the class logo
CSCI E-170 Calendar - Fall 2004

Lecture 1 - Sep 21 : Introduction to Security, Privacy and Usability

Hour 1: Definitions and Goals of Computer Security. Policies and Perimeters. What is a security policy? Who writes it? What does it include? What does it not include? Perimeter definition and Risk assessment. Attack classification. Examination of some sample policies. Discussion of security incidents. Formulation of a security policy for the class website. Military vs. Commercial objectives. Role of Audit and verification. Codes of Ethics.

Hour 2: Understanding Privacy: data disclosure, fair information practices.

Assignment #1 Security Incidents

Part 1: Create your own definition of security. Use no more than 1 paragraph. Submit online before Friday.

Part 2: Write a 950-word essay describing a security incident in which you were personally involved. Be sure to include relevant details including what happened, the outcome, lessons learned, and how the organization recovered. Ideally the incident should involve computer security, but if you cannot think of one, then just pick any security incident --- for example, a theft at school or a case of cheating. Submit online before class on Tuesday.

Required Readings

Mandatory Readings:

Database Nation:

Web Security, Privacy & Commerce:

ACM Code of Ethics

Optional Readings:

Chapter 5 (pp. 33-44), "Special Pub 800-12 -- An Introduction to Computer Security: The NIST Handbook," Computer Security Resource Center (CSRC), National Institute of Standards and Technology, 1996. Download from

Optional Readings, Resources, and Links: - Enterprise Technology News and Reviews (at,1759,1583347,00.asp)

NHS patient privacy? What patient privacy! | The Register (at

Electronic Communications Privacy Act of 1986

Children's Online Privacy Protection Act of 1998 (COPPA)

HIPAA Privacy Rule and It's Impacts on Research

Lecture 2 - Sep 28 : Introduction to HCI Usability

What makes interfaces good and bad. Affordances. User models Information hidden in the user interface. Why the web is not a good model for understanding usability, security and privacy. Refer links. Web logfiles and cookies. Google.

Assignment #1 collected

Assignment #2 Policy 2

Assignment #2: Read the privacy policies for, a website belonging to a federal agency, a website belonging to a university, and one other organization. Write an unbiased 3-page memo comparing the features of each, taking into account the requirements of COPPA, ECPA, and other privacy-related legislation. Do not present your opinion.

Required Readings

Apple Human Interface Guidelines, Apple Computer

Optional Readings, Resources, and Links:

The UI Hall of Shame (at

Pixelcentric Interface Hall of Shame (at

Lecture 3 - Oct 05 : Physical Security and Information Leakage

Hour 1: Locks and master keys. Tempest. Soft tempest. Optical Tempest.

Hour 2: Information left on hard drives.

Assignment #2 collected

Assignment #3 Disk Forensics

Obtain a USB flash device from yourself or a friend. Image the device's memory and write a 3 page sanitized report about what you find. Be sure to discuss the tools you used, the files, deleted files, and data in the slack space. If the USB device that you have is not sufficiently interesting, or if you are unable to find one that you can image, you may use one of the images from the class website.

You will have 2 weeks to work on this Assignment, but you should send a 1-paragraph status report to the course instructor by the end of this week

Three images have been posted to the class website:


Required Readings

M. Blaze. "Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks." March 2003. IEEE Security and Privacy. March/April 2003. [GZIPed PostScript], [PDF].

Kuhn, Markus G., Anderson, Ross, "Soft Tempest: Hidden Data Transmissions Using Electromagnetic Emanations, David Aucsmith (Ed.): Information Hiding 1998, LNCS 1525, pp. 124-142, 1998.

Kuhn, Markus, G., Optical Time-Domain Eavesdropping Risks of CRT Displays, Proceedings 2002 IEEE Symposium on Security and Privacy, 12-15 May 2002, Berkeley, CA., pp. 3-18. [FAQ]

Loughry, Joe., Umphress, D., "Information Leakage from Optical Emanations, ACM Transactions on Information System Security, Vol 5, No 3., August 2002.

