Math 691 Fall 2007, MW 10:30-12 DRL 3C8

Topics in Mathematical Foundations of Computer Security

Professor Andre Scedrov

About This Course

Course grade will be based on student presentations and active student participation in the course.

A complementary seminar on foundations of cryptography will be led by Prof. Kearns in the CIS Department.

Topics

• Andre Scedrov: Toward Computer Security Foundations: Relating Three Models
• Andre Scedrov: Soundness of formal encryption
• Andre Scedrov: Formal analysis of contract signing
• Andre Scedrov: A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols
• Paul Rowe: Collaborative Planning with Privacy
• Joe-Kai Tsay: The Backes-Pfitzmann-Waidner Cryptographic Library
• Andrew West: Verifying The Abadi-Rogaway soundness of formal encryption in the Coq proof assistant
• Tejas Shah: The WEP protocol
• Tejas Shah: Elliptic curve cryptography
• Craig Greenberg: A logic of privacy and utility

Selected Sources

• R. Focardi, R. Gorrieri (Eds.) Foundations of Security Analysis and Design. Tutorial Lectures. Springer Lecture Notes in Computer Science, Volume 2171, 2001. ISBN 3-540-42896-8.
• J. Clark and J. Jacob. A Survey of Authentication Protocol Literature. Version 1.0, November, 1997.
• R. Kemmerer, C. Meadows, and J. Millen. Three Systems for Cryptographic Protocol Analysis. Journal of Cryptology, Vol. 7, no. 2, 1994.
• Kerberos: The Network Authentication Protocol.
• The Kerberos Network Authentication Service (V5), RFC 4120.
• Public Key Cryptography for Initial Authentication in Kerberos (PKINIT), RFC 4556.
• F. Butler, I. Cervesato, A.D. Jaggard, A. Scedrov, and C. Walstad. Formal Analysis of Kerberos 5. [.pdf]. Theoretical Computer Science 367(1-2) (2006) 57-87.
• I. Cervesato, A.D. Jaggard, A. Scedrov, J.-K. Tsay, and C. Walstad. Breaking and fixing public-key Kerberos. [.pdf]. Revised version in: M. Okada, I. Satoh, eds., 11-th Annual Asian Computing Science Conference (ASIAN'2006), Tokyo, Japan, December 2006.
• M. Backes, I. Cervesato, A.D. Jaggard, A. Scedrov, and J.-K. Tsay. Cryptographically Sound Security Proofs for Basic and Public-Key Kerberos. In: D. Gollmann, J. Meier, and A. Sabelfeld, eds., "Computer Security - ESORICS 2006, 11-th European Symposium On Research In Computer Security", Hamburg, Germany, September 2006. Springer LNCS Volume 4189, Springer-Verlag, 2006, pp. 362 - 383. Expanded version in Cryptology ePrint Archive: Report 2006/219.
• The TLS Protocol Version 1.0 RFC 2246.
• The SSL Protocol Version 3.0 Internet Draft.
• D. Wagner and B. Schneier. Analysis of the SSL 3.0 Protocol.
• J. Mitchell, V. Shmatikov, and U. Stern. Finite-State Analysis of SSL 3.0.
• J.C. Mitchell, M. Mitchell, and U. Stern. Automated Analysis of Cryptographic Protocols Using Murphi, IEEE Symp. Security and Privacy, Oakland, 1997, pages 141-153.
• J.P. Anderson. Computer Security Technology Planning Study. ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206].
• M. Bishop's History of Computer Security Web Site at UC Davis.
• "Cryptography: Theory and Practice. Third Edition" by Stinson. Chapman & Hall/CRC, 2005. ISBN: 1584885084.
• "Handbook of Applied Cryptography" by Menezes, van Oorschot, and Vanstone. CRC Press, Fifth Printing, 2001. ISBN: 0-8493-8523-7.
• Goldwasser-Bellare lecture notes on cryptography at MIT.
• Dodis cryptography lecture notes at NYU.
• "Foundations of Cryptography: Volume 1, Basic Tools" by Goldreich. Cambridge University Press, 2001. ISBN: 0521791723.
• "Foundations of Cryptography: Volume 2, Basic Applications" by Goldreich. Cambridge University Press, 2004. ISBN: 0521830842.
• Ron Rivest's Cryptography and Security Page at MIT.
• The Cypherpunks Home Page at UC Berkeley.
• Crypto FAQ site at RSA Security.