IERG 5310 Security and Privacy in Cyber Systems (Spring 2015)

Instructor: Sherman Chow
Time: 2:30-5:15pm, Monday
Venue: Ho Sin Hang Engineering Building (SHB) 833

This is a graduate-level class, yet undergraduate are also welcomed.
The course code starts with IERG, yet MSc students are also welcomed.
The assessment will be done accordingly.
(For a related course ENGG 5383, the proportions of Undergraduates, MSc students, and PhD students are roughly the same. We also had students from other HK tertiary institutions for last two years, and exchange student last year.)

Students who have taken IERG4130, other CSCI, ECLT, IEMS courses on security/cryptography can also take this class.
No prior knowledge of security, cryptography, or number theory is required.

Workload:

Class Participation
Reading (Very important)
Written Assignment
Student Presentation
Project (Research and/or Implementation: thorough understanding, prototype; original result will be a big plus but not required)
Presentation and/or Project topics

Features:

Advances in various scenarios ranging from cloud, database, electronic healthcare, smartgrid, recommendations, crowdsourcing, network coding, etc.
Research results from non-crypto/security venues including ICDCS, Infocom, etc.
Guest lectures from security/privacy experts
While we are covering the latest advances, necessary background material will be discussed.
2 undergraduates and 1 PhD student (not my group's) who took my class (ENGG 5383) have their project results published.

Objective: After this course, you will know what is really meant by security/privacy and how to achieve it when given a (new) problem/scenario.

Syllabus:

This course discusses the design and realization of security and privacy services in practical large-scale systems.

Topics include:

online identity and authentication management
e-cash
cloud computing security and privacy
secure outsourcing of data and computation
data provenance
e-voting systems
digital rights management
secure and anonymous routing systems

Additional cyber security services/applications such as

mobile payment systems with Smartcard / near field communications (NFC)
best privacy practices for online social networks and mobile applications
safe browsing
geolocation privacy
trustworthy cloud infrastructure
virtual machine security

can also be possible project topic.

Schedule (Slides will appear on eLearn)

05/1: Logistics/Motivation
Introduction: Basics, Accountable Privacy, Cloud Cryptography
Links: Handbook of Applied Cryptography, Diffie-Hellman Key Exchange, ElGamal Encryption
12/1: Privacy Preserving Access to Resources
Oblivious RAM -- Guest Lecture by Kai-Min Chung
Reading: A Simple ORAM, Path ORAM: An Extremely Simple Oblivious RAM Protocol
Additional Reading: Statistically-secure ORAM with O(log²n) Overhead
Links: Tor Project, Private Information Retrieval (Wikipedia)
19/1: Privacy-Enhancing Technologies: Online Games Hacking Prevention, Smartgrid Data Aggregation, Queries over Distributed Databases.
Collaborative Filtering -- Guest Lecture by Yongjun Zhao
Reading: OpenConflict: Preventing Real Time Map Hacks in Online Games .
Additional Reading: I have a DREAM! (DiffeRentially privatE smArt Metering).
Link: Hash Function (Wikipedia)
26/1: Side Channel Attacks on Mobile Devices, and Privacy-Preserving Cloud Computing -- Guest Lecture by Kehuan Zhang
Reading: Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound (need CUHK network)
Your Voice Assistant is Mine: How to Abuse Speakers to Steal Information and Control Your Phone
Sedic: Privacy-Aware Data Intensive Computing on Hybrid Clouds
02/2: How to Leak a Secret; Digital Identity-Management; Receipt-Free & Verifiable Electronic Voting
Reading: Robust Receipt-Free Election System with Ballot Secrecy and Verifiability
Additional Reading: SPICE - Simple Privacy-Preserving Identity-Management for Cloud Environment (need CUHK network)
09/2: Anonymous Credentials; U-Prove and its Revocation; Bitcoin and Financial Privacy; Anonymous Reputation System
Links: Introduction to Cryptographic Currencies (slides by Claudio Orlandi), Zerocoin Project, Zerocash Project, Bitcoin and Cryptocurrency Technologies (Online course)
16/2: Searchable Encryption; Computing on Encrypted Data
Links: How to Search on Encrypted Data: Searchable Symmetric Encryption (Part 1-5) (blog by Seny Kamara), CryptDB
23/2: (Holiday for Chinese New Year)
02/3: Cryptographic Access Control by Revocable Attribute-Based Encryption; Data Provenance; Traitor Tracing in Digital Right Management
Links: ID-based Encryption, Boneh-Franklin IBE
09/3: [Student Presentation]
- Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation
  + CryptDB: protecting confidentiality with encrypted query processing
- Universally Composable Security Analysis of OAuth v2.0
- The Drunk Motorcyclist Protocol for Anonymous Communication
16/3: [Student Presentation (cont.)] + Outsourcing Computation (The Case of Pairing)
- Telex: Anticensorship in the Network Infrastructure
- Official Arbitration and its Application to Secure Cloud Storage
Link: The Pairing-Based Crypto Lounge
Reading: Secure Delegation of Elliptic-Curve Pairing, Server-Aided Verification: Theory and Practice
23/3: Cloud Storage
Reading: Dynamic Provable Data Possession, Privacy-Preserving Public Auditing for Secure Cloud Storage
30/3: Cloud (cont.), Defense against Leakage and Related Randomness Attack
Reading: Storing Shared Data on the Cloud via Security-Mediator, Secure Cloud Storage Meets with Secure Network Coding (need CUHK network)
06/4: (Holiday for Ching-Ming)
13/4 (1:30-4:15pm@SHB833) [Project Presentations and Wrapping Up]
- App-based Intrusion Detection System with TrustCode
- Comprehensive Analysis of OAuth 2.0 under Universally Composable Framework
- Anonymous Communication
- Obfuscation for Anti-Censorship
- Efficient Dynamic Proof of Retrievability
Project Report Due Date: 18/5

Links:

Standard stuff: