IERG 5310 Security and Privacy in Cyber Systems (Spring 2015)

This is a graduate-level class, yet undergraduate are also welcomed.
The course code starts with IERG, yet MSc students are also welcomed.
The assessment will be done accordingly.
(For a related course ENGG 5383, the proportions of Undergraduates, MSc students, and PhD students are roughly the same. We also had students from other HK tertiary institutions for last two years, and exchange student last year.)

Students who have taken IERG4130, other CSCI, ECLT, IEMS courses on security/cryptography can also take this class.
No prior knowledge of security, cryptography, or number theory is required.


  1. Class Participation
  2. Reading (Very important)
  3. Written Assignment
  4. Student Presentation
  5. Project (Research and/or Implementation: thorough understanding, prototype; original result will be a big plus but not required)
    Presentation and/or Project topics
  1. Advances in various scenarios ranging from cloud, database, electronic healthcare, smartgrid, recommendations, crowdsourcing, network coding, etc.
  2. Research results from non-crypto/security venues including ICDCS, Infocom, etc.
  3. Guest lectures from security/privacy experts
  4. While we are covering the latest advances, necessary background material will be discussed.
  5. 2 undergraduates and 1 PhD student (not my group's) who took my class (ENGG 5383) have their project results published.
Objective: After this course, you will know what is really meant by security/privacy and how to achieve it when given a (new) problem/scenario.


This course discusses the design and realization of security and privacy services in practical large-scale systems.

Topics include:

Additional cyber security services/applications such as can also be possible project topic.
Schedule (Slides will appear on eLearn)
  1. 05/1: Logistics/Motivation
    Introduction: Basics, Accountable Privacy, Cloud Cryptography
    Links: Handbook of Applied Cryptography, Diffie-Hellman Key Exchange, ElGamal Encryption
  2. 12/1: Privacy Preserving Access to Resources
    Oblivious RAM -- Guest Lecture by Kai-Min Chung

    Reading: A Simple ORAM, Path ORAM: An Extremely Simple Oblivious RAM Protocol
    Additional Reading: Statistically-secure ORAM with O(log2n) Overhead
    Links: Tor Project, Private Information Retrieval (Wikipedia)
  3. 19/1: Privacy-Enhancing Technologies: Online Games Hacking Prevention, Smartgrid Data Aggregation, Queries over Distributed Databases.
    Collaborative Filtering -- Guest Lecture by Yongjun Zhao

    Reading: OpenConflict: Preventing Real Time Map Hacks in Online Games.
    Additional Reading: I have a DREAM! (DiffeRentially privatE smArt Metering).
    Link: Hash Function (Wikipedia)
  4. 26/1: Side Channel Attacks on Mobile Devices, and Privacy-Preserving Cloud Computing -- Guest Lecture by Kehuan Zhang
    Reading: Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound (need CUHK network)
    Your Voice Assistant is Mine: How to Abuse Speakers to Steal Information and Control Your Phone
    Sedic: Privacy-Aware Data Intensive Computing on Hybrid Clouds
  5. 02/2: How to Leak a Secret; Digital Identity-Management; Receipt-Free & Verifiable Electronic Voting
    Reading: Robust Receipt-Free Election System with Ballot Secrecy and Verifiability
    Additional Reading: SPICE - Simple Privacy-Preserving Identity-Management for Cloud Environment (need CUHK network)
  6. 09/2: Anonymous Credentials; U-Prove and its Revocation; Bitcoin and Financial Privacy; Anonymous Reputation System
    Links: Introduction to Cryptographic Currencies (slides by Claudio Orlandi), Zerocoin Project, Zerocash Project, Bitcoin and Cryptocurrency Technologies (Online course)
  7. 16/2: Searchable Encryption; Computing on Encrypted Data
    Links: How to Search on Encrypted Data: Searchable Symmetric Encryption (Part 1-5) (blog by Seny Kamara), CryptDB
  8. 23/2: (Holiday for Chinese New Year)
  9. 02/3: Cryptographic Access Control by Revocable Attribute-Based Encryption; Data Provenance; Traitor Tracing in Digital Right Management
    Links: ID-based Encryption, Boneh-Franklin IBE
  10. 09/3: [Student Presentation]
  11. 16/3: [Student Presentation (cont.)] + Outsourcing Computation (The Case of Pairing) Link: The Pairing-Based Crypto Lounge
    Reading: Secure Delegation of Elliptic-Curve Pairing, Server-Aided Verification: Theory and Practice
  12. 23/3: Cloud Storage
    Reading: Dynamic Provable Data Possession, Privacy-Preserving Public Auditing for Secure Cloud Storage
  13. 30/3: Cloud (cont.), Defense against Leakage and Related Randomness Attack
    Reading: Storing Shared Data on the Cloud via Security-Mediator, Secure Cloud Storage Meets with Secure Network Coding (need CUHK network)
  14. 06/4: (Holiday for Ching-Ming)
  15. 13/4 (1:30-4:15pm@SHB833) [Project Presentations and Wrapping Up]
  16. Project Report Due Date: 18/5
Links: Standard stuff: