List of Papers and
Topics for Seminar Presentations
Please email me a list of three papers/topics of your choice in order of
decreasing preference.
Allocation of topics is on a first-come-first-serve basis.
You have also the option of suggesting a paper/topic that is not on the list, subject to my approval. In this case, send me the details or the paper/topic and a sentence or two describing the reason for your choice.
Presentations should be 15-20 minutes, with 5-10 minutes of questions/discussion at the end. There will be 3-4 seminar presentations during a 2 hour lecture.
Seminar presentation will be held during the following weeks (subject to minor changes): W6, W7, W8, W9, W10, W11, W12, W13.
Please also let me know your preference in terms of week of presentation (three options, in decreasing order of preference). If it is impossible for you to do the seminar in a particular week, e.g. if you away during that week, let me know.
I will try to consider your preferences as much as possible, but I cannot guarantee that you will get your first preference.
Your email should contain something like this:
Paper/Topic Preference:
1st preference: #5
2nd preference: #3
3rd preference: #12
Week Preference:
1st preference: W7
2nd preference: W10
3rd preference: W8
Allocations
W6
Sorapop Kooncumchoo, #9,
DOS-Resistant Authentication with Client Puzzles
Daniel Ples,
#40, Rootkits
Ijaz Faiz, #3, Remote timing attacks are practical
W7
Robin Begbie, # 21, Vanish:
Increasing Data Privacy with Self-Destructing Data
Nathaniel Du Preez-Wilinson, #12, Is Your Cat Infected with a Computer Virus?
Brendan Abbot, #2, Spot Me if You Can: Uncovering Spoken Phrases
in Encrypted VoIP Conversations
W8
Huy Nguyen, #22, Computing Arbitrary
Functions of Encrypted Data
Gareth Hoon, #16, FlyByNight:
mitigating the privacy risks of social networking
Haozhou
Wang, #33, DNS Security
Jayalakshmi Perumal, #1, Privacy-Preserving Location Tracking of
Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third
Parties with DHTs
W9
Abhishek Bhat, #4, The battle
against phishing: Dynamic Security Skins
Meng Xu, #19, Digital objects as passwords
Zheng Liu, #13, Location privacy in pervasive computing
Nguyen Khoi Nguyen, #14, Anonysense:
privacy-aware people-centric sensing
W10
Kristian Dawkins, #7, Security
and Privacy Issues in E-passports
Mouna Neelakanta, #23, A Study of Android Application SecurityNicholas Wilson, #24, Re: CAPTCHAs—Understanding
CAPTCHA-Solving Services in an Economic Context
Othman Alhwsawi, #25,
Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire
Pressure Monitoring System Case Study
W11
Junhao Sun, #17, Accountable
internet protocol (aip)
Chao Ye, #27, SMS-of-Death
Tony Chan, #6, RFID security and privacy: A research survey
Apurve, #15, Vigilante:
end-to-end containment of internet worms
W12
Shuangjie Hu, #8, A convenient
method for securely managing passwords
Adithya
Srinivas, #20, A Survey of Covert Channels and Countermeasures in
Computer Network Protocols
Pattnasak Uewichitrapochana, #26, Dude,
Where's That IP? Circumventing Measurement-based IP Geolocation
Abhishek Bhat, #4, The battle against
phishing: Dynamic Security Skins
W13
Billy Kuo, #5, Lest We
Remember: Cold Boot Attacks on Encryption Keys
Xian Ying Yao, #10,
Hash-Based IP Traceback
Jayalakshmi Perumal, #1, Privacy-Preserving Location Tracking of
Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third
Parties with DHTs
Mouna
Neelakanta, #23,
A Study of Android Application Security
Othman Alhwsawi, #25, Security and Privacy Vulnerabilities of In-Car
Wireless Networks: A Tire Pressure Monitoring System Case Study
Papers/Topics (in
no particular order):
# 1 (allocated)
Ristenpart et al., Privacy-Preserving
Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and
Replacing Trusted Third Parties with DHTs, USENIX Security, 2008.
https://www.cs.washington.edu/homes/yoshi/papers/Adeona/adeona-camera-ready.pdf
# 2 (allocated)
Wright, C. V., Ballard, L., Coull, S. E., Monrose, F., and Masson, G. M. 2008. Spot Me if You
Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations. In Proceedings
of the 2008 IEEE Symposium on Security and Privacy (May 18 - 21, 2008). SP.
IEEE Computer Society, Washington, DC, 35-49.
http://www.cs.jhu.edu/~cwright/oakland08.pdf
# 3 (allocated)
Brumley, D., Boneh, D.,
Remote timing attacks are practical, Computer Networks, Volume
48, Issue 5, Web Security, 5 August 2005, Pages 701-716,
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
# 4 (allocated)
Dhamija, R. and Tygar, J.
