CIS-700: Topics on privacy and anonymity
Spring 2021
Instructor: Sebastian Angel
Room: Zoom
Time: M/W 10:30 AM - 12:00 PM
This course will cover selected topics on anonymous communication systems and other privacy-preserving technologies. Some of the works that this course studies include the Tor anonymity network, pivate chat systems, and studies on the privacy implication of online dating, among others. The first half of each class will consist of a lecture providing the historical context and the general ideas of the papers assigned. The second half of each class will consist of a detailed discussion of the techniques, tradeoffs, and potential extentions of the papers assigned. Each student is expected to lead at least one discussion. In addition to lectures and discussions, this course includes 3 reading comprehension assignments and a research project.
Reading assignments
Provide a written critique of 3 of the assigned readings. Each critique consits of a summary of the assigned paper, a discussion of its limitations, a list of applications, and extensions. It is expected that one of the reading assignments corresponds to the reading for which you will be leading a discussion.
Research project
Propose and complete a research project in a related area (can be done in groups of at most 3 students). Example projects include (but are not limited to):
For those who prefer finding vulnerabilities in systems and protocols:
For those who prefer building systems:
For those who prefer the more theoretical aspects:
Students should submit a project proposal by March 3, and are encouraged to discuss with me their ideas prior to selecting a project. Students are expected to give an oral presentation of their project in class and turn in a final report by April 29.
Most of the material in this course is accessible to someone with a general CS background. However, familiarity with the content of any of these classes (or their equivalent) is recommended: CIS 331, CIS 505, CIS 551, CIS 553, CIS 556
.Date | Topic | Required reading |
---|---|---|
Jan. 20 | Course overview and intro to anonymity | Anonymity terminology by Andreas Pfitzmann and Marit Hansen |
Jan. 25 | Mix networks |
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms by David Chaum Stop-and-Go-MIXes by Dogan Kesdogan, Jan Egner, and Roland Büschkes |
Jan. 27 | Traffic analysis attacks |
The disadvantages of free MIX routes and how to overcome them by Oliver Berthold, Andreas Pfitzmann, and Ronny Standtke Statistical Disclosure Attacks: Traffic Confirmation in Open Environments by George Danezis |
Feb. 1 | Peer-to-peer routing |
Crowds: Anonymity for Web Transactions by Michael K. Reiter and Aviel D. Rubin |
Feb. 3 | Attacks on peer-to-peer systems |
The Sybil attack by John R. Douceur Eclipse Attacks on Overlay Networks by Singh et al. |
Feb. 8 | Onion routing | Tor: The Second-Generation Onion Router by Roger Dingledine, Nick Mathewson, and Paul Syverson |
Feb. 10 | Dining cryptographer networks |
The Dining Cryptographers Problem by David Chaum Elluding Carnivores by Gün Sirer et al. |
Feb. 15 | ENIAC Day | Attend ENIAC Day Symposium |
Feb. 17 | Metadata-private messaging | Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis by van den Hooff et al. |
Feb. 22 | What does privacy mean to you? | Turtles, Locks, and Bathrooms: Understanding Mental Models of Privacy Through Illustration by Oates et al. |
Feb. 24 | Privacy in online dating | How Public Is My Private Life? Privacy in Online Dating by Camille Cobb and Tadayoshi Kohno |
Mar. 1 | Privacy in status indicators | A Privacy-Focused Systematic Analysis of Online Status Indicators by Cobb et al. |
Mar. 3 |
Privacy of bystanders in pictures Project proposal due |
Automatically Detecting Bystanders in Photos toReduce Privacy Risks by Hasan et al. |
Mar. 8 | Spring break | |
Mar. 10 | Spring break | |
Mar. 15 | Privacy in online advertising | Privad: Practical Privacy in Online Advertising by Saikat Guha, Bin Cheng, and Paul Francis |
Mar. 17 | Privacy in social networks | Persona: An Online Social Network with User-Defined Privacy by Baden et al. |
Mar. 22 | Privacy in location services | A Survey of Computational Location Privacy by John Krumm |
Mar. 24 | Privacy in media streaming services | Scalable and private media consumption with Popcorn by Gupta et al. |
Mar. 29 | Privacy in reputation systems | SoK: Privacy-Preserving Reputation Systems by Stan Gurtler and Ian Goldberg |
Mar. 31 | Privacy in law enforcement | Open, privacy-preserving protocols for lawful surveillance by Aaron Segal, Joan Feigenbaum, and Bryan Ford |
Apr. 5 | Privacy in free and paid apps | The Price is (Not) Right: Comparing Privacy in Free and Paid Apps by Han et al. |
Apr. 7 | Privacy in voice activated devices | When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers by Dubois et al. |
Apr. 12 | Work on project (no lecture) | |
Apr. 14 | Work on project (no lecture) | |
Apr. 19 | Privacy for authors and developers | Git Blame Who?: Stylistic Authorship Attribution of Small, Incomplete Source Code Fragments by Dauber et al. |
Apr. 21 | Project presentations | |
Apr. 26 | Project presentations | |
Apr. 28 | Project presentations | |
Apr. 29 | Project report due |