Advanced Network Security/Privacy

Fall 2011

Instructor: Claude Castelluccia (claude.castelluccia@inria.fr)

Announcements

...

Course Description

This course will introduce modern topics in network security and privacy. It will provide a thorough grounding in network security suitable for those interested in conducting research in this area, as well as students more broadly interested in real-world security. Topics will span (but not limited to):

C1: SecurityI: Introduction to Wireless Security (slides)

C2: SecurityII: 802.11 security (slides)
C3: SecurityIII: Wireless Sensor Networks and RFID Security & Privacy (rfid, wsn1, wsn2)
C4: Internet Privacy I
C5: Internet Privacy II

Textbook (s): There is no required textbook. All reading will be from research papers in top security conferences and journals.

Grading

Paper presentation: 100%

There is no mid-term or final exam.

Paper presentation:

You need to present it during the class (~20 min).
The slides have to be sent to me 2 days prior to the corresponding lecture.
Here are good advices to prepare your talk (click here).

Problem domain: background, motivation, why this problem is important/novel/interesting
Summary of the paper:

assumption, main techniques, results

Possible future work/direction

Pros, cons of the paper (your conclusion)

What can we do based on this work: lesson learned from this work? stimulate new related problem? flawed assumption/technique can be improved/extended? technique can be used to other (maybe your own dedicated) domain to solve other problem? what extension can we do for further work? ...

This is an individual work. Plagiarism will result in a mark of zero for the assignment.

Schedule

This tentative schedule will be updated as the course progresses. Please check back for most recent update!

07/12/2011: papers 1, 2, 3, 4
14/12/2011: papers 5, 7, 8, 9
06/01/2012: papers 6, 10, 13, 14, 12, 18
20/01/2012: papers 20, 24, 22, 23, 27

Paper assignement:

Benjamin Olivier: paper 14

Bollo Matteo:
paper 23

Cornelie Marie-Angela: paper 20

Lombardi Fabio: paper 24

Maillet Arnaud: paper 1

Scianname Liberantonio: paper 22

Vaello Torregrosa Braulio: paper 8

Yip Jennifer Ling: paper 9

Al Nameh Ammar : paper 27

Gritti Clémentine: paper 3

Janon Floriane: paper 2

Kassem Ali :paper 6

Ribeiro Victor-Manuel: paper 4

Siswantoro Hari: paper 10

Sultan Ziad: paper 13

Benchrifa Youness: 18
Meknassi Ismail: 12
Kom Mbiengang Edwige Prisca: 5
Mera Michael: 7

List of papers (use google if the link is broken!!!!)

Topic

papers

Presenter

Botnets/Malware

1. My Botnet is Your Botnet: Analysis of a Botnet Takeover, Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Christopher Kruegel, Giovanni Vigna and Richard Kemmerer.
2 Learning more about the Underground Economy: A Case-Study of Keyloggers and Dropzones

3. Detecting Malware Domains at the Upper DNS Hierarchy, Manos Antonakakis, Damballa Inc. and Georgia Institute of Technology; Roberto Perdisci, University of Georgia; Wenke Lee, Georgia Institute of Technology; Nikolaos Vasiloglou II, Damballa Inc.; David Dagon, Georgia Institute of Technology

System
Security

4. On The Practicality of UHF RFID Fingerprinting: How Real is the RFID Tracking Problem? Davide Zanetti, Pascal Sachs, and Srdjan Capkun (ETH Zurich)

5. Secure In-Band Wireless Pairing, Shyamnath Gollakota, Nabeel Ahmed, Nickolai Zeldovich, and Dina Katabi, Massachusetts Institute of Technology

6. Hookt on fon-iks: Phonotactic Reconstruction of Encrypted VoIP Conversations, Andrew M. White, Kevin Snow, Austin Matthews, Fabian Monrose (University of North Carolina at Chapel Hill)

7. Chip and PIN is Broken, Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond (University of Cambridge)

8. Comprehensive Experimental Analyses of Automotive Attack Surfaces
Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage, University of California, San Diego; Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno, University of Washington

9. Lest We Remember: Cold Boot Attacks on Encryption Keys, http://citp.princeton.edu/pub/coldboot.pdf

10. SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale, Collin Mulliner, Nico Golde, and Jean-Pierre Seifert, Technische Universität Berlin and Deutsche Telekom Laboratories

11. VIPER: Verifying the Integrity of PERipherals' Firmware, Yanlin Li, Jonathan McCune and Adrian Perrig

12. Protecting Consumer Privacy from Electric Load Monitoring, Stephen Mclaughlin, William Aiello and Patrick Mcdaniel

13. Android Permissions Demystified, Adrienne Felt, Erika Chin, Steve Hanna, David Wagner and Dawn Song

14. These Aren't the Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications, Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart Schechter and David Wetherall

Web Security
and
CyberFraud

15. An inquiry into the nature and causes of the wealth of Internet miscreants, J. Franklin, V. Paxson, A. Perrig, and S. Savage

16.Spamalytics: an Empirical Analysis of Spam Marketing Conversion, CCS'0

Internet
Privacy

17. De-anonymizing Social Networks, Narayanan, V. Shmatikov. S&P 2009

18. Robust De-anonymization of Large Sparse Datasets, A. Narayanan, V. Shmatikov.

19. Detecting privacy leaks using corpus-based association rules

20. Privad: Practical Privacy in Online Advertising (NSDI2011)
Saikat Guha, Microsoft Research India; Bin Cheng and Paul Francis, MPI-SWS

21. Auctions in Do-Not-Track Compliant Internet Advertising,” Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, Oct 2011.

22. Privacy Diffusion on the Web: A Longitudinal Perspective , Balachander Krishnamurthy and Craig E. Wills. Proceedings of the World Wide Web Conference, April 2009

23. Privacy leakage vs. Protection measures: the growing disconnect, Balachander Krishnamurthy, Konstantin Naryshkin, Craig Wills, Web 2.0 Security and Privacy Workshop, May 2011

24. RePriv: Re-Imagining Content Personalization and In-Browser Privacy, Matthew Fredrikson (University of Wisconsin), Benjamin Livshits (Microsoft Research)

25. R. Wang, Y. Li, X. Wang, H. Tang, X. Zhou. "Learning your identity and disease from research papers: information leaks in genome wide association study," ACM Conference on Computer and Communications Security, 2009, pp. 534-544. [PDF]

26. A. Korolova. "Privacy Violations Using Microtargeted Ads: A Case Study," IEEE International Workshop on Privacy Aspects of Data Mining (PADM ’2010). [PDF]

27. I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy, S. LeBlond, C. Zhang, A.Legout, KW Ross, W. Dabbous.