Garfinkel., S., Shelat, A., Remembrance of Data Passed: A Study of Disk Sanitization Practices, IEEE Security and Privacy, January 2003.

Optional Readings, Resources, and Links:

Robinson, Sara, Master-Keyed Mechanical Locks Fall to Cryptographic Attack, SIAM News, Volume 36, Number 2, 2003.

"Engineering and Design - Electromagnetic Pulse (EMP) and Tempest Protection for Facilities", EP 1110-3-2, 31 December 1990.

Politrix Tempest Archive

The Complete, Unofficial TEMPEST Information Page,

Ross Anderson's Home Page (at

Markus Kuhn’s home page (at

The Coroner's Toolkit (TCT) (at

Brian Carrier: Digital Forensics (at

The Sleuth Kit & Autopsy: Forensics Tools for Linux and other Unixes (at

Lecture 4 - Oct 12 : Today's Network Security Landscape

Hour 1: The standard model by which computer systems are protected in a networked world. How the Internet works. Addressing. DNS. ARP. Firewalls. Intrusion Detection Systems. Network Forensics. Firewalls. Anti-virus.

Hour 2: Defeating the standard model. Viruses, Worms, and Peer-to-peer.

Required Readings

Good, Nathaniel S., Krekelberg, Aaron, Usability and privacy: a study of Kazaa P2P file-sharing

Database Nation:

Web Security, Privacy & Commerce:

Lecture 5 - Oct 19 : Authentication and Identification

Today we will talk in detail about identification, authentication and authorization. They're all different!

Hour 1: Passwords Why do we use passwords? Password policies. Graphical Passwords Recovering Passwords; EBAI.

Hour 2: Biometrics

Assignment #3 collected

Assignment #4 Hashing

The hashing assignment:

Assignment #4:

Required Readings

National Bureau of Standards, Federal Information Processing Standards Publication 112 --- Password Usage, May 30, 1985.

Adams, Anne, and Sasse, Martina Angela, "Users are not the Enemy", Communications of the ACM, Volume 42, Issue 12, December 1999, pp. 40-46

Garfinkel, S. Email-Based Identification and Authentication: An Alternative to PKI?, IEEE Security and Privacy, November/December 2003.

Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K., & Rubin, A. D. (1999, August). The Design and Analysis of Graphical Passwords. Paper presented at the Proceedings of the 8th USENIX Security Symposium.

Pankanti, Sharath, et. all, On the Individuality of Fingerprints.

Tsutomu Matsumoto, Hiroyuki Matsumoto, Koji Yamada, Satoshi Hoshino, Impact of Artificial "Gummy" Fingers on Fingerprint Systems

[Gummy Fingers Slides]

EFF, Biometrics: Who's Watching You

Liu, Simon, and Silverman, Mark, A Pradctical Guide to Biometric Security Technology

Optional Readings, Resources, and Links:

Biometrics: The Journal of the International Biometric Society

The Biometric Consortium

NIST: The Biometrics Resource Center Website

EPIC: "Biometric Identifiers"

United States General Accounting Office, Using Biometrics for Border Security, November 2002.

Jim Liddell, Karen Renaud and Antonella De Angeli. USING A COMBINATION OF SOUND AND IMAGES TO AUTHENTICATE WEB USERS. Short Paper. HCI 2003. 17th Annual Human Computer Interaction Conference. Designing for Society. Bath, England. 8-12 Sept, 2003."

Lecture 6 - Oct 26 : Crypto 1

Hour 1: One-way functions and the random oracle model. MD5 and SHA-1. How to store passwords: the pros and cons of hashing. Cracking Passwords. Uses of hash functions for data identification. MACs. Display of hash fingerprints. Visual hashes.

Hour 2: Symmetric Encryption algorithms. Simple ciphers. One-time pads. DES. RC2, RC4, AES.

Required Readings

RSA Laboratories Crypto FAQ Chapter 3.

The Crypto FAQ, Questions 94, 95, 96, 97, 98, 99, 100, 101.

