Course Overview and Organization CIS 4930/6930 – Privacy-Preserving and Trustworthy Cyber-Systems Dr. Attila Altay Yavuz Course Overview and Organization Dr. Attila Altay Yavuz Spring 2019

Outline About Instructor High-level Objectives Grading (Tentative) Schedule Details on the execution of the course Q&R

Self-Intro (Education and Employment) Assistant Professor, University of South Florida (August 2018 – now) Externally funded research programs: Applied Cryptography Research Group: Publications, patents, SW frameworks Assistant Professor, Oregon State University (2014 – now: Courtesy Faculty) Co-establisher of cyber-security curriculum: 4 new courses Research Scientist, Bosch Research Center (2011-2014) Security and privacy research programs: Privacy Enhancing Technologies Publications, patents, technology transfers Adjunct Faculty, University of Pittsburgh (2014 - now) Ph.D., North Carolina State University (2007-2011) Compromise Resilient and Compact Cryptography for Digital Forensics MS, Bogazici University (2004-2006): Research Engineer Efficient Crypto Mechanisms for Satellite Networks Self-Intro (Education and Employment)

High-Level Objectives Trustworthy-Cyber Systems: “Practically \inf” \# of PhD Theses, yet we have only one semester! Out of Our Scope: Legislation, law and policy making Privacy policies: Application specific Usability, HCI, soft-privacy, privacy configs, device configs… Focus: Privacy&Trust via Cryptographic Enforcement Cryptographic Access Control on Sensitive Data Foundational Cryptographic Primitives, Tools, Protocols Key Management, Distribution Privacy Enhancing Technologies Encrypted databases, Searchable encryption, Private Information Retrieval, Oblivious access Blockchains, privacy-preserving machine learning

High-Level Objectives Regulate who accesses which information under what policy? And how? . . . Access Control & Policy Data Structure Access Control Authentication Integrity Confidentiality How to enforce access control? Cryptography! I) One-way and Keyed Primitives Hash functions Merkle-tree Hash-based Message Authentication Hash-chains and forensic tool Foundational Primitives Advanced Topics Advanced Topics Functional Encryption-I Searchable encryption on databases Blockchains Authentication Puzzle Solutions Functional Encryption-II Oblivious accesses on encrypted databases Cyber-Security in Post-Quantum Era II) Symmetric Encryption SPN Network, Feistel Advanced Encryption Standard Functional Encryption-III Private retrieval on public databases Machine Learning and Privacy III) Public Key Techniques Key Exchange: Diffie-Hellman Encryption: Elgamal Digital Signatures: Schnorr, DSA

Grading: No midterm/final, but: Undergraduate Student: Homeworks (2 HWs, %20) Asks you to dig deeper in topics covered in weeks 1-7 (questions are from foundations only) In-class presentation (%25): Present a paper(s) from security conferences. Important practice opportunity for future career! Survey paper (a team of two, %45): Extra-credit for a research paper Select a topic and write a detailed survey paper (6 pages IEEE style) Develop a knowledge base on an important topic  Practice executive reports AI/Crypto, Blockchains, post-quantum crypto, encrypted DB, many potentials… In-class participation (%10): Constructive feedback for student presentations will be collected plus in-class engagement. Learn about graduate school: Research scientist, program manager (NSF, NASA, DoD), professor careers, WHY, BENEFITS, CAVEATS, HOW? Graduate: The same plus extra HW + research paper (theory, comparison, analysis, implementation, etc..,), see syllabus.

Topics – Syllabi Outline – TENTATIVE TIMING Week 1- 7: BUILD CRYPTOGRAPHIC FOUNDATIONS Week 1-2: Hash-based primitives and their applications Hash functions, Merkle-Damgard, properties of hash functions, message authentication codes Merkle-hash trees, memory integrity protection, hash-chains for password protection Denial of service mitigation with client-server puzzles Week 3-4: Symmetric Encryption Primitives Symmetric Primitives: DES and AES Introduction to symmetric-key cryptography and encryption techniques (SPN, Feistel Ciphers) Design and analysis of Advanced Encryption Standard (AES) Modes of Operations Week 5-7: Public Key Encryption, PKI and Digital Signatures DH Key Exchange and PKI Elgamal Encryption Schnorr digital signature and Digital Signature Algorithm Week 7 – Instructor Travels: Lattice-based cryptography by Mr. Rouzbeh Behnia

