are used up, extensions will only be granted in extraordinary circumstances.
Course materials have been adapted from J. Alex Halderman and are available under a Creative Commons License.