EE515/IS523: Security 101: Think Like an Adversary

• EE515/IS523 Home
• Syllabus
• Calendar
• Project Information
• Reading Report
• Presentation

9/3/2019

• Topic: Course Introduction & Introduction to Security Engineering
• Presenter: Yongdae Kim
• Slides: ppt
• Reading List: "What is Security Engineering?" by Ross Anderson
  

9/5/2019 (Start at 9:00 AM)

• Topic: Cryptography in a Nutshell
• There will be supplementary talks for additional one and a half hours
• Presenter: Yongdae Kim
• Slides: ppt
• Reading List: "Overview of Cryptography" in Handbook of Applied Cryptography
  

9/10/2019

• No Class

9/12/2019

• No Class: Chuseok Holiday

9/17/2019

• Topic: Access Control in a Nutshell (1)
• Presenter: Yongdae Kim
• Slides: ppt
• Reading List: "Access Control" by Ross Anderson
  

9/19/2019

• Topic: Access Control in a Nutshell (2)
• Presenter: Yongdae Kim
• Slides: ppt
• Reading List: "Access Control" by Ross Anderson
  

9/24/2019

• Topic: Software Engineering Failures and Malpractices
• Assignment: Reading Report
• Reading List:
  • Yongdae Kim A. Feldman, J. Halderman, and E. Felten, "Security Analysis of the Diebold AccuVote-TS Voting Machine", EVT'07 (Slides)
  • R1 R2 Yongdae Kim S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, "Comprehensive Experimental Analyses of Automotive Attack Surfaces", USENIX Sec'11 (Slides)

9/26/2019

• Topic: Usable Security
• Assignment: Reading Report, Project Preproposal
• Reading List:
  • Yongdae Kim A. Whitten and J. D. Tygar, "Why Johnny can't encrypt: a usability evaluation of PGP 5.0", USENIX Sec'99 (Slides)
  • R1 R2 Daeyang Cho Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu, "Dolphin Attack: Inaudible Voice Commands", ACM CCS'17 (Slides)

10/1/2019

• Topic: Network Security
• Assignment: Reading Report
• Reading List:
  • R1 Yongdae Kim E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, and Y. Kim, "Attacking the Kad Network - Real World Evaluation and High Fidelity Simulation using DVN", Wiley Security and Communication Networks 2009 (Slides)
  • R2 Yongdae Kim M. Schuchard, E. Y. Vasserman, A. Mohaisen, D. Foo Kune, N. Hopper, and Y. Kim, "Losing control of the Internet: Using the data plane to attack the control plane", NDSS'11 (Slides)

10/3/2019

• No Class: Holiday

10/8/2019

• Topic: Bitcoin and BlockChain (1)
• Assignment: Reading Report
• Reading List:
  • R1 R2 Daegeun Yoon Maria Apostolaki, Aviv Zohar, Laurent Vanbever, "Hijacking Bitcoin: Routing Attacks on Cryptocurrencies", IEEE SP'17, (Slides)
  • Yujin Kwon@SYSSEC Y. Kwon, D. Kim, Y. Son, E. Y. Vasserman, and Y. Kim, "Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin", ACM CCS'17 (Slides)

10/10/2019

• Topic: Bitcoin and BlockChain (2)
• Assignment: Reading Report, Project Proposal
• Reading List:
  • R1 R2 Minjung Kim@SYSSEC M. Kim, Y. Kwon, and Y. Kim, "Is Stellar As Secure As You Think?", IEEE S&B'19 (Slides)
  • Yujin Kwon@SYSSEC Y. Kwon, H. Kim, Y. Son, J. Shin, and Y. Kim, "Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash?", IEEE SP'19 (Slides)

10/15/2019

• Topic: RF Security
• Assignment: Reading Report
• Reading List:
  • R1 Minkyung Kang N. O. Tippenhauer, L. Malisa, A. Ranganathan, and S. Capkun, "On Limitations of Friendly Jamming for Confidentiality", IEEE SP'13 (Slides)
  • R2 Juhwan Noh@SYSSEC J. Noh, Y. Kwon, Y. Son, H. Shin, D. Kim, J. Choi, and Y. Kim, "Tractor Beam: Safe-hijacking of Consumer Drones with Adaptive GPS Spoofing", ACM TOPS'19 (Slides)

10/17/2019

• Topic: Low Level Attacks
• Assignment: Reading Report
• Reading List:
  • R1 Yongdae Kim J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten, "Lest We Remember: Cold Boot Attacks on Encryption Keys", USENIX Sec'08 (Slides)
  • R2 Changhun Song M. Seaborn and T. Dullien, "Exploiting the DRAM rowhammer bug to gain kernel privileges", Blackhat'15 (Slides)

10/22/2019 (Midterm Exam Period)

• No class

10/24/2019 (Midterm Exam Period)

• Makeup Class
• Topic: How to write top conference security papers (Slides)
• Presenter: Yongdae Kim

10/29/2019

• Topic: Cellular Network (1)
• Assignment: Reading Report
• R1 R2 Yongdae Kim H. Kim, D. Kim, M. Kwon, H. Han, Y. Jang, D. Han, T. Kim, and Y. Kim, "Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations", ACM CCS'15 (Slides)
• Yongdae Kim B. Hong, S. Bae, and Y. Kim, "GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier", NDSS'18 (Slides)

