Advanced Network Security/Privacy

Fall 2009

Instructor: Claude Castelluccia (claude.castelluccia@inria.fr)

Announcements

...

Course Description

This course will introduce modern topics in network security and privacy. It will provide a thorough grounding in network security suitable for those interested in conducting research in this area, as well as students more broadly interested in real-world security. Topics will span (but not limited to):

Wireless Security

C0: Crypto refresher (only for the MOSIG students) (slides)
C1: Introduction to Wireless Security (slides), and 802.11 security (slides) (06/01/10)

C2: 802.11 and GSM Security (13/02/10) (slides)
C3: WEP Cracking lab (20/01/10)
C4: Pervasive Network Security & Privacy (10/02/10)
C5: Internet Privacy (TOR ,...) (24/02/10)

Botnets: threat and defense
Denial-of-Service: attack and defense
Internet security
Internet privacy

Textbook (s): There is no required textbook. All reading will be from research papers in top security conferences and journals.

Grading

Paper mini-review: 50%
Paper presentation: 50%

There is no mid-term or final exam.

Paper presentation and mini-review:

You need to select a research paper (see below) and write a mini-review/summary (~4 pages) of it. This mini-review/summary can include:

Problem domain: background, motivation, why this problem is important/novel/interesting
Summary of the paper:

assumption, main techniques, results

Possible future work/direction

Pros, cons of the paper (your conclusion)

What can we do based on this work: lesson learned from this work? stimulate new related problem? flawed assumption/technique can be improved/extended? technique can be used to other (maybe your own dedicated) domain to solve other problem? what extension can we do for further work? ...

The mini-review has to be sent to me 2 days prior to the corresponding lecture.

You then need to present the mini-review during the class (~20 min)..

This is an individual work. Plagiarism will result in a mark of zero for the assignment.

Please send me 5 choices as soon as possible (before christmas). I will then assign the papers according to the requests.

Schedule (tentative)

This tentative schedule will be updated as the course progresses. Please check back for most recent update!

13/01/2010: papers 2, 3, 4, 5, 7
20/01/2010: papers 6, 9, 8, 11, 12
27/01/2010: papers 13, 14, 17, 18, 19
10/02/2010: papers 20, 21, 22, 24, 25

List of papers (use google if the link is broken!!!!)

Topic

papers

Presenter

Botnets

1.A Multifaceted Approach to Understanding The Botnet Phenomenon. Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis. IMC'06

2. Spamming Botnet: Signatures and Characteristics. Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov. SIGCOMM'08

3. Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm. Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack,Felix Freiling. LEET'08

4. My Botnet is Your Botnet: Analysis of a Botnet Takeover, Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Christopher Kruegel, Giovanni Vigna and Richard Kemmerer.

5. On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, Thomas La Porta and Patrick McDaniel

XX



Al Ali (2)





Rojat (3)




Al Awadi (4)





Alblooshi (5)

Embedded
System
Security

6. EPC RFID Tag Security Weaknesses and Defenses: Passport Cards, Enhanced Drivers Licenses, and Beyond, Karl Koscher, Ari Juels, Tadayoshi Kohno and Vjekoslav Brajkovic

7. On the Difficulty of Software-Based Attestation of Embedded Devices, C. Castelluccia and al.

8. Devices That Tell on You: Privacy Trends in Consumer Ubiquitous Computing Export : Scott T. Saponas, Jonathan Lester, Carl Hartung, Sameer Agarwal, Tadayoshi Kohno

9. Physical-layer Identification of RFID Devices by Boris Danev, Thomas S. Heydt-Benjamin, Srdjan Capkun. Proceedings of the 18th USENIX Security Symposium, Montreal, Canada, August 2009.

10. "SWATT: SoftWare-based ATTestation for Embedded Devices.", Seshadri, Arvind, Adrian Perrig, Leendert van Doorn, and Pradeep Khosla.

Arnedo (6)




Bani (7)



Barjon (8)






Altamimi (9)



XX

Web Security
and
CyberFraud

11. All Your iFRAMEs Point to Us. Niels Provos and Panayiotis Mavrommatis, Moheeb Abu Rajab, Fabian Monrose. Security'08

12. The Ghost In The Browser, Analysis of Web-based Malware. N. Provos et al. HotBots'07.

13. An inquiry into the nature and causes of the wealth of Internet miscreants, J. Franklin, V. Paxson, A. Perrig, and S. Savage

14. Studying Malicious Websites and the Underground Economy on the Chinese Web

15. Spamscatter: Characterizing Internet Scam Hosting Infrastructure

16. On the Spam Campaign Trail

17. Spamalytics: an Empirical Analysis of Spam Marketing Conversion, CCS'0


Alnoon (11)


Alshamsi (12)


Devillez (13)



Meffray (14)

XX


XX


Gabi (17)

Internet
Privacy

18. "Security Without Identification: Transaction Systems to Make Big Brother Obsolete," D. Chaum, Communications of the ACM, vol. 28 no. 10, October 1985

19. Hey, You, Get Off My Cloud! Exploring Information Leakage in Third- Party Compute Cloud, Thomas Ristenpart, Eran Tromer, Hovav Shacham and Stefan Savage, ACM CCS2009

20. De-anonymizing Social Networks, Narayanan, V. Shmatikov. S&P 2009

21. Robust De-anonymization of Large Sparse Datasets, A. Narayanan, V. Shmatikov.

22. Detecting privacy leaks using corpus-based association rules

23. De-anonymizing the Internet using Unreliable IDs

24. Serving Ads from localhost for Performance, Privacy, and Profit,” S. Guha, A. Reznichenko, K. Tang, H. Haddadi and P. Francis., In Proceedings of Hot Topics in Networking (HotNets), New York, NY, Oct 2009.

25. Vanish: Increasing Data Privacy with Self-Destructing Data. In Proceedings of the USENIX Security Symposium, Montreal, Canada, August 2009.

26.The Privacy Jungle: On the Market for Data Protection in Social Networks

Wloka (18)

Kolokoso (19)

Mangeot (20)

Mohamed
Khuloud (21)

Rippert (22)

xx

Tharaud (24)

Tchoula (25)

xx