1 / 16

CIS 4930/6930 – Privacy-Preserving and Trustworthy Cyber-Systems Dr. Attila Altay Yavuz

CIS 4930/6930 – Privacy-Preserving and Trustworthy Cyber-Systems Dr. Attila Altay Yavuz. Course Overview and Organization. Spring 2019. Outline. About Instructor High-level Objectives Grading (Tentative) Schedule Details on the execution of the course Q&R. Self-Intro.

bbrinkman
Télécharger la présentation

CIS 4930/6930 – Privacy-Preserving and Trustworthy Cyber-Systems Dr. Attila Altay Yavuz

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIS 4930/6930 – Privacy-Preserving and Trustworthy Cyber-SystemsDr. Attila Altay Yavuz Course Overview and Organization Dr. Attila Altay Yavuz Spring 2019

  2. Outline • About Instructor • High-level Objectives • Grading • (Tentative) Schedule • Details on the execution of the course • Q&R

  3. Self-Intro Self-Intro (Education and Employment) • Assistant Professor, University of South Florida (August 2018 – now) • Externally funded research programs: • Applied Cryptography Research Group: Publications, patents, SW frameworks • Assistant Professor, Oregon State University (2014 – now: Courtesy Faculty) • Applied Cryptography Research Group: Publications, patents, SW frameworks • Co-establisher of cyber-security curriculum: 4 new courses • Research Scientist, Bosch Research Center (2011-2014) • Security and privacy research programs: Privacy Enhancing Technologies • Publications, patents, technology transfers • Adjunct Faculty, University of Pittsburgh (2014 - now) • Ph.D., North Carolina State University (2007-2011) • Compromise Resilient and Compact Cryptography for Digital Forensics • MS, Bogazici University (2004-2006): Research Engineer • Efficient Crypto Mechanisms for Satellite Networks

  4. High-Level Objectives • Trustworthy-Cyber Systems: “Practically \inf” \# of PhD Theses, yet we have only one semester! • Out of Our Scope: • Legislation, law and policy making • Privacy policies: Application specific • Usability, HCI, soft-privacy, privacy configs, device configs… • Focus: Privacy&Trust via Cryptographic Enforcement • Cryptographic Access Control on Sensitive Data • Foundational Cryptographic Primitives, Tools, Protocols • Key Management, Distribution • Privacy Enhancing Technologies • Encrypted databases, Searchable encryption, • Private Information Retrieval, Oblivious access • Blockchains, privacy-preserving machine learning

  5. High-Level Objectives Regulate who accesses which information under what policy? And how? Access Control Authentication Access Control & Policy Data Structure Integrity Confidentiality . . . How to enforce access control? Cryptography! Advanced Topics Foundational Primitives Advanced Topics Blockchains Authentication Puzzle Solutions Functional Encryption-I Searchable encryption on databases I) One-way and Keyed Primitives Hash functions Merkle-tree Hash-based Message Authentication Hash-chains and forensic tool Functional Encryption-II Oblivious accesses on encrypted databases Cyber-Security in Post-Quantum Era II) Symmetric Encryption SPN Network, Feistel Advanced Encryption Standard Functional Encryption-III Private retrieval on public databases Machine Learning and Privacy III) Public Key Techniques Key Exchange: Diffie-Hellman Encryption: Elgamal Digital Signatures: Schnorr, DSA

  6. Grading: No midterm/final, but: • Undergraduate Student: • Homeworks (2 HWs, %20) • Asks you to dig deeper in topics covered in weeks 1-7 (questions are from foundations only) • In-class presentation (%25): Present a paper(s) from security conferences. • Important practice opportunity for future career! • Survey paper (a team of two, %45): Extra-credit for a research paper • Select a topic and write a detailed survey paper (6 pages IEEE style) • Develop a knowledge base on an important topic  Practice executive reports • AI/Crypto, Blockchains, post-quantum crypto, encrypted DB, many potentials… • In-class participation (%10): Constructive feedback for student presentations will be collected plus in-class engagement. • Learn about graduate school: Research scientist, program manager (NSF, NASA, DoD), professor careers, WHY, BENEFITS, CAVEATS, HOW? • Graduate: The same plus extra HW + research paper (theory, comparison, analysis, implementation, etc..,), see syllabus.

  7. Topics – Syllabi Outline – TENTATIVE TIMING Week 1- 7: BUILD CRYPTOGRAPHIC FOUNDATIONS • Week 1-2: Hash-based primitives and their applications • Hash functions, Merkle-Damgard, properties of hash functions, message authentication codes • Merkle-hash trees, memory integrity protection, hash-chains for password protection • Denial of service mitigation with client-server puzzles • Week 3-4: Symmetric Encryption Primitives Symmetric Primitives: DES and AES • Introduction to symmetric-key cryptography and encryption techniques (SPN, Feistel Ciphers) • Design and analysis of Advanced Encryption Standard (AES) • Modes of Operations • Week 5-7: Public Key Encryption, PKI and Digital Signatures • DH Key Exchange and PKI • Elgamal Encryption • Schnorr digital signature and Digital Signature Algorithm • Week 7 – Instructor Travels: Lattice-based cryptography by Mr. RouzbehBehnia

