COT 5428: Formal Foundations of Cybersecurity
Autumn 2020


Instructor:
  Bogdan Carbunar
  Office: ECS 384
  E-mail: carbunar at cs dot fiu dot edu

Lectures:
  Zoom: Wednesdays 17:00-19:30

Office Hours:
  By appointment. Contact me at the e-mail address above.

Web page: http://www.cs.fiu.edu/~carbunar/teaching/cot5428/cot5428.2020/cot5428.html


Announcements

[Posted on Fri. June 12, 2020]: Webpage is up! Wednesday August 26: First class.

Course Overview

In the first half, the course will cover foundations of cybersecurity including symmetric ciphers, basic number theory, public key cryptosystems, digital signatures, cryptographics hashes and message authentication codes.

List of course topics (tentative):

In the second half, the course will consist of student presentations. Each student will choose a research paper from a list that I will make publicly available in the near future.

Textbooks

We will mainly use the following textbooks, however, the class will focus on the slides that I will post here:

Note that you should not view the availability of lecture notes as a substitute for attending class: our discussion in class may deviate somewhat from the written material, and you should take your own notes as well.


Lectures

The following schedule is tentative and subject to change.

Week # Topic Details
1 August 26 Class overview; Introduction to cybersecurity
2 September 2 Classic Cryptography
3 September 9 Classic and Symmetric Key Cryptography
4 September 16 Symmetric Key Encryption
5 September 23 Public Key Encryption
6 September 30 Public Key Encryption
7 October 7 Public Key Management and Distribution
8 October 14 Cryptographic Data Integrity
9 October 21 Bitcoin, Blockchain and Student Presentation
10 October 28 Student Presentations A Performant, Misuse-Resistant API for Primality Testing. Presented by Thomas Scianmarello.
11 November 4 Student Presentations Traceback for End-to-End Encrypted Messaging. Presented by Andres Sierra.
Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale. Presented by Monica Regonda.
12 November 11 Student Presentations Certificate Transparency in the Wild: Exploring the Reliability of Monitors Presented by Alix LeBrun.
Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China. Presented by Muneeba Asif.
13 November 18 Student Presentations Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations. Presented by Maurice Ngouen.
Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web. Presented by Jonathan La Rosa.
14 November 25 Student Presentations BDoS: Blockchain Denial-of-Service Attacks. Presented by David Osorio.
A Usability Evaluation of Let's Encrypt and Certbot: Usable Security Done Right. Presented by Juan Narvaez.
15 December 2 Final Review Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems. Presented by Miguel San Martin.
16 Dec X Details TBA when available

Suggested Publications for Class Presentations

  • A Usability Evaluation of Let's Encrypt and Certbot: Usable Security Done Right. Christian Tiefenau, Emanuel von Zezschwitz, Maximilian Häring, Katharina Krombholz, Matthew Smith. pdf. To be presented by Juan Narvaez.

  • Certificate Transparency in the Wild: Exploring the Reliability of Monitors Bingyu Li, Jingqiang Lin, Fengjun Li, Qiongxiao Wang, Qi Li, Jiwu Jing, Congli Wang pdf Assigned to Alix LeBrun.

  • Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web. Josh Aas, Richard Barnes, Benton Case, Zakir Durumeric, Peter Eckersley, Alan Flores-Lopez, J. Alex Halderman, Jacob Hoffman-Andrews, James Kasten, Eric Rescorla, Seth Schoen, Brad Warren. pdf. To be presented by Jonathan La Rosa.

  • Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations. Sazzadur Rahaman, Gang Wang, Danfeng (Daphne) Yao. pdf To be presented by Maurice Ngouen.

  • Traceback for End-to-End Encrypted Messaging. Nirvan Tyagi, Ian Miers, Thomas Ristenpart. pdf. To be presented by Andres Sierra.

  • You Are Who You Appear to Be. A Longitudinal Study of Domain Impersonation in TLS Certificates. Richard Roberts, Yaelle Goldschlag, Rachel Walter, Taejoong Chung, Alan Mislove, Dave Levin. pdf. To be presented by Patrianna Napoleon.

  • A Performant, Misuse-Resistant API for Primality Testing. Jake Massimo, Kenneth G. Paterson. pdf. To be presented by Thomas Scianmarello.

  • Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale. Michele Campobasso, Luca Allodi. pdf. Monica Regonda.

  • BDoS: Blockchain Denial-of-Service Attacks. Michael Mirkin, Yan Ji, Jonathan Pang, Ariah Klages-Mundt, Ittay Eyal, Ari Juels. pdf. To be presented by David Osorio.

  • Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China. Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Shuang Hao, Mingxuan Liu, Ying Liu, Dong Wang, and Qiang Li. pdf. To be presented by Muneeba Asif.

  • Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems. Haoran Lu, Luyi Xing, Yue Xiao, Yifan Zhang, Xiaojing Liao, XiaoFeng Wang, Xueqiang Wang. pdf. To be presented by Miguel San Martin.


    Grading Summary

    Your final grade will be computed from the following categories - this is however subject to radical change

    Collaboration and Academic Integrity Policy

    Homeworks are to be done individually, on your own (not in groups). The project(s) will be done in groups.

    For homeworks, you must always write up the solutions on your own. Similarly, you may use references to help solve homework problems, but you must write up the solution on your own and cite your sources. You may not share written work or programs with anyone else.

    Back to main page