Course description

Lecture notes








CS 395T - Design and Analysis of Security Protocols (54302)

Fall 2004

Time and place Mon and Wed, 3:30-5pm, ENS 116
Instructor Vitaly Shmatikov
Email: shmat AT cs      Office: Taylor 4.115C
Phone: 471-9530      Office hours: Wed, 5-6pm
Grading Homework: 10%
Read and present a research paper: 15%
Course project: 75%

Course schedule

  • Aug 25. Course outline. Needham-Schroeder public-key protocol. Introduction to finite-state checking.   [slides]
  • Aug 30. SSL/TLS case study.   [slides]
  • Sep 1. IP security. Internet Key Exchange (IKE) protocol.   [slides]
  • Sep 6. Labor Day (no class).
  • Sep 8. Introduction to process algebra.   [slides]   Homework #1 assigned.
  • Sep 13. Just Fast Keying (JFK) protocol.   [slides]
  • Sep 15. Security as observational equivalence. JFK protocol in applied pi calculus.   [slides]
  • Sep 20. Protocols for anonymity.   [slides]   Homework #1 due.
  • Sep 22. Probabilistic model checking.   [slides]   Probabilistic contract signing protocols.   [slides]
  • Sep 27. Probabilistic contract signing protocols (continued). Discussion of project ideas.
  • Sep 29. Floyd-Hoare logic. Compositional protocol logic.   [slides]
  • Oct 4. Compositional protocol logic (continued). Paulson's inductive method. Bids for read-and-present a paper assignment due.
  • Oct 6. Analyzing SET with the inductive method.   [slides]
  • Oct 11. Symbolic constraint solving.   [slides]   Project proposals due.
  • Oct 13. Formal definitions of security for symmetric ciphers.   [slides]
  • Oct 18. Formal model for secure key exchange.
  • Oct 20. Formal model for secure key exchange (continued). Simulatability-based proofs of protocol security.   [slides]
  • Oct 25. Probabilistic polynomial-time process calculus.   [slides]
  • Oct 27. Formal analysis of denial of service (presenter: Ajay Mahimkar).   [slides] [paper]
    Formal verification of routing protocols (presenter: Harsha Narayan, slides: Carl Gunter).   [slides] [paper]
  • Nov 1. Computational soundness of formal models.   [slides]
  • Nov 3. Multicast security (presenter: Ankur Gupta).   [slides] [paper]
    Spoofing and identity theft (presenter: Kevin Kane).   [slides] [paper 1] [paper 2]
  • Nov 8. Fair exchange and contract signing protocols.   [slides]
  • Nov 10. Fair exchange and contract signing protocols (continued).
    Trusted computing (presenter: David Rager).   [slides] [paper]
  • Nov 15. Privacy preserving data mining (presenter: Justin Brickell).   [slides] [paper]
    Automatic proofs of strong secrecy (presenter: David Fink).   [slides] [paper]
  • Nov 17. Game-based verification of contract signing protocols.   [slides]
    Wireless security (presenter: Shamsundar Ashok).   [slides] [paper 1] [paper 2]
  • Nov 22. Project presentations.
    Game-based analysis of denial-of-service protection (Ajay Mahimkar)   [slides]
    Modeling JFKr protocol with ACL2 (David Rager)   [slides]
  • Nov 24. Project presentations.
    Analysis of Internet voting protocols (Shamsundar Ashok)   [slides]
    Privacy-preserving graph algorithms (Justin Brickell)   [slides]
  • Nov 29. Universal composability framework (presenter: Glen Nuckolls).   [slides] [paper]
  • Dec 1. Project presentations.
    Analysis of Group Diffie-Hellman protocols with ProVerif (Ankur Gupta).   [slides]
    Finite-state analysis of Border Gateway Protocol (Harsha Narayan).
    Last day of class.