Secure Systems Design: An Engineering Perspective

Short Course, 11-12 October 2011

14h00 - 18h00, EPFL-INF 328

Instructor:  Prof. Wayne Burleson,  University of Massachusetts Amherst, MA, USA

Objectives:  This short course takes a top-down approach to the design and analysis of secure systems. Cryptography is presented from a high level as one of several tools to secure systems.  Architecture, software, network, wireless and hardware layers are each explored in terms of threats and solutions. Applications and higher level issues such as economics and human behavior are also presented since they play a large role in overall system security.

Outline:
Introduction to Secure Systems
         Concepts, Methodologies,Threat Models
         How does Security Engineering differ from other Engineering fields?
Examples and Motivations for Secure Systems
         Privacy, Trust, Payments, Medical, Voting, Transportation,...
Introduction to Cryptography
         Private and Public Key Crypto, Signatures, Authentication, Watermarking
Architectural Support for Security - secure computation is enabled by software libraries, instruction set extensions, hardware support and tools.
Software Security - faulty software is a common source of security breaches
Network Security - network security involves many cross-layer solutions
Wireless Security - wireless channels present unique security challenges
Hardware Security - low-level hardware can introduce vulnerabilities
Security Economics - what are the relative costs of breaches and solutions?
Behavioral Security - many security/privacy breaches are due to human error
Demonstrations of Secure Systems and Attacks possibly including: Smart card side channel attack, medical device eavesdropping attack, transportation payment system on Javacard.
Case Studies: 1)Transportation Payment Systems 2) Secure Bio-sensing
Conclusions, Future Directions and Open Problems

 

Readings:
This is a collection of recent research papers describing secure systems and components, their design, use and various types of attacks. The papers all appear in IEEE or ACM archives, however, links to download the pdfs of the two 2011 papers (2 and 4) are included, since they may not yet be available. Links to some of the author web-sites that provide more information and papers in these exciting areas are also included. Enjoy!

  1. RFID security and privacy: A research survey, A . Juels, IEEE Journal on  Selected Areas in Communications,  2006.
    Download PDF.
    See also http://rfid-cusp.org 

  2. Comprehensive Experimental Analyses of Automotive Attack Surfaces, 
T. Kohno et al - USENIX Security Symposium, August 2011.
    Download PDF.
    See also http://www.autosec.org/faq.html

  3. Designing for Audit: A Voting Machine with a Tiny TCB, R. Gardner, S. Garera, A. Rubin,  Financial Cryptography Conference, 2010.
    Download PDF.
    See also http://www.springerlink.com/content/a7rq455587883k24/

  4. They Can Hear Your Heartbeats: Non-Invasive Security for Implanted Medical Devices, S. Gollakota, H. Hassanieh, B. Ransford, D. Katabi, K. Fu
In, Proceedings of ACM SIGCOMM. August 2011.
    Download PDF.
    See also http://secure-medicine.org/

  5. Who Controls the off Switch? R. Anderson, S.  Fuloria, IEEE International Conference on  Grid Communications, 2010.
    Download PDF.
    See also http://www.cl.cam.ac.uk/~rja14/

  6. On the power of power analysis in the real world: A complete break of the KeeLoq code hopping scheme, T.Eisenbarth, T. Kasper, A. Moradi, C. Paar… - Advances in Cryptolog, CRYPTO 2008.
    Download PDF.

  7. Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers, D.Holcomb, W. Burleson, K. Fu, IEEE Transactions on Computers, 2009.
    Download PDF.

  8. Transient Based Identification of Sensor Nodes, B. Danev, S. Capkun, ACM/IEEE IPSN 2009.
    Download PDF.
    See also http://www.syssec.ethz.ch/