Home
Course description
Lecture notes
Assignments
Projects
Tools
Reference

CS 395T  Design and Analysis of Security Protocols (54302)
Fall 2004
Time and place 
Mon and Wed, 3:305pm, ENS 116 
Instructor 
Vitaly Shmatikov 
Contact 
Email: shmat AT cs 
Office: Taylor 4.115C 
Phone: 4719530 
Office hours: Wed, 56pm 

Grading 
Homework: 10%
Read and present a research paper: 15%
Course project: 75%

Course schedule

Aug 25.
Course outline.
NeedhamSchroeder publickey protocol.
Introduction to finitestate checking.
[slides]

Aug 30.
SSL/TLS case study.
[slides]

Sep 1.
IP security.
Internet Key Exchange (IKE) protocol.
[slides]

Sep 6.
Labor Day (no class).

Sep 8.
Introduction to process algebra.
[slides]
Homework #1 assigned.

Sep 13.
Just Fast Keying (JFK) protocol.
[slides]

Sep 15.
Security as observational equivalence.
JFK protocol in applied pi calculus.
[slides]

Sep 20.
Protocols for anonymity.
[slides]
Homework #1 due.

Sep 22.
Probabilistic model checking.
[slides]
Probabilistic contract signing protocols.
[slides]

Sep 27.
Probabilistic contract signing protocols (continued).
Discussion of project ideas.

Sep 29.
FloydHoare logic.
Compositional protocol logic.
[slides]

Oct 4.
Compositional protocol logic (continued).
Paulson's inductive method.
Bids for readandpresent a paper assignment due.

Oct 6.
Analyzing SET with the inductive method.
[slides]

Oct 11.
Symbolic constraint solving.
[slides]
Project proposals due.

Oct 13.
Formal definitions of security for symmetric ciphers.
[slides]

Oct 18.
Formal model for secure key exchange.

Oct 20.
Formal model for secure key exchange (continued).
Simulatabilitybased proofs of protocol security.
[slides]

Oct 25.
Probabilistic polynomialtime process calculus.
[slides]

Oct 27.
Formal analysis of denial of service (presenter: Ajay Mahimkar).
[slides]
[paper]
Formal verification of routing protocols (presenter: Harsha Narayan,
slides: Carl Gunter).
[slides]
[paper]

Nov 1.
Computational soundness of formal models.
[slides]

Nov 3.
Multicast security (presenter: Ankur Gupta).
[slides]
[paper]
Spoofing and identity theft (presenter: Kevin Kane).
[slides]
[paper 1]
[paper 2]

Nov 8.
Fair exchange and contract signing protocols.
[slides]

Nov 10.
Fair exchange and contract signing protocols (continued).
Trusted computing (presenter: David Rager).
[slides]
[paper]

Nov 15.
Privacy preserving data mining (presenter: Justin Brickell).
[slides]
[paper]
Automatic proofs of strong secrecy (presenter: David Fink).
[slides]
[paper]

Nov 17.
Gamebased verification of contract signing protocols.
[slides]
Wireless security (presenter: Shamsundar Ashok).
[slides]
[paper 1]
[paper 2]

Nov 22.
Project presentations.
Gamebased analysis of denialofservice protection (Ajay Mahimkar)
[slides]
Modeling JFKr protocol with ACL2 (David Rager)
[slides]

Nov 24.
Project presentations.
Analysis of Internet voting protocols (Shamsundar Ashok)
[slides]
Privacypreserving graph algorithms (Justin Brickell)
[slides]

Nov 29.
Universal composability framework (presenter: Glen Nuckolls).
[slides]
[paper]

Dec 1.
Project presentations.
Analysis of Group DiffieHellman protocols with ProVerif (Ankur
Gupta).
[slides]
Finitestate analysis of Border Gateway Protocol (Harsha Narayan).
Last day of class.
