6.857: Computer and Network Security
Below are links to material relevant to our lectures. Students are
responsible for all items, except those which are starred (*).
Starred items are related readings are provided for your own interest,
and are optional.
To suggest the addition of a hyperlink or paper, email
6.857-staff at mit.edu.
Lecture 01 (Th 9/9/2004): Introduction
- Reading:
- "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0",
Alma Whitten and J.D. Tygar
[ PDF,
PS,
HTML]
- Links:
Lecture 02 (Tu 9/14/2004): Electronic Voting
- Reading:
- "Analysis of an Electronic Voting System"
Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, and Dan S. Wallach
[PDF]
- Handouts:
- Links:
Lecture 03 (Th 9/16/2004) : Hash Functions
- Reading:
- Notes:
- Links:
- SHA-1*
- Collisions
for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD [PDF]*
- A
file system using Merkle's hash trees for integrity [PDF]*
Lecture 04 (Tu 9/21/2004) : More Hashing Applications,
Unconditional Security
- Reading:
- DES is not a group
[PDF]*
- Is the DES a group? [PDF] (4 megs)*
- Handouts:
Lecture 05 (Th 9/23/2004) Web Authentication (Guest Lecturer Kevin Fu)
- Slides:
- Kevin Fu's lecture slides [PDF]
- Links:
Lecture 06 (Tu 9/28/2004) Intro to Number-Theoretic Crypto
- Reading:
- Introduction to Number Theory (2002) [PDF]*
- Ron's notes on χ² (Chi-Squared) Statistical Tests
[PDF]*
- Handouts
- Problem Set 1 Solutions [PS|PDF]
- Problem Set 3 [PS|PDF]
Lecture 07 (Th 9/30/2004) (Guest Lecturer David Chaum)
- Slides:
- David Chaum's lecture slides [PPT]
- Reading:
- "Secret Ballot Receipts: True Voter Verifiable
Elections"
David Chaum [PDF]
Lecture 08 (Tu 10/5/2004) Forensics (Guest Lecturer Simson Garfinkel)
- Reading:
- "Remembrance of Data Passed: A Study of Disk Sanitization Practices,"
Simson Garfinkel and Abhi Shelat [PDF]
- "Defining Digitial Forensic Examination and Analysis Tools"
Brian Carrier [PDF]*
-
"Getting Physical with the Digital Investigation Process"
Brian Carrier and Eugene H. Spafford [PDF]*
- Handouts
- Problem Set 2 Solutions [PS|PDF]
- Problem Set 4 [PS|PDF]
Lecture 09 (Th 10/7/2004)
Lecture 10 (Tu 10/12/2004) Secret Sharing
- Reading:
- "How to Share a Secret"
Adi Shamir [PDF]
- "Secret Sharing Made Short"*
Hugo Krawczyk [PDF]
- Handouts:
- Problem Set 3 Solutions [PS|PDF]
- Take-Home Midterm [PS|PDF]
Lecture 11 (Th 10/14/2004) AES and DES
- Handouts:
- Penance: An explanation of #4-1(e) [PS|PDF]*
- Links:
Lecture 12 (Tu 10/19/2004)
- Handouts:
- Problem Set 4 Solutions [PS|PDF]
Lecture 13 (Th 10/21/2004) ElGamal and Diffe-Hellman
- Handouts:
- Project Proposal Guidelines [PS|PDF]
- Reading:
- "New Directions in Cryptography"
Whitfield Diffie and Martin E. Hellman [PDF]
Lecture 14 (Tu 10/26/2004) ElGamal and RSA
- Handouts:
- Reading:
- "A Public-Key Crytposystem and Signature Scheme Based on
Discrete Logarithms"
Taher ElGamal [PDF]
- "A Method for Obtaining Digital Signatures and Public-Key
Cryptosystems"
Ron L. Rivest, Adi Shamir, and Len Adleman [PS]
- "How to Make a Mint: The Cryptography of Anonymous Electronic Cash"
Laurie Law, Susan Sabett, Jerry Solinas [HTML]
- "Twenty Years of Attacks on the RSA Cryptosystem"
Dan
Boneh [PDF]*
- "Why Textbook ElGamal and RSA Encryption are Insecure"
Dan
Boneh, Antoine Joux, and Phong Q. Nguyen [PS]*
Lecture 15 (Th 10/28/2004)
- Reading:
- "A Practical Secret Voting Scheme for Large Scale Elections"
Atsushi Fujioka, Tatsuaki Okamoto, and Kazuo Ohta [PDF]
- Handouts:
- Midterm Solutions [PS|PDF]
Lecture 16 (Tu 11/2/2004) RFID Security and Privacy (Guest Lecturer
Steve Weis)
- Handouts:
- Lecture Slides [PPT] (3 megs)
Lecture 17 (Th 11/4/2004) Viruses and Worms
Lecture 18 (Tu 11/9/2004) Buffer Overflow Attacks
- Reading:
- "Reflections on Trusting Trust"
Ken Thompson [PDF]
- "StackGuard: Automatic Adaptive Detection and Prevention
of Buffer-Overflow Attacks"
Crispin Cowen, et al. [PDF]
- "Blended Attacks, Exploits, Vulnerabilities and
Buffer-Overflow Techniques in Computer Viruses"
Eric Chien and Peter Szor [PDF]*
- "Smashing the Stack for
Fun and Profit", Phrack Vol. 7, No. 49 *
Quiz Preparation:
Lecture 19 (Tu 11/16/2004): Quiz 1
Lecture 20 (Th 11/18/2004) Program Shepherding (Guest Lecturer Saman Amarasinghe)
- Reading:
- "Secure Execution via Program Shepherding"
Vladimir Kiriansky, Derek Bruening, and Saman Amarasinghe
[ PDF]
- Slides:
- "Worms and Worm Mitigation" - S. Amarasinghe's lecture slides [PPT]
Lecture 21 (Tu 11/23/2004) Tempest, Tamper Resistance, Power Analysis
- Reading:
- "Tamper Resistance - A Cautionary Note"
Ross Anderson and Markus Kuhn
[PDF|PS]
- "Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations"
Markus Kuhn and Ross Anderson
[PDF]
- "Optical Time-Domain Eavesdropping Risks of CRT Displays"
Markus Kuhn and Ross Anderson
[PDF]
Lecture 22 (Tu 11/30/2004) Biometrics and Trusted Computing
Lecture 23 (Th 12/2/2004): Talks
Lecture 24 (Tu 12/07/2004): Talks
Lecture 25 (Th 12/09/2004): Talks