10/31/2019

• Topic: Cellular Network (2)
• Assignment: Reading Report
• Reading List:
  • Eunsoo Kim@SYSSEC R. Weinmann, "Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks", USENIX WOOT'12 (Slides)
  • R1 R2 Soobin Lee D. Rupprecht, K. Kohls, T. Holz, and C. Popper, "Breaking LTE on Layer Two", IEEE SP'19 (Slides)

11/5/2019

• Topic: Cellular Network (3)
• Assignment: Reading Report, Project Midterm Report
• Reading List:
  • R1 Jiho Lee@SYSSEC H. Kim, J. Lee, E. Lee, and Y. Kim, "Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane", IEEE SP'19
  • R2 Taekkyung Oh H. Yang, S. Bae, M. Son, H. Kim, S. Kim, and Y. Kim, "Hiding in Plain Signal: Physical Signal Overshadowing Attack on LTE", USENIX Sec'19 (Slides)

11/7/2019

• Topic: Breaking Cryptography & Critical Systems
• Assignment: Reading Report
• Reading List:
  • R1 Duckwoo Kim N. Heninger, Z. Durumeric, E. Wustrow, and J. A. Halderman, "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices", USENIX Sec'12 (Slides)
  • R2 Jaemin Shin D. Antonioli, N. O. Tippenhauer, "The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR", USENIX Sec'19 (Slides)

11/12/2019

• Work on Class Project (No Class)

11/14/2019

• Work on Class Project (No Class)

11/19/2019

• Work on Class Project (No Class)

11/21/2019

• Topic: Medical Devices
• Assignment: Reading Report
• Reading List:
  • R2 Hwijoon Lim I. Martinovic, D. Davies, M. Frank, D. Perito, T. Ros, and D. Song, "On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces", USENIX Sec'12 (Slides)

11/26/2019

• Topic: Sensor Security (1)
• Assignment: Reading Report
• Reading List:
  • R1 Yongdae Kim D. Foo Kune, J. Backes, S. Clark, D. Kramer, M. Reynolds, K. Fu, Y. Kim, and W. Xu, "Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors", IEEE SP'13 (Slides)
  • R2 Hocheol Shin@SYSSEC H. Shin, D. Kim, Y. Kwon, and Y. Kim, "Illusion and Dazzle: Adversarial Optical Channel Exploits against Lidars for Automotive Applications ", CHES'17 (Slides)

11/28/2019

• Topic: Sensor Security (2)
• Assignment: Reading Report
• Reading List:
  • Yongdae Kim Y. Son, H. Shin, D. Kim, Y. Park, J. Noh, K. Choi, J. Choi, and Y. Kim, "Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors", USENIX Sec'15 (Slides)
  • R1 R2 Myojoon Kil T. Trippel, O. Weisse, W. Xu, P. Honeyman and K. Fu, "WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks ", IEEE Euro S&P'17 (Slides)

12/3/2019

• Topic: De-anonymizing others
• Assignment: Reading Report
• Reading List:
  • R1 Yohan Choi A. Narayanan, and V. Shmatikov, "Robust De-anonymization of Large Sparse Datasets", IEEE SP'08 (Slides)
  • R2 Donghyun Gook A. Caliskan-Islam, R. Harang, A. Liu, A. Narayanan, C. Voss, F. Yamaguchi, and R. Greenstadt, "De-anonymizing Programmers via Code Stylometry", USENIX Sec'15 (Slides)

12/5/2019 (Start at 10:00 AM)

• Topic: Hacking and Machine Learning (1)
• Assignment: Reading Report
• Reading List:
  • R1 Sangwon Lee D. Halperin, T. Heydt-Benjamin, B. Ransford, S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.Maisel, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses", IEEE SP'08 (Slides)
  • R1 R2 Youngmin Choi N. Papernot, P. McDaniel, S. Jha, M. Fredrikson, Z. B. Celik, and A. Swami, "The Limitations of Deep Learning in Adversarial Settings", IEEE Euro SP'16 (Slides)
  • ManGi Cho@SYSSEC K. Eykholt, I. Evtimov, E. Fernandes, B. Li, A. Rahmati, C. Xiao, A. Prakash, T. Kohno, and D. Song, "Robust Physical-World Attacks on Deep Learning Visual Classification", IEEE CVPR'18 (Slides)

12/10/2019

• Topic: Hacking and Machine Learning (2)
• Assignment: Reading Report
• Reading List:
  • R1 R2 Yongdae Kim T. Vaidya, Y. Zhang, M. Sherr, and C. Shields, "Cocaine Noodles: Exploiting the Gap between Human and Machine Speech Recognition", USENIX WOOT'15
  • ManGi Cho@SYSSEC N. Carlini, and D. Wagner, "Audio Adversarial Examples: Targeted Attacks on Speech-to-Text", IEEE SP Workshop'18 (Slides)

12/12/2019 (Start at 9:00 AM)(Project Final Presentation)

• Topic: Project Final Presentation

12/17/2019 (Final Exam Period)

• No Class: Final Exam

12/19/2019 (Final Exam Period)

• No Class: Final Exam