COMP3441/COMP9441 Lecture Notes and Recommended Reading List

• Some readings on preparing and giving technical talks
  • Giving a talk (Frank Kschichang, U. Toronto)
  • ONR's Tips for Preparing and Delivering Scientific Talks and Using Visual Aids
  • Goodlad, S. (1996). Speaking technically: a handbook for scientists, engineers, and physicians on how to improve technical presentations. (in UNSW library)
  
  
  
• Week 1 Introduction to Ciphers and Cryptanalysis
  • Lecture Notes
  • (E) Kaufman et al, Ch 1-2
  • Schneier, Applied Cryptography, Ch 1
  • Try a substitution cipher decryption game
  • For historical background, read The Code Book, Simon Singh (Web site contains a description of the outcome of the cipher challenge contained in the book.)
  
  
  
• Week 2 Introduction to Ciphers (ctd) Key Agreement
  • Lecture Notes
  • (E) Kaufman et al, Ch 3-4, 6.4
  
  
  
• Week 3 RSA, Digital Signatures
  • Lecture Notes
  • (E) Kaufman et al, Ch 6.1-6.3, 6.5-6.6, Ch 7
  • Schneier, Ch 2, section 20.1
  • Ford & Baum, Secure Electronic Commerce, Ch 4.3
  
  
  
• Week 5 Public Key Infrastructures
  • Lecture Notes
  • (E) Kaufman et al Ch 15.
  • Ford and Baum, Secure Electronic Commerce, Ch 6 and 7
  • Ten Risks of PKI: what you're not being told about public key infastructure B. Schneier and C. Ellison
  
  
  
• Week 6 Authentication Protocols
  • Lecture Notes
  • (E) Kaufman et al, Ch 9-11
  • (E) Using Encryption for Authentication in Large Networks of Computers, R.M. Needham and M.D. Schroeder, Communications of the ACM Dec 1978, pp 993-999.
  • (E) Timestamps in Key Distribution Protocols, D.E. Denning and G.M. Sacco, Communications of the ACM Aug 1981, pp 533-536.
  
  
  
• Week 7 Authentication Protocol Analysis
  • Lecture Notes
  • Lecture Handout (corrected version)
  • (E) A logic of Authentication, Burrows, Abadi and Needham
  • Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR. G. Lowe. In 2nd International Workshop on Tools and Algorithms for the Construction and Analysis of Systems. Springer-Verlag, 1996.
  
  
  
• Week 8 Authentication Protocol Analysis ctd, Connections between cryptography and complexity theory,
  • Lecture Notes
  
  
  
  
  Student Presentations start week 11 (after semester break):
  
  
  
• Week 11
  
  Key management and Sociological Issues: key escrow, key length restrictions, export restrictions role of government security/law enforcement organisations, privacy debate, implementation issues (Dean Sabelli)
  • Presentation Slides
  • (E) Schneier, Applied Cryptography, Ch 4.14 Key Escrow, Ch 8 Key Management, Ch 25 Politics, Afterword by Matt Blaze
  • Privacy Implications of Digital Signatures, Roger Clarke and Graham Greenleaf
  • It Came From Planet Clipper: The Battle Over Cryptographic Key "Escrow" M. Froomkin, 1996 Law of Cyberspace issue of the University of Chicago Legal Forum, p15.
  References:
  • Center for Democracy and Technology -- Good source for discussion of public policy issues of US Government Cryptography Iniatives such as the Clipper Chip, export Laws.
  • Computer Professionals for Social Responsibility - incl Clipper Chip information
  • Electronic Privacy Information Center Cryptography Policy information
  
  
  IPSec (Daniel Butt)
  • Presentation Slides
  • (E) Kaufman et al, Ch 16, 17, 18.
  