D. 2005. The battle against phishing: Dynamic Security Skins. In Proceedings
of the 2005 Symposium on Usable Privacy and Security (Pittsburgh,
Pennsylvania, July 06 - 08, 2005). SOUPS '05, vol. 93. ACM, New York, NY,
77-88.
http://people.ischool.berkeley.edu/~tygar/papers/Phishing/Battle_against_phishing.pdf
# 5 (allocated)
Halderman et al., Lest We Remember: Cold
Boot Attacks on Encryption Keys, USENIX Security Symposium, 2008
http://www.usenix.org/event/sec08/tech/full_papers/halderman/halderman.pdf
# 6 (allocated)
A. Juels. RFID security and privacy: A
research survey. IEEE Journal on Selected Areas in Communication, 24(2),
February 2006.
http://ieeexplore.ieee.org/iel5/49/33490/01589116.pdf?tp=a&arnumber=1589116
http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/pdfs/rfid_survey_28_09_05.pdf
# 7 (allocated)
Juels, A.; Molnar, D.; Wagner, D., Security
and Privacy Issues in E-passports, Security and Privacy for Emerging
Areas in Communications Networks, 2005. SecureComm
2005. First International Conference on , vol., no., pp. 74-88, 05-09 Sept.
2005
http://www.library.ca.gov/crb/rfidap/docs/Juelsetall-SecurityandPrivacyofE-Passports.pdf
# 8 (allocated)
JA Halderman, B Waters, EW Felten,
A convenient method for securely managing passwords, Proc of the 14th International World Wide Web Conference,
2005
http://portal.acm.org/citation.cfm?id=1060815
http://portal.acm.org/ft_gateway.cfm?id=1060815&type=pdf&CFID=34090934&CFTOKEN=97452253
# 9 (allocated)
Aura, T., Nikander, P., and Leiwo,
J., DOS-Resistant Authentication with Client Puzzles., Lecture
Notes in Computer Science, vol 2133. 2001.
http://security.tmit.bme.hu/SZB.info.2007/kiseloadasok/cikkek/DOS-resistant%20Authentication%20with%20Client%20Puzzles%20(2000)%20-%20aura00dosresistant.pdf
#10 (allocated)
A. Snoeren, C. Partridge, L. Sanchez, C. Jones, F. Tchakountio, S. Kent, W. Strayer, Hash-Based IP Traceback, SIGCOMM, 2001
http://conferences.sigcomm.org/sigcomm/2001/p1-snoeren.pdf
#11
Adrian Perrig, Ran Canetti, J. D. Tygar, Dawn Song, The TESLA Broadcast Authentication
Protocol, Cryptobytes, Volume 5, No. 2 (RSA
Laboratories, Summer/Fall 2002), pp. 2--13
http://www.ece.cmu.edu/~adrian/projects/tesla-cryptobytes/tesla-cryptobytes.pdf
#12 (allocated)
Melanie R. Rieback, Bruno Crispo,
Andrew S. Tanenbaum, Is Your Cat Infected with
a Computer Virus?, PERCOM , pp.
169-179, 2006.
http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1604806
#13 (allocated)
Beresford, A.R.; Stajano, F., Location
privacy in pervasive computing, Pervasive Computing, IEEE ,
vol.2, no.1, pp. 46-55, Jan-Mar 2003
http://ieeexplore.ieee.org/iel5/7756/26614/01186725.pdf?tp=&isnumber=&arnumber=1186725
http://www.cl.cam.ac.uk/~fms27/papers/2003-BeresfordSta-location.pdf
#14 (allocated)
Cornelius, C., Kapadia, A., Kotz,
D., Peebles, D., Shin, M., and Triandopoulos, N.
2008. Anonysense: privacy-aware
people-centric sensing. In Proceeding of the 6th international
Conference on Mobile Systems, Applications, and Services (Breckenridge, CO,
USA, June 17 - 20, 2008). MobiSys '08. ACM, New York,
NY, 211-224.
http://www.cs.dartmouth.edu/~mhshin/paper/anonysense.pdf
#15 (allocated)
Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., and Barham, P. 2005. Vigilante:
end-to-end containment of internet worms. In Proceedings of the
Twentieth ACM Symposium on Operating Systems Principles (Brighton, United
Kingdom, October 23 - 26, 2005). SOSP '05. ACM, New York, NY, 133-147.
http://research.microsoft.com/en-us/um/people/antr/ms/vigilantesosp.pdf
http://www.cs.cornell.edu/Courses/cs614/2005fa/papers/Vigilante.pdf
#16 (allocated)
Lucas, M. M. and Borisov, N. 2008. FlyByNight: mitigating the privacy
risks of social networking. In Proceedings of the 7th ACM Workshop
on Privacy in the Electronic Society (Alexandria, Virginia, USA, October 27
- 27, 2008). WPES '08. ACM, New York, NY, 1-8.
http://portal.acm.org/citation.cfm?id=1456405
http://portal.acm.org/ft_gateway.cfm?id=1456405&type=pdf&CFID=34090934&CFTOKEN=97452253
#17 (allocated)
Andersen, D. G., Balakrishnan, H., Feamster, N., Koponen, T., Moon,
D., and Shenker, S. 2008. Accountable internet
protocol (aip). In Proceedings of the ACM SIGCOMM
2008 Conference on Data Communication (Seattle, WA, USA, August 17 - 22,
2008). SIGCOMM '08. ACM, New York, NY, 339-350.
http://www-2.cs.cmu.edu/~dga/papers/aip-sigcomm2008.pdf
#18
Cagalj, M.; Capkun,
S.; Hubaux, J.-P., Key Agreement in
Peer-to-Peer Wireless Networks, Proceedings of the IEEE , vol.94, no.2,
pp.467-478, Feb. 2006
http://lcawww.epfl.ch/Publications/Cagalj/CagaljCH05.pdf
#19 (allocated)
Mannan, M. and van Oorschot,
P. C. 2008. Digital objects as passwords. In Proceedings of the
3rd Conference on Hot Topics in Security (San Jose, CA). USENIX Association,
Berkeley, CA, 1-6.
http://www.scs.carleton.ca/~mmannan/publications/obpwd-hotsec08.pdf
#20 (allocated)
S. Zander, G. Armitage, P. Branch, A Survey of
Covert Channels and Countermeasures in Computer Network Protocols, IEEE
Communications Surveys and Tutorials, 2007.
http://caia.swin.edu.au/cv/szander/publications/szander-ieee-comst07.pdf
# 21 (allocated)
Geambasu, R. et al., Vanish: Increasing Data
Privacy with Self-Destructing Data, USENIX Security 2009
http://vanish.cs.washington.edu/pubs/usenixsec09-geambasu.pdf
#22 (allocated)
Craig Gentry, Computing Arbitrary Functions of Encrypted Data, Communications
of the ACM, March 2010
http://portal.acm.org/citation.cfm?id=1666444
-- Added 2/8/2011 -----
#23 (allocated)
William Enck et al., A
Study of Android Application Security, USENIX Security, 2011
http://www.cse.psu.edu/~swarat/pubs/enck-sec11.pdf
#24 (allocated)
Marti Motoyama et al., Re: CAPTCHAs—Understanding CAPTCHA-Solving
Services in an Economic Context, USENIX
Security 2010
http://www.usenix.org/events/sec10/tech/full_papers/Motoyama.pdf
#25 (allocated)
Ishtiaq Rouf et al., Security
and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure
Monitoring System Case Study, USENIX Security, 2010
http://www.usenix.org/events/sec10/tech/full_papers/Rouf.pdf
#26 (allocated)
Phillipa Gill et al., Dude, Where's That IP?
Circumventing Measurement-based IP Geolocation, USENIX
Security 2010
http://www.usenix.org/events/sec10/tech/full_papers/Gill.pdf
#27 (allocated)
Colin Mulliner et al., SMS-of-Death: from analyzing to attacking mobile phones on a large scale,
USENIX Security Symposium San Francisco, CA, USA 10-12 August 2011
http://www.usenix.org/events/sec11/tech/full_papers/Mulliner.pdf
You can also propose your own paper or seminar topic.
Misc Security Topics:
The following topics are not based on individual research papers. Some links might be provided as a starting point, but you will need to find further high quality information sources on these topics.
#30
Open ID
Open, decentralized standard for user authentication and access control
· Recordon, D. and Reed, D. 2006. OpenID 2.0: a platform for user-centric identity management. In Proceedings of the Second ACM Workshop on Digital Identity Management (Alexandria, Virginia, USA, November 03 - 03, 2006). DIM '06. ACM, New York, NY, 11-16.
Further sources of information are likely required to adequately cover the topic.
# 31
Kerberos Authentication
JG Steiner, C Neuman, JI Schiller, Kerberos: An
Authentication Service for Open Network Systems, Winter USENIX Conference, 1988
http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/19970004330_1997000619.pdf
#32
Pretty Good Privacy (PGP)
Various text books, e.g.:
W. Stallings, Cryptography and Network Security
C. Kaufman, Network Security, Private Communication in a Private World
#33 (allocated)
DNS Security (with focus on widely published DNS cache poisoning attacks)
http://www.cdc.informatik.tu-darmstadt.de/~rsa/papers/DNS-spoofing-ACNS2006.pdf
http://www.secureworks.com/research/articles/other_articles/dns-cache-poisoning/
http://www.ietf.org/rfc/rfc3833.txt
#40 (allocated)
Rootkits
You can propose your own topic. Just
send me an email with your proposal.