IERG 5310 Security and Privacy in Cyber Systems (Fall 2019)

This is a special-topic course. We will study many different advanced topics under the same general theme.
The course code starts with 5, (i.e., a graduate-level class), yet undergraduate are also welcomed.
The course code starts with IERG, yet MSc(IE) and other students are also welcomed.
The assessment will take the programme enrolled into consideration.

Students who have taken IERG4130, or other CSCI, DSME, ECLT, IEMS courses on security/cryptography can also take this class.
No prior knowledge of security, cryptography, or number theory is required.

Current Student Population: BEng(IE), BSc(MIE), MSc(IE), MPhil(IE), PhD(IE), PhD(CSE), PhD(EE)

Workload:

  1. (Online) Quiz Participation, and Reading (Very important), 10%
  2. Written Assignment, 10%
  3. (Open-Everything) Mid-Term Examination, 20%
  4. Student Presentation, 30%
  5. Project Report, 30%
    (Research and/or Implementation: clear understanding, prototype; original result will be a big plus but not required)
    Project/Presentation Topics (and the 2015 list)
Assessment: You must pass both the course work (40%) and the project (60%) to pass this course.

Features:

  1. Advances in various scenarios (e.g., ranging from cloud, database, electronic healthcare, smartgrid, recommendations, crowdsourcing, network coding, etc.)
  2. Research results from non-crypto/security venues (e.g., ICDCS, ICLR, Infocom, etc.)
  3. While we are covering the latest advances, necessary background material will be discussed.
  4. 40% of the projects in 2015 edition have been published/under preparation.
    (2 undergraduates and 1 PhD student (not my group's) who took my class (ENGG 5383) have their project results published.)
Objective: After this course, you will know what is really meant by security/privacy and how to achieve it when given a (new) problem/scenario.


Schedule
(Slides will appear on Blackboard after the add/drop period)
(Some papers also require CUHK network to download, or you can get them from Blackboard.)
  1. 05/9: Administrivia/Motivation
    06/9: Introduction: Basics, Encryption, Searchable Encryption
    Guest Presentation by Hong Kong Blockchain Society
    Links: Diffie-Hellman Key Exchange, ElGamal Encryption, Nothing to hide argument
    Reading: 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy
    Additional Reading: A Taxonomy of Privacy
  2. 12/9, 13/9: Cryptography Primitives
    Links: Handbook of Applied Cryptography, A Computational Introduction to Number Theory and Algebra
  3. 19/9, 20/9: Hardware-/Servers-assisted Approach
    Links: Private set intersection, Helping organizations do more without collecting more data
    Reading: A Tale of Two Clouds: Computing on Data Encrypted under Multiple Keys (topic on 20/9)
    Additional Reading:
    Two-Party Computation Model for Privacy-Preserving Queries over Distributed Databases (topic on 19/9)
    Intel SGX Explained (topic on 20/9)
  4. 26/9, 27/9: Access Control Encryption and Functional Encryption
    Links: ID-based encryption, Certificateless cryptography, Attribute-based encryption, Functional encryption (more FE)
    Reading: Iron: Functional Encryption using Intel SGX (topic on 26/9)
    Access Control Encryption: Enforcing Information Flow with Cryptography (topic on 27/9)
  5. 3/10, 4/10: Privacy-Enhancing Technologies
    Link: Modular exponentiation
    Reading: On Deploying Secure Computing Commercially: Private Intersection-Sum Protocols and their Business Applications
    Additional Reading: Privacy Preserving Collaborative Filtering from Asymmetric Randomized Encoding (topic on 4/10)
    Are you The One to Share? Secret Transfer with Access Structure (topic on 4/10)
  6. 10/10, 11/10: Democracy-Enhancing Technologies
    Reading: A Blind Coupon Mechanism Enabling Veto Voting over Unreliable Networks (on Blackboard)
    Additional Reading: Democracy Enhancing Technologies: Toward deployable and incoercible E2E elections
  7. 17/10, 18/10: Privacy-Preserving Machine Learning
    Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware
  8. 24/10, 25/10: Privacy-Preserving Payment
    Reading: Privacy Preserving Credit Systems (topic on 25/10, on Blackboard)
  9. 31/10, 1/11: Password-Hardening
    Link: Facebook: Password hashing & authentication
    Reading: Phoenix: Rebirth of a Cryptographic Password-Hardening Service (topic on 1/11)
  10. 7/11 (Holiday), 8/11: Cloud Storage
  11. 14/11 15/11: No class
    Assignment due on 14/11 (postponed to 20/11)
  12. 21/11, 22/11: No class
  13. 28/11, 29/11: No class

Project Presentations (2019)
Online Quiz:
  1. (Survey) Session #: H3606
  2. Session #: H3760
  3. Session #: H3761
  4. Session #: H3762
Links: Standard stuff: