EE515/IS523: Security 101: Think Like an Adversary

• EE515/IS523 Home
• Syllabus
• Calendar
• Project Information
• Reading Report
• Presentation

8/28/2017

• Topic: Course Introduction & Introduction to Security Engineering
• Presenter: Yongdae Kim
• Slides: ppt (Please download/install the font [link])
• Reading List: "What is Security Engineering?" by Ross Anderson
  

8/30/2017

• Topic: Cryptography in a Nutshell part #1
• Presenter: Yongdae Kim
• Reading List: "Overview of Cryptography" in Handbook of Applied Cryptography
  

9/4/2017

• Topic: Cryptography in a Nutshell part #2
• Presenter: Yongdae Kim
• Slides: ppt
• Reading List: "Overview of Cryptography" in Handbook of Applied Cryptography
  

9/6/2017

• Topic: Access Control in a Nutshell (1)
• Presenter: Yongdae Kim
• Slides:
• Reading List: "Access Control" by Ross Anderson
  

9/11/2017

• Topic: Access Control in a Nutshell (2)
• Presenter: Yongdae Kim
• Slides: ppt
• Reading List: "Access Control" by Ross Anderson
  

9/13/2017

• Topic: Usable Security
• Assignment: Reading Report, Project Preproposal
• Reading List:
  • Yongdae Kim A. Whitten and J. D. Tygar, "Why Johnny can't encrypt: a usability evaluation of PGP 5.0", USENIX Sec'99 (Slides)
  • Hojoon Yang R1 R2 Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu, "Dolphin Attack: Inaudible Voice Commands", ACM CCS'17 (Slides)

9/18/2017

• Topic: Software Engineering Failures and Malpractices
• Assignment: Reading Report
• Reading List:
  • R1 Donghwan Kwon A. Feldman, J. Halderman, and E. Felten, "Security Analysis of the Diebold AccuVote-TS Voting Machine", EVT'07 (Slides)
  • R2 Sanha Park S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, "Comprehensive Experimental Analyses of Automotive Attack Surfaces", USENIX Sec'11 (Slides)

9/20/2017

• Topic: Automobile and IoT Security
• Assignment: Reading Report
• Reading List:
  • R1 JunSik Seo Kyong-Tak Cho and Kang G. Shin., "Error Handling of In-vehicle Networks Makes Them Vulnerable", CCS'16 (Slides)
  • R2 TaekJin Lee M. Contag and G. Li and A. Pawlowski and F. Domke and K. Levchenko and T. Holz and S. Savage, "How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles", IEEE SP'17 (Slides)

9/25/2017

• Topic: Network Security
• Assignment: Reading Report
• Reading List:
  • R1 Yongdae Kim E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, and Y. Kim, "Attacking the Kad Network - Real World Evaluation and High Fidelity Simulation using DVN", Wiley Security and Communication Networks 2009
  • R2 Yongdae Kim M. Schuchard, E. Y. Vasserman, A. Mohaisen, D. Foo Kune, N. Hopper, and Y. Kim, "Losing control of the Internet: Using the data plane to attack the control plane", NDSS'11

9/27/2017

• Topic: Bitcoin and BlockChain
• Assignment: Reading Report, Project Proposal
• Reading List:
  • R1 Keunwoo Lim Maria Apostolaki, Aviv Zohar, Laurent Vanbever, "Hijacking Bitcoin: Routing Attacks on Cryptocurrencies", IEEE SP'17, (Slides),
  • R2 Yujin Kwon@SYSSEC Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, and Yongdae Kim, "Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin", ACM CCS'17 (Slides),

10/2/2017

No Class: Holiday

10/4/2017

No Class: Chuseok Holiday

10/9/2017

No Class: Holiday (Hangul Proclamation Day)

10/11/2017

• Topic: RF Security
• Assignment: Reading Report
• Reading List:
  • R1 Sangmi Noh N. O. Tippenhauer, L. Malisa, A. Ranganathan, and S. Capkun, "On Limitations of Friendly Jamming for Confidentiality", IEEE SP'13(Slides)
  • R2 Juhwan Noh@SYSSEC N. O. Tippenhauer, C. Popper, K. B. Rasmussen, and S. Capkun, "On the Requirements for Successful GPS Spoofing Attacks", ACM CCS'11(Slides)

10/16/2017 (Midterm Exam Period)

• Makeup Class
• Topic: How to write top conference security papers
• Presenter: Yongdae Kim

10/18/2017 (Midterm Exam Period)

• Makeup Class
• Topic: Hardware Cryptanalysis
• Presenter: Changkyun Kim (NSR)

10/23/2017

• Work on Class Project (No Class)

10/25/2017

• Work on Class Project (No Class)

10/30/2017

• Work on Class Project (No Class)

11/1/2017

• Assignment: Project Midterm Report
• Work on Class Project (No Class)

11/6/2017

• Topic: Low Level Attacks
• Assignment: Reading Report
• Reading List:
  • R1 Heesoek Kim J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten, "Lest We Remember: Cold Boot Attacks on Encryption Keys", USENIX Sec'08 (Slides)
  • R2 Jiwon Choi M. Seaborn and T. Dullien, "Exploiting the DRAM rowhammer bug to gain kernel privileges , Blackhat'15 (Slides)

11/8/2017

• Topic: Cellular Network #1
• There will be supplementary talks for additional 30 minutes
• Assignment: Reading Report
• R1 Nakjune Choi W Enck, P Traynor, P McDaniel, T La Porta, "Exploiting open functionality in SMS-capable cellular networks", ACM CCS'05
• R2 Changho Hwang D. Foo Kune, J. Koelndorfer, N. Hopper, and Y. Kim, "Location leaks on the GSM air interface", NDSS'12
• R3-1 SooYoung Park Y. Go, J. Won, D. F. Kune, E. Y. Jeong, Y. Kim, and K. S. Park, "Gaining Control of Cellular Traffic Accounting by Spurious TCP Retransmission", NDSS'14

11/13/2017

• Topic: Cellular Network #2
• There will be supplementary talks for additional 30 minutes
• Assignment: Reading Report
• Reading List:
  • R1 Seungwon Woo R. Weinmann, "Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks", USENIX WOOT'12
  • R2 Jinwoo Kim H. Kim, D. Kim, M. Kwon, H. Han, Y. Jang, D. Han, T. Kim, and Y. Kim, "Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations", ACM CCS'15
  • R3-2 Yongdae Kim N. Golde, K. Redon, and J. P. Seifert, "Let Me Answer That For You: Exploiting Broadcast Information in Cellular Networks", USENIX Sec'13

11/15/2017

• Topic: Breaking Cryptography & Critical Systems
• There will be supplementary talks for additional 30 minutes
• Assignment: Reading Report
• Reading List:
  • R1 Seongho Han N. Heninger, Z. Durumeric, E. Wustrow, and J. A. Halderman, "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices", USENIX Sec'12
  • R2 Hyeonseong Jo (2017) C. Brubaker, S. Jana, B. Ray, S. Khurshid, and V. Shmatikov, "Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations", IEEE SP'14
  • R3-3 Mingeun Kim A. Bolshev, J. Larsen, and M. Krotofil, "A Rising Tide: Design Exploits in Industrial Control Systems", USENIX WOOT'16

11/20/2017

• Topic: Medical Devices
• There will be supplementary talks for additional 30 minutes
• Assignment: Reading Report
• Reading List:
  • R1 SeokJoo Mun D. Halperin, T. Heydt-Benjamin, B. Ransford, S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.Maisel, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses", IEEE SP'08
  • R2 Jaeseung Choi I. Martinovic, D. Davies, M. Frank, D. Perito, T. Ros, and D. Song, "On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces", USENIX Sec'12
  • R3-4 Soohun Kim Y. Park, Y. Son, H. Shin, D. Kim, and Y. Kim, "This Ain't Your Dose: Sensor Spoofing Attack on Medical Infusion Pump", USENIX WOOT'16

11/22/2017

• Topic: Sensor Security #1
• Assignment: Reading Report
• Reading List:
  • R1 Kyuchan Shim D. Foo Kune, J. Backes, S. Clark, D. Kramer, M. Reynolds, K. Fu, Y. Kim, and W. Xu, "Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors", IEEE SP'13
  • R2 Kinam Park Y. Son, H. Shin, D. Kim, Y. Park, J. Noh, K. Choi, J. Choi, and Y. Kim, "Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors", USENIX Sec'15

11/27/2017

• Topic: Sensor Security #2
• Assignment: Reading Report
• Reading List:
  • R1 Mincheol Son Hocheol Shin, Dohyun Kim, Yujin Kwon, and Yongdae Kim, "Illusion and Dazzle: Adversarial Optical Channel Exploits against Lidars for Automotive Applications ", CHES'17
  • R2 Hyunsung Cho (2013) T. Trippel, O. Weisse, W. Xu, P. Honeyman and K. Fu, "WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks ", IEEE Euro S&P'17

11/29/2017

• Topic: De-anonymizing others
• Assignment: Reading Report
• Reading List:
  • R1 Jihoon Cho A. Narayanan, and V. Shmatikov, "Robust De-anonymization of Large Sparse Datasets", IEEE SP'08
  • R2 Taehyun Kim A. Caliskan-Islam, R. Harang, A. Liu, A. Narayanan, C. Voss, F. Yamaguchi, and R. Greenstadt, "De-anonymizing Programmers via Code Stylometry", USENIX Sec'15

12/4/2017

• Topic: Hacking and Machine Learning
• Assignment: Reading Report
• Reading List:
  • R1 Jinhoon Jung N. Papernot, P. McDaniel, S. Jha, M. Fredrikson, Z. B. Celik, and A. Swami, "The Limitations of Deep Learning in Adversarial Settings", IEEE Euro SP'16
  • R2 Hyeonjoong Jang A. Nguyen, J. Yosinski, and J. Clune, "Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images", IEEE CVPR'15

12/6/2017

• Topic: Data Exfiltration by EMI
• Assignment: Reading Report , Project Final Report
• Reading List:
  • R1 Ilwoo Park M. Guri, G. Kedma, A. Kachlon, and Y. Elovici, "AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio Frequencies", MALCON'14
  • R2 Jiho Lee M. Guri, A. Kachlon, O. Hasson, G. Kedma, Y. Mirsky, and Y. Elovici, "GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies", USENIX Sec'15

12/11/2017 (Final Exam Period)

• No Class: Final Exam

12/13/2017 (Final Exam Period)

• No Class: Final Exam

12/18/2017 (Project Final Presentation)

• Topic: Project Final Presentation