Course pages 2013–14

Computer Security: Current Applications and Research

Course material has not yet been finalised for R210; see the R209 to learn more about course structure and assessment. Most sessions will be similar to last year's sessions, which you can read about here

Please contact the course instructors if you have any questions.

Reading materials

The following papers are assigned reading for R210; this schedule is believed final.

1. Covert and anonymous communications (Steven Murdoch - 20 January 2014)
   1. Mixminion: Design of a Type III Anonymous Remailer Protocol, George Danezis, Roger Dingledine, and Nick Mathewson. In Proceedings of the 2003 IEEE Symposium on Security and Privacy.
   2. Tor: The Second-Generation Onion Router (2014 DRAFT v1), Roger Dingledine, Nick Mathewson, Steven Murdoch and Paul Syverson. Technical Report, Tor Project, January 2014.
   3. Hot or Not: Revealing Hidden Services by their Clock Skew, Steven J. Murdoch. In Proceedings of the 2006 ACM Conference on Computer and Communications Security (CCS)
2. Bootstrapping security relationships (Frank Stajano - 27 January 2014)
   1. The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks, Frank Stajano and Ross Anderson, 7th International Workshop on Security Protocols, Cambridge, UK, 1999-04-19. Springer LNCS 1796, published 2000.
   2. A key-management scheme for distributed sensor networks, Laurent Eschenauer, Virgil D. Gligor, ACM CCS '02 – Proceedings of the 9th ACM conference on Computer and communications security pp 41-47.
   3. Multichannel Security Protocols", in IEEE Pervasive Computing, Special Issue on Security and Privacy, 6(4):31-39, Oct-Dec 2007.
3. Mobile-system security (Alastair Beresford - 3 February 2014)
   1. Jekyll on iOS: When Benign Apps Become Evil, Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee. In Proceedings of the 22nd USENIX Security Symposium (USENIX Security), 2013.
   2. PlaceRaider: Virtual Theft in Physical Spaces with Smartphones, Robert Templeman, Zahid Rahman, David Crandall, and Apu Kapadia. arXiv:1209.5982 [cs.CR].
   3. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, William Enck, Peter Gilbert, Byung-gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2010.
4. Censorship resistance (Steven Murdoch - 10 February 2014)
   1. Tools and Technology of Internet Filtering, Steven J. Murdoch and Ross Anderson. In Access Denied: The Practice and Policy of Global Internet Filtering, MIT Press, January 2008.
   2. Protecting Free Expression Online with Freenet, Ian Clarke, Theodore W. Hong, Scott G. Miller, Oskar Sandberg, and Brandon Wiley, IEEE Internet Computing v 6 no 1, 40-49 (2002).
   3. Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability, Amir Houmansadr, Giang T. K. Nguyen, Matthew Caesar, Nikita Borisov. In Proceedings of the 2011 ACM Conference on Computer and Communications Security (CCS).
5. Psychology and security (Ross Anderson - 17 February 2014)
   1. Daniel Kahneman's Nobel Prize lecture
   2. The evolution and psychology of self-deception by Bill Von Hippell and Bob Trivers
   3. Scam Compliance and the Psychology of Persuasion, Modic, David and Lea, Stephen E. G., June 21, 2013, Available at SSRN.
   Optional additional reading:
   • Understanding scam victims: seven principles for systems security by Frank Stajano and Paul Wilson
6. Banking security (Mike Bond - 24 February 2014)
   1. Chip and PIN is Broken, Steven J. Murdoch, Saar Drimer, Ross Anderson, and Mike Bond. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (May 2010), pp. 433-446, doi:10.1109/sp.2010.33.
   2. Majority is not Enough: Bitcoin Mining is Vulnerable, Ittay Eyal, Emin G. Sirer, 4 November 2013, arXiv.org
   3. Cloning Credit Cards: A combined pre-play and downgrade attack on EMV Contactless, Michael Roland and Josef Langer, in WOOT 2013, Proceedings of the 7th USENIX conference on Offensive Technologies Pages 6-6.
   Optional additional reading:
   • API-Level Attacks on Embedded Systems, Mike Bond and Ross Anderson, in IEEE Computer 34, 10 (October 2001), p67-75. by Mike Bond and Ross Anderson. 2001.
7. Social network security (Jonathan Anderson - 3 March 2014)
   1. Social phishing, Tom Jagatic, Nathaniel Johnson, Markus Jakobsson and Filippo Menczer, Communications of the ACM 50:10 (Oct 2007)1
   2. Pr ivacy Violations Using Microtargeted Ads: A Case Study, Aleksandra Korolova, ICDMW 2010: Proceedings of the 10th IEEE International Conference on Data Mining Workshops pp 474–482
   3. A Critical Look at Decentralized Personal Data Architectures, Arvind Narayanan, Solon Barocas, Vincent Toubiana, Helen Nissenbaum and Dan Boneh, DUMW: Data Usage Management on the Web (2012)
8. Hardware security and tamper resistance (Sergei Skorobogatov - 10 March 2014)
   1. Introduction to differential power analysis, Paul C. Kocher, Joshua Jaffe, Benjamin Jun, Pankaj Rohatgi, Journal of Cryptographic Engineering v. 1 no. 1, 2011.
   2. Fault Injection Attacks on Cryptographic Devices: Theory, Practice and Countermeasures, Alessandro Barenghi, Luca Breveglieri, Israel Koren, and David Naccache, Proceedings of the IEEE v. 100 no. 11, 2012.
   3. The State-of-the-Art in IC Reverse Engineering, Randy Torrance, Dick James, CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems, 2009.
   Optional additional reading:
   • Simple Photonic Emission Analysis of AES Photonic Side Channel Analysis for the Rest of Us, Alexander Schlosser, Dmitry Nedospasov, Juliane Kramer, Susanna Orlic, and Jean-Pierre Seifert, CHES'12 Proceedings of the 14th International Workshop on Cryptographic Hardware and Embedded Systems, 2012.