The rest of the RSA Crypto FAQ. Please be sure to read in particular:

Marcus J. Ranum's One Time Pad FAQ

NIST AES Home Page

OpenSSL: Documents, md5(3) (at

OpenSSL: Documents, sha(3) (at

Maheshwari, Umesh, Vingralek, Radek, and Shapiro, William, "How to Build a Trusted Database System on Untrusted Storage"

Optional Readings, Resources, and Links:

L0phtcrack - LC5

Crack Password - Password Recovery Software, by Elcomsoft

RFC 1321 (rfc1321) - The MD5 Message-Digest Algorithm (at

RFC 3174 (rfc3174) - US Secure Hash Algorithm 1 (SHA1) (at

FIPS180-1: SHA-1

FIPS180-2: The Secure Hash Standard


A file system using hash trees for integrity

Lamport's One-Time Passwords

Hash cash (Adam Back)

Slides on the relative speed of hardware implementations of AES finalists and DES, 3DES

FIPS 197: The Advanced Encryption Standard

NIST 800-67: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher

Lecture 7 - Nov 02 : Crypto 2: Public Key Encryption and Secure Messaging

RSA. Certificates and CAs. Smart cards. PEM, PGP and S/MIME Opportunistic Encryption in SSH and SSL. Adding opportunistic encryption to SMTP. Adding opportunistic encryption to email.

Required Readings

Gnu Privacy Guard (GnuPG) Mini Howto (English) (at

OpenSSH Project Goals (at

OpenSSH Project History and Credits (at

Manual Pages: ssh(1) (at

OpenSSL: Support, Frequently Asked Questions (at

Assignment #4 collected

Assignment #5 Secure Messaging

Secure Messaging Assignment

This assignment will teach you about secure messaging and the "cognative walk-through" process of analyzing and critquing user interfaces.

  1. Obtain a Free Personal E-mail certificate from Thawte. Install this certificate in your email client. (You will need to use an email client that supports S/MIME. This list includes Outlook Express, Outlook, Apple Mail, Mozilla Thunderbird, and others.)

  2. Write a cognative walkthrough of your experience obtaining the certificate. For information on the Cognitive Walkthrough process, you may consult this Google Search or read The Cognitive Jogthrough: A Fast-Paced User Interface Evaluation Procedure, Rowley & Rhoades, CHI '92. Please limit your walkthrough to two pages.

  3. Using your certificate, send a digitally-signed email message containing your walkthrough to the staff mailing list.

  4. Obtain a copy of PGP or GPG for your computer. Install it. Create a key.

  5. Have your PGP/GPG key signed by another member of the class.

  6. Test your PGP/GPG key by sending a digitally-signed message to your partner.

  7. Write a 1-page analysis of the different security models in S/MIME and PGP/GPG.

  8. Submit both the cognative walk-through and the 1-page analysis using the class submission system.

This assignment will involve PGP, key signing, and secure messaging.

Required Readings

Web Security, Privacy & Commerce:

Whitten, Alma, J. D. Tygar, Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. USENIX Security Symposium 1999.

D. Wagner and B. Schneier, Analysis of the SSL 3.0 Protocol , The Second USENIX Workshop on Electronic Commerce Proceedings, USENIX Press, November 1996, pp. 29-40.

Marchesini, John, Smith, S., Zhao, Meiyuan, KeyJacking: The Surprising Insecurity of Client-side SSL, Technical Report TR2004-489, Department of Computer Science, Dartmouth College, February 13, 2004

Optional Readings, Resources, and Links:

The GNU Privacy Guard - (at
MIT distribution site for PGP (at
OpenSSH (at
OpenSSL: The Open Source toolkit for SSL/TLS (at

RSA Crypto FAQ Section 3.1: RSA

RSA Crypto FAQ Section 3.5: Elliptic Curve Cryptosystems

PKCS #1 (skim)

Simple Public Key Infrastructure (spki) Charter

RFC 2692
RFC 2693

Ellison, Carl. "SPKI/SDSI Certificates See also Web Of Trust

RSA PKCS Standards

Public-Key Infrastructure (X.509)

What is X.509? - A Word Definition From the Webopedia Computer Dictionary (at
What is digital certificate? - A Word Definition From the Webopedia Computer Dictionary (at

Lecture 8 - Nov 09 : Quiz #1

Covers all material through today.

Lecture 9 - Nov 16 : Trusted Computing, DMCA, and Watermarking

Hour 1: Trusted Computing Hardware vs. Software. Secure co-processors. TCPA. Digital Rights Management Systems. DVD Encryption.


Hour 2: Watermarking


Assignment #5 collected

Assignment #6 Watermarking

This assignment will give you a brief introduction to watermarking systems. We'll focus on the Digimarc watermark available for Windows. If you have a copy of Adobe Photoshop, you'll discover that you have support for watermarking built in. But don't worry, you don't need Photoshop to do this assignment.

1 - Spend some time going through the Digimarc website at Specifically look at IDMARC, the company's claims about homeland security, the company's technology for deterring the use of counterfeits, and MyPictureMarc.

In one paragraph, explain Digimarc's claim that watermarking can have a significant impact on document forging and the misappropriation of digital documents. Do you think that this claim is credible? Why or why not?

2 - Download and install Digimarc's ImageBridge reader and the ImageBridge watermarking plug-in.

You will need to reboot your computer.

Go to your computer's control panel for the Digimarc Watermarks and make sure that the program is configured so that Internet Explorer will display watermarked images on web pages. Now go to the Digimarc technology overview page and verify that the plug-in is working. You should see that two of the images of the bridge are watermarked.

Find another image on the DigiMarc website that is watermarked and report its information. Why do you think that they haven't watermarked all of their images?

3 - If you have a webcam or another video camera that can send real-time images to your computer, try the Digimark print-to-web demo. Briefly, you will download a PDF file, print it out, and then hold up the PDF file to your computer while running the DigiMarc MediaBridge reader. The MediaBridge reader should notice the watermarked image and take you to the appropriate web page. Does it? Do you think that this is a reasonable technology?

4 - Take a look at In particular, the first image agedly has no DigiMarc, but the second image does. Try to verify the DigiMarc on the second image. What happens? Why?

5 - Tom Till Photography uses DigiMarc to label all of its online photographs. The company uses a clever JavaScript roll-over to make it more difficult for people to download its images, and uses a rule on its web-server so that you cannot fetch the image directly.

Figure out some way to obtain a copy of the image of the mountains at Report the MD5 of this image and the image's Digimarc ID. Do you think that the "copy protection" that Tom Till has developed is effective? Why or why not?

6 - is a website of stock photography. The artist claims that all images are digitally watermarked and tracked with the DigiMarc Digital Watermarking system. Are they?

7 - Take one of the watermarked images that you have identified and edit it using PhotoShop, Paint, or some other image manipulation program. How many changes do you need to make to the image before the watermark no longer verifies?

8 - Finally, look at the BitTwiddler Demo on Peter Wayner's website. Can you see a difference between the image with data in one bit plane and the image with data in two? What does the option "Compare Most and Least Significant" mean? Can you explain the two artifacts in the resulting image?

Required Readings

Hide and Seek: An Introduction to Steganography

Dartmouth TR2003-476: Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear

Trusted Computing FAQ TC / TCG / LaGrande / NGSCB / Longhorn / Palladium (at

Optional Readings, Resources, and Links:

Against TCPA | TCPA would TAKE your FREEDOM | This is NO FAKE (at

Freedom to Tinker (at

Welcome to the Anti-DMCA Website (at

Lecture 10 - Nov 23 : Information Warfare and Computer Crime

Worms, Spyware, Social Engineering and Spoofing

Hour 1: Worms and Spyware Trojan Horses and Trusted Path. History of computer viruses and worms. Melissa and ILOVEYOU. Relied on people to propagate them. Dartmouth research.

Hour 2: Social Engineering and Spoofing "Is it safe to enter my password into this window?".


Assignment #6 Collected

Assignment #7 Project Proposals

Required Readings

Boutin, Paul. Slammed! An inside view of the worm that crashed the Internet in 15 minutes.

E. Ye, S.W. Smith., "Trusted Paths for Browsers."11th Usenix Security Symposium. August 2002

Staniford, Stuart, Paxson, Vern, and Weaver, Nicholas. How to 0wn the Internet in Your Spare Time. Proceedings of the 11th USENIX Security Symposium (Security '02)

eEye Digital Security: Analysis of the Code Red Worm

CERT Incident Note IN-2001-09: "Code Red II:" Another Worm Exploiting Buffer Overflow In IIS Indexing Service DLL (at

The "stacheldraht" distributed denial of service attack tool

Optional Readings, Resources, and Links:

Trust Management for Humans -- Waterken YURL (at

Lecture 11 - Nov 30 : Legal Issues, Logging, and Integrity Management

Hour 1: LOGGING What gets logged? Who are logs for? Logging in Unix and Windows. Logfile management. Data management. Visualization of logfiles Log file policies - who gets to see them. Anonymizing PII

Assignment #7 collected

Required Readings

Information Warfare (From Technology Review)

Computer Records and the Federal Rules of Evidence

Audit Trails in Evidence - A Queensland Case Study

Optional Readings, Resources, and Links:

FBI's Cybercrime Crackdown

Dynamic Instrumentation of Production Systems Paper (PDF - 236K)

Federal Rules of Evidence

SWATCH: The Simple WATCHer of Logfiles (at

LogAnalysis.Org (at

Security Utilities - Logfiles (at

Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations

The National Strategy to Secure Cyberspace

Stanford Website Credibility Project

Lecture 12 - Dec 07 : Privacy Protecting Technologies

Onion routing Freedom network Other kinds of PPTs

Required Readings

Free Haven

Tor: The Second-Generation Onion Router

Freenet: A Distributed Anonymous Information Storage and Retrieval System (2000)

Anonymous Connections and Onion Routing (Syverson et al, 1997)

Optional Readings, Resources, and Links:

Onion Routing (at
Hushmail - PGP Compatible Secure Free Email - Login (at - Error 404 (at

Detecting Web Bugs With Bugnosis: Privacy Advocacy Through Education (2002)

Untraceable electronic mail, return addresses, and digital pseudonyms David L. Chaum. February 1981. Communications of the ACM

Onion Routing (CACM 1999)

Lecture 13 - Dec 14 : Special Topics: RFID and Honeypots

Hour 1: RFID

Hour 2: Honeypots

Required Readings

RFID: Tracking Everything Everywhere (at

Stephen A. Weis, Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems

Stephen A. Weis, RFID Privacy Workshop

Garfinkel, Adopting Fair Information Practices to Low Cost RFID Systems

The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy

The HoneyNet Project:

Know Your Enemy,
Know Your Enemy II,
Know Your Enemy III,
Know Your Enemy: A Forensic Analysis

Optional Readings, Resources, and Links:

Honeynet Sebek

Slides from DIMACS

Giving Johnny the Keys, Alma Whitten

Lecture 14 - Dec 21 : Aligning Security and Usability

Can desktop software be designed in such a way as to promote interaction that is inherently more secure than is commonly seen today? We will focus on two proposals: Ka-Ping Yee's "User Interaction Design for Secure Systems" and Alma Whitten's "Safe Staging." Please read the first two papers and skim the full Whitten and Tygar report and come prepared to discuss.

Assignment Take Home Quiz

Required Readings

Ka-Ping Yee, User Interaction Design for Secure Systems.

Whitten, Alma, and J. D. Tygar, Safe Staging for Computer Security, the CHI 2003 workshop paper introducing safe staging.

Whitten, Alma, and J. D. Tygar, Usability of Security: A Case Study, CMU-CS-98-155, the 26-page version of Why Johnny Can't Encrypt

Optional Readings, Resources, and Links:

interaction design for end-user security.

Andrew Patrick's home page

Lecture 15 - Jan 04 : Extra Class

Lecture 16 - Jan 11 : Presentation of Final Projects

More presentation of projects Papers due by email at beginning of class.