  
  
• Week 12
  
  SSL (Halvard Skogsrud)
  • Presentation Slides
  • (E) Kaufman et al Ch 19
  • SSL 3.0 Specification
  • Finite-State Analysis of SSL 3.0, Mitchell, J.C., Shmatikov, V. and Stern, U., Seventh USENIX Security Symposium, San Antonio, 1998, pages 201-216.
  • David Wagner and Bruce Schneier. Analysis of the SSL 3.0 protocol. In Proceedings of the Second USENIX Workshop on Electronic Commerce Proceedings, pages 29-- 40, November 1996. A revised version is available here.
  
  
  Java Security (Michael Zhang)
  • Presentation Slides
  • (E) "Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2" L. Gong, M. Mueller, H. Prafullchandra, and R. Schemers, In Proceedings of the USENIX Symposium on Internet Technologies and Systems, Monterey, California, December 1997, pp.103-112.
  • "User Authentication and Authorization In the Java Platform". C. Lai, L. Gong, Larry Koved, Anthony Nadalin, and Roland Schemers. In Proceedings of the 15th IEEE Annual Computer Security Applications Conference, Phoenix, Arizona, December, 1999.
  • "Signing, Sealing, and Guarding Java Objects". L. Gong and R. Schemers, Lecture Notes in Computer Science (LNCS), Vol.1419, Springer-Verlag, June 1998.
  References:
  • Li Gong's Java Security Home page
  
  
  
• Week 13
  
  Payment Protocols (Jason Luo)
  • (E) Millicent paper
  • Netbill
  References
  • SET Secure Electronic Transaction LLC
  • W3C Micropayments page
  • W3C Micro Payment Transfer Protocol
  • Epayments Schemes index at W3
  
  
  Digital Cash (Yue Feng Huant)
  • (E) Security without Identification Card Computers to make Big Brother Obsolete , David Chaum
  • (E) HOW TO MAKE A MINT: THE CRYPTOGRAPHY OF ANONYMOUS ELECTRONIC CASH Laurie Law, Susan Sabett, Jerry Solinas, National Security Agency, 1996
  • Blind Signatures for untraceable payments, D. Chaum, in Advances in Cryptology, Proc. Crypto'82
  • Untraceable Electronic Cash, D. Chaum, A. Fiat and M. Naor, in Advances in Cryptology: Proceeedings of Crypto 88
  Vendors:
  • Cybercash (now consumed by Verisign)
  • Digicash, consumed by eCash
  
  
  
• Week 14
  
  Digital Rights Management (Joshua van Alst)
  • Presentation Material:
    • Powerpoint
    • Rights.xml
    • Work.xml
  • (E) DigiBox: A Self-Protecting Container for Information Commerce Olin Sibert, David Bernstein, David Van Wie
  • Robin Cover's Pages on XrML and Digital Property Rights Management Language
  • XrML web site
  • Intertrust
  • SDMI - Secure Digital Music Intiative
  • ContentGuard
  
  
  Watermarking (Chris Burges)
  • (E) Information hiding -- a survey R.J. Anderson and F. Petitcolas, Proceedings of the IEEE, special issue on protection of multimedia content, 87(7):1062--1078, July 1999.
  • A Survey of Digital Watermarking Elizabeth Ferrill, Matthew Moyer
  References
  • Communications of the ACM, July 1998, special issue on Digital Watermarking
  • A biliography on steganography
  Vendors:
  • Digimark (see in particular Secure Documents)
  
  
  
• Week 15
  
  Wireless Cryptography Applications (Alan Tay)
  • (E) GSM Interception (Lauri Person)
  • GSM Cloning (University of Berkeley, Ca.)
  • GSM Security Issues (Wei Zhang)
  IEEE 802.11 (WEP) :
  • Your 802.11 Wireless Network Has No Clothes (Arbaugh et al.)
  • Weaknesses in Key-Scheduling Algorithm of RC4
  • (E) Intercepting Mobile Communications: Insecurity of 802.11 (Borisov et al.)
  • Rapid Re-Keying to Improve WEP (Aboba et al.)
  Bluetooth :
  • Security of Bluetooth (Overview)