89437 Cyber Security Seminar [given at spring 2014]

In this seminar, we will discuss recent research and (proposed) standards related to Cyber Security. The seminar will look at a wide range of topics that we investigate in the `secure communication and computing ('cyber')` group. The topics are related to Internet and Cyber security, and include: secure routing, DNS security, cloud security, security of emerging network technologies (SDN, content-centric, others), collaborative attack detection, privacy and anonymity, secure usability and social engineering, security of social networks, denial of service, financial cryptography, off-path attacks (on TCP/IP, DNS, more), attacks on important cryptographic protocols, covert communication, SCADA (control networks) security, mobile/cellular security, and more.

Students can present: (1) results of their own (esp. before presenting in a conference), (2) results from papers proposed below, or (3) other papers selected by the student and approved by the lecturer, e.g., from one of the leading security conferences (CCS, NDSS, IEEE Security and privacy, CNS, Usenix Security).

Meetings: we meet weekly, Tuesdays 6-7:30pm, in room 8, ground floor, left aisle, building 408.

Before meeting, student should send to lecturer `notes', which are essentially a digest of the paper, summarizing it, in large font (Times Roman 12 pts), easy for the class to go thru while the student describes the paper. Notes should include clarifications of unclear issues and mistakes in the paper, examples when needed, and criticism of the paper (in a fair and polite way, of course). Students should prepare the notes well in advance of the class in which they are scheduled to present; this often requires communication with the authors. See examples e.g. in 89438.

During meeting, student will lead a discussion of the paper, explaining it, giving examples, answer questions, etc. ; you can present some foils too if desired (not mandatory!), and of course use board.

After meeting, student will update the notes and provide them to the lecturer within two weeks, to be reviewed and posted in the site.

Attendance is mandatory, but you are allowed to miss up to three classes if you must (without presenting justification).

Prerequisites: knowledge in networking (at least 89-350) and in security/crypto (at least one of 89-690, 89-550, 89-656). Students learning 89-350 in parallel and having reasonable previous background may be admitted, but please discuss with lecturer.

Proposed (and still available) papers:

1. Secure routing: RFC 6480, An Infrastructure to Support Secure Internet Routing (RPKI), by Matt Lepinski and Steve Kent.
2. Secure routing: A Survey of Interdomain Routing Policies, by Gill, Schapira and Goldberg. Presentation should present background on BGP as required to understand this paper, incl., for example, the Huston / Gao-Rexford Model.
3. Secure routing: BGP security in partial deployment: is the juice worth the squeeze?, by Lychev, Goldberg, Schapira, SIGCOMM'13.
4. Anonymity, privacy, mobile security (Android): Identity, Location, Disease and More: Inferring Your Secrets from Android Public Resource. By Zhou et al., CCS'13.
5. Anonymity, cloud security, applied crypto: Path ORAM: An Extremely Simple Oblivious RAM Protocol, by Stefanovy et al.; CCS'13.
6. Anonymity: PCTCP: Per-Circuit TCP-over-IPsec Transport for Anonymous Communication Overlay Networks, by Alsabahs and Goldberg, CCS'13.

Schedule and Papers:

Note: usually, there is no problem in switching weeks, if the target week is unassigned yet or if the other student agrees. In general, schedule as well as papers are subject to change, in particular as we may find more relevant papers, etc.; and students are also encouraged to identify and suggest other papers (esp., papers related to their own research).