Topics & Readings

Class Notes

Assignments are being replaced with a literature review paper (a paper in which a collection of papers are analyzed and discussed)
End of March: submit a small literature review paper (possibly written in a group of 3 to 4 people)
Multiple grading schemes at end of semester (20% literature review paper, 10% hacking journal and vice-versa)

Midterm and final will be essay-based; sample questions will be provided to help with studying
Midterm topics to be announced in a in a future lecture

During reading week, you will receive a mark for your hacking journals to-date
After reading week, the course will be mostly focused on research papers
Going forward, focus of hacking journals should be to go in-depth rather than breadth
Hacking journals likely to end by mid-March

Unlike other computer science disciplines, computer security revolves around conferences
Academic conferences and non-academic conferences (e.g., Defcon and Black Hat) have different purposes
Submitted papers at respectable academic conferences tend to have an acceptance rate of 20% or less
Big Four Conferences
- IEEE Symposium on Security and Privacy (S&P); formerly known as the Oakland Conference http://www.ieee-security.org/TC/SP-Index.html
- ACM Computer and Communications Security (CCS) http://www.sigsac.org/ccs.html
- USENIX Security Symposium https://www.usenix.org/conference/usenixsecurity15
- ISOC Network and Distributed Systems Security (NDSS) http://www.internetsociety.org/events/ndss-symposium
Other well-respected conferences:
- SOUPS (Symposium On Usable Privacy and Security) https://cups.cs.cmu.edu/soups/
- ACSAC (Annual Computer Security Applications Conference); caters to application of security in the US military http://www.acsac.org/
- FC (Financial Crypto) http://fc15.ifca.ai/
- NSPW http://www.nspw.org
Browse conference websites to find interesting topics for your literature review paper
If working individually, paper should be approximately 10 pages double-spaced.

Generating one can be done on command line (md5sum, sha1sum, sha256sum)
MD5 represents a 128-bit hash as a 32 digit hexadecimal; usage is discouraged since it has been terribly compromised
SHA-1 hashes are bit longer but have also been compromised; Google is discouraging SHA-1 for websites and SSL encryption by displaying warnings in Chrome
SHA-256 is recommended
A property of any secure hash: a 1-bit change in input must lead to, on average, half of the bits changing in the output
Generally, it is computationally impossible to reverse a hash unless the hash function is broken in which case, shortcuts can be used.
Computationally infeasible to break SHA-256 right now
A birthday-attack is a fast brute force attack on a crypto algo (example: decreasing search space to increase chances of collision)
Common use of hashes: software distribution (e.g., ISOs, disk images, BitTorrent)
- This allows you to verify that integrity of a download
- Caveat: if someone can alter your download, they can likely alter the publicly listed hash
Key terminology
- RSN: robust secure network
- AES: block cipher
- SHA256: Hash function

protocol used to talk to web server securely with a secure, encrypted connection
algorithms: AES is the block cipher used, GCM is the mode, RSA is part of the public key exchange
Diffie-Hellman: the first public key algorithm that was created; used for key exchange, not authentication;
- example: talking to someone across the world
- in order to have a secure channel to talk with them, you can use block ciphers
- block ciphers require shared keys

“known_hosts” file located in your /.ssh folder contain public keys of machines that you can connect to
“authorized_keys” contains public keys of machines that you have authorized to connect to your machine
if a public key changes, you’ll get an error
Large corporations use their own certificates
- provides a secure connection to their proxy
- let’s them monitor activity
Encryption can very easily be your enemy