I433 System & Protocol Security


The course conetent includes

Some programming background is necessary. A specific language is not required, but it is assumed you can pick up new languages where needed for this course.

Instructor & Moderator: Yan Huang
Class Meetings: Mon Wed 12:20-13:10 BH 317
Labs: Friday 10:10-11:00, 11:15-12:05, INFO 009
AI: Shruti Shivaramakrishnan (sshivara@indiana.edu)
Office Hours: Monday/Wednesday/Friday after classes


Date Contents
Jan 11 Introduction
Jan 13 Security Principles
Additional reading: Protection of Information in Computer Systems, Saltzer and Schroeder, 1975.
Jan 20 Symmetric Encryption: Defining Security and Perfectly Secure Cipher
Jan 25 Block Ciphers and DES
Jan 27 The AES Block Cipher
Feb 1 Modes of Operation and Semantic Security
Feb 3 CPA, Padding Oracle Attacks, and CCA
Feb 8 Message Authentication Codes
Feb 10 Cryptographic Hashes
Feb 15 Buffer Overflows
Reading: Smashing the stack for fun and profit, Aleph One, 1997
Reading: Exploiting Format String Vulnerabilities
Feb 17 More exploits and countermeasures of overlfows
Feb 29 Integer overflow and Format String attacks
Reading: Exploiting Format String Vulnerabilities
Mar 2 Memory Attacks on the Heap
Mar 7 Authenticated Encryption
Mar 9 The Kerberos Authentication System
Reading: Designing an Authentication System: A Dialogue in Four Scenes
Mar 23 Midterm Review & Memory Efficient Hash Attacks
Mar 28 Key Distribution (1)
Reading: New Directions in Cryptography, W. Diffie and M. Hellman, IEEE Trans. on Information Theory, 1976
Mar 30 Key Distribution (2) -- Diffie-Hellman
Apr 6 Public Key Cryptography (Textbook RSA Encryption Scheme)
Apr 11 Public Key Cryptography (Digital Signatures)
Apr 13 Public Key Infrastructure
Apr 18 Web Security - JavaScript Rootkits
Reading: Rootkits for JavaScript Environments. Ben Adida, Adam Barth, Collin Jackson
Apr 20 Web Security - Same Origin Policies
Reading: Beware of Finer-Grained Origins. Collin Jackson, Adam Barth.
Apr 25 Web Security - Advanced Issues
Apr 27 Reflections on Trusting Trust
Reading: Reflections on Trusting Trust. Ken Thompson, Comm. of ACM, 1984.