  8. Topics – Syllabi Outline – TENTATIVE TIMING Week 8-16: ADVANCED TOPICS AND PRESENTATIONS • Week 8-9: Privacy Enhancing Technologies [A lecture on project feedback] • Search on privacy-preserving systems: Searchable Encryption technology (Instructor) • Potential Graduate Student Presentations: • Private Information Retrieval (2) • Differential Privacy (2) • Wireless Network Security or Oblivious random access machine (2) • Week 10-12: Selected Topics in Cyber-Security • Undergraduate student presentations (2 each lecture, 4 per week) • Cyber-security in Blockchains • Artificial Intelligence and Cyber-security • Selected topics • Week 13: Light-weight authentication for Internet of Things (IoT) • Instructor Lecture • Week 14-15: Selected Topics in Cyber-Security • Undergraduate student presentations (2 each lecture, 4 per week) • System, software, hardware security • Selected topics • Week 16: Real-time authentication for Internet of Things (IoT) • Instructor Lecture

  9. Presentations • We must decide a scheduling for presentations, volunteering preferred, or other policies will be implemented. • Grad students go first • Avoid re-scheduling mess: Changing presentation date is only possible with a doctor report. Prevent CHAOS • Select papers from top cyber-security conferences and present them: Published between 2013 – 2019 • Tier 1: ACM CCS, IEEE S&P, NDSS, Usenix, Crypto, Eurocrypt, Asiacrypt, PoPETs • Tier 1.5: IEEE Infocom (networking), ACM AsiaCCS, • Tier 2: IEEE ICDSC, CNS, Esorics, ACSAC, DBSec, ACM WiSec, DSN, ACNS, AsiaCCS • Not core security: IEEE Globecomm, ICC, Milcom, ICNC

  10. Survey/Research Projects • Select your papers as in previous list, but years can be older. • Potential topic lists (includes but not limited to): • Privacy Enhancing Technologies: • Searchable encryption, • ORAM, Private Information Retrieval • Differential Privacy • Cyber-security in aerial drones and vehicular networks • Cyber-security in Blockchains, classical and post-quantum era • Secure Electronic Voting • Digital Signatures • Post-quantum Cryptography • Intersections of Artificial Intelligence (ML) and Cyber-security • Intersections of Artificial Intelligence and Cryptography • System Security, OS Security, Wireless network security • Hardware security • Form a group of two, and inform me your topic ASAP • Exceptions possible for a single-person project • Grad students can do individual projects with a permission • By January 14th : Names in your group and topic to be emailed

  11. Survey/Research Projects • Select your papers as in previous list, but years can be older. • Potential topic lists (includes but not limited to): • Privacy Enhancing Technologies: • Searchable encryption, • ORAM, Private Information Retrieval • Differential Privacy • Cyber-security in aerial drones and vehicular networks • Cyber-security in Blockchains, classical and post-quantum era • Secure Electronic Voting • Digital Signatures • Post-quantum Cryptography • Intersections of Artificial Intelligence (ML) and Cyber-security • Intersections of Artificial Intelligence and Cryptography • System Security, OS Security, Wireless network security • Hardware security • Form a group of two, and inform me your topic ASAP • Exceptions possible for a single-person project • Grad students can do individual projects with a permission • By January 14th : Names in your group and topic to be emailed

  12. Research Projects: Graduate • Theoretical analysis and comparison of methods • Implementation and comparison of methods: Better • New algorithm design, new system design: Even better • A different topic is ok, but if you want to use your existing research, you have to bring me an explicit written consent from your supervisor • Confidentiality requirements of your funding • Your advisor might want to keep it secret • Do not bring it up unless you are permitted, or it is trouble! • There will be an in-terim report in the middle of semester, and I will give you one-on-one feedback on your research report. • In-terim report will be graded, do NOT put off your writing.

  13. Research Projects: Graduate • A good guideline to research writing: • https://www.darpa.mil/work-with-us/heilmeier-catechism • The Heilmeier Catechism: • What are you trying to do? Articulate your objectives using absolutely no jargon. • How is it done today, and what are the limits of current practice? • What's new in your approach and why do you think it will be successful? • Who cares? If you're successful, what difference will it make? • What are the risks and the payoffs? • How much will it cost? How long will it take? • What are the midterm and final "exams" to check for success?

  14. Survey Reports: Undergraduates • What are you trying to do? Articulate your objectives using absolutely no jargon. • What are the necessary background information for your topic? • How is it done today? • What are the limits of current practice? • What are the advantages? • What do you expect for the future of this survey topic? • There will be an in-terim report in the mid-semester, and I will give you one-on-one feedback on your survey report. • In-terim report will be graded, do NOT put off your writing.

  15. Logistics and Notes • Instructor Office Hours, CANVAS and Course Webpage: • Instructor: Dr. Attila A. Yavuz • Office: ENG 117 • Email: attilaayavuz@usf.edu • URL: http://www.csee.usf.edu/~attilaayavuz/ • Office Hours: TR 2:30 PM – 4:00 PM • Class email (important!) and in-class announcement • Both CANVAS and course page will be used together • A protocol and cryptography oriented approach to cyber-security • Plenty cryptography! • Instructor Travels • 1-2 weeks of travel (out of state or out of US)

  16. Resources • Follow course webpage, slides, research papers and assignments will be announced at course webpage or CANVAS! • Look for class e-mails. • Free online cryptography resources: • Lecture notes of Dr. Mihir Bellare: https://cseweb.ucsd.edu/~mihir/cse207/classnotes.html • "The Joy Cryptography" from Dr. Mike Rosulek: http://web.engr.oregonstate.edu/~rosulekm/crypto/ • Please read syllabus.

More Related