CIS 5374 : Information Security and Privacy
Fall 2017

  Bogdan Carbunar
  Office: ECS 383
  E-mail: carbunar at cs dot fiu dot edu

  Office: TBA
  E-mail: TBA

  GL 139: Wed. 13:00-15:50

Web page:


[Posted on Sat. Aug. 19, 2017]: Web page is up! First class on Wed. August 23, 2017.

Course Overview

In the first half of this course we will cover the most important features of information security and privacy. The tentative list of course topics includes: In the second half, the course will consist of student presentations. Each student will choose a research paper from a list that I will make publicly available in the near future.


We will use mainly the following materials:

Note that you should not view the availability of lecture notes as a substitute for attending class: our discussion in class may deviate somewhat from the written material, and you should take your own notes as well.


The following schedule is tentative and subject to change.

Topic Readings
1 Aug 23 Class overview; Introduction   Slides [pdf].
2 Aug 30 Intermediate Protocols: Part I and II   Slides I [pdf], Slides II [pdf].
3 Sep 6 Class canceled due to Hurricane Irma
4 Sep 13 Class canceled due to Hurricane Irma
5 Sep 20 Intermediate Protocols (part III) and Zero Knowledge Proofs: Part I   Sch:Ch 4
[pdf],   [pdf].
6 Sep 27 Zero Knowledge Proofs: Part II
7 Oct 4 Zero Knowledge Proofs: Part III
8 Oct 11 Anonymous Channels
9 Oct 18 Oblivious Communications
10 Oct 25 Digital Payments
11 Nov 1 Student Paper Presentations Advice for student presentations [pdf]
12 Nov 8 Student Paper Presentations
13 Nov 15 Student Paper Presentations
14 Nov 22 Student Paper Presentations
15 Nov 29 Student Paper Presentations
16 Dec 6 Student Paper Presentations
17 Date TBA Final Exam, GL 139, 12 noon-2pm

Suggested Publications for Class Presentations

  • What Does The Crowd Say About You? Evaluating Aggregation-based Location Privacy. Apostolos Pyrgelis, Carmela Troncoso, Emiliano De Cristofaro. [pdf]. To be presented by Roberto Galdamez.

  • Topics of Controversy: An Empirical Analysis of Web Censorship Lists. Zachary Weinberg, Mahmood Sharif, Janos Szurdi, and Nicolas Christin. [pdf]. Assigned to Reid Daimion.

  • Differential Privacy By Sampling. Joshua Joy, Mario Gerla. [pdf]. To be presented by Ross Paisant.

  • Our Data, Ourselves: Privacy via Distributed Noise Generation. Cynthia Dwork, Krishnaram Kenthapadi, Frank McSherry, Ilya Mironov, Moni Naor. [pdf].

  • Robust De-anonymization of Large Sparse Datasets. Arvind Narayanan, Vitaly Shmatikov. [pdf]. To be presented by Roger Jimenez.

  • Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks. Tao Wang, Ian Goldberg. [pdf]. To be presented by Daniela Hernandez.

  • MCMix: Anonymous Messaging via Secure Multiparty Computation. Nikolaos Alexopoulos, Aggelos Kiayias, Riivo Talviste, Thomas Zacharias. [pdf].

  • Catena: Efficient Non-equivocation via Bitcoin. Alin Tomescu, Srinivas Devadas. [pdf]. To be presented by Sharon Ly.

  • Membership Inference Attacks Against Machine Learning Models. Reza Shokri, Marco Stronati, Congzheng Song, Vitaly Shmatikov. [pdf]. To be presented by Julian Zuluaga.

  • Cisco ACI and PCI Compliance Scope Reduction: Verizon Audit, Assessment, and Attestation. [pdf]. Assigned to Aian Denis.

  • Stadium: A Distributed Metadata-Private Messaging System. Nirvan Tyagi, Yossi Gilad, Matei Zaharia, Nickolai Zeldovich. [pdf]. To be presented by Rajender Kumar.


    In order to do well in this class, you need to have taken CIS-5372 and have basic knowlegde of number theory (e.g., know how and why RSA works). Please contact me as early as possible if this is not the case.

    Grading Summary

    Your final grade will be computed from the following categories - this is however subject to change Class participation does not mean class presence. It means participation to discussions, by asking questions and answering questions raised by me or your colleagues.


    From time to time, we may discuss vulnerabilities in widely-deployed computer systems. This is not intended as an invitation to go exploit those vulnerabilities. It is important that we be able to discuss real-world experience candidly; students are expected to behave responsibly.

    You may not break into machines that are not your own; you may not attempt to attack or subvert system security. Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse.

    Unethical or inappropriate actions may result in failing the course and being referred for further discipline.

    Collaboration and Academic Integrity Policy

    Homeworks are to be done individually, on your own (not in groups). The project(s) will be done in groups.

    For homeworks, you must always write up the solutions on your own. Similarly, you may use references to help solve homework problems, but you must write up the solution on your own and cite your sources. You may not share written work or programs with anyone else.

    Back to main page