Topics – Syllabi Outline – TENTATIVE TIMING Week 8-16: ADVANCED TOPICS AND PRESENTATIONS Week 8-9: Privacy Enhancing Technologies [A lecture on project feedback] Search on privacy-preserving systems: Searchable Encryption technology (Instructor) Potential Graduate Student Presentations: Private Information Retrieval (2) Differential Privacy (2) Wireless Network Security or Oblivious random access machine (2) Week 10-12: Selected Topics in Cyber-Security Undergraduate student presentations (2 each lecture, 4 per week) Cyber-security in Blockchains Artificial Intelligence and Cyber-security Selected topics Week 13: Light-weight authentication for Internet of Things (IoT) Instructor Lecture Week 14-15: Selected Topics in Cyber-Security System, software, hardware security Week 16: Real-time authentication for Internet of Things (IoT)

Presentations We must decide a scheduling for presentations, volunteering preferred, or other policies will be implemented. Grad students go first Avoid re-scheduling mess: Changing presentation date is only possible with a doctor report.  Prevent CHAOS Select papers from top cyber-security conferences and present them: Published between 2013 – 2019 Tier 1: ACM CCS, IEEE S&P, NDSS, Usenix, Crypto, Eurocrypt, Asiacrypt, PoPETs Tier 1.5: IEEE Infocom (networking), ACM AsiaCCS, Tier 2: IEEE ICDSC, CNS, Esorics, ACSAC, DBSec, ACM WiSec, DSN, ACNS, AsiaCCS Not core security: IEEE Globecomm, ICC, Milcom, ICNC

Survey/Research Projects Select your papers as in previous list, but years can be older. Potential topic lists (includes but not limited to): Privacy Enhancing Technologies: Searchable encryption, ORAM, Private Information Retrieval Differential Privacy Cyber-security in aerial drones and vehicular networks Cyber-security in Blockchains, classical and post-quantum era Secure Electronic Voting Digital Signatures Post-quantum Cryptography Intersections of Artificial Intelligence (ML) and Cyber-security Intersections of Artificial Intelligence and Cryptography System Security, OS Security, Wireless network security Hardware security Form a group of two, and inform me your topic ASAP Exceptions possible for a single-person project Grad students can do individual projects with a permission By January 14th : Names in your group and topic to be emailed

Survey/Research Projects Select your papers as in previous list, but years can be older. Potential topic lists (includes but not limited to): Privacy Enhancing Technologies: Searchable encryption, ORAM, Private Information Retrieval Differential Privacy Cyber-security in aerial drones and vehicular networks Cyber-security in Blockchains, classical and post-quantum era Secure Electronic Voting Digital Signatures Post-quantum Cryptography Intersections of Artificial Intelligence (ML) and Cyber-security Intersections of Artificial Intelligence and Cryptography System Security, OS Security, Wireless network security Hardware security Form a group of two, and inform me your topic ASAP Exceptions possible for a single-person project Grad students can do individual projects with a permission By January 14th : Names in your group and topic to be emailed

Research Projects: Graduate Theoretical analysis and comparison of methods Implementation and comparison of methods: Better New algorithm design, new system design: Even better A different topic is ok, but if you want to use your existing research, you have to bring me an explicit written consent from your supervisor Confidentiality requirements of your funding Your advisor might want to keep it secret Do not bring it up unless you are permitted, or it is trouble! There will be an in-terim report in the middle of semester, and I will give you one-on-one feedback on your research report. In-terim report will be graded, do NOT put off your writing.

Research Projects: Graduate A good guideline to research writing: https://www.darpa.mil/work-with-us/heilmeier-catechism The Heilmeier Catechism: What are you trying to do? Articulate your objectives using absolutely no jargon. How is it done today, and what are the limits of current practice? What's new in your approach and why do you think it will be successful? Who cares? If you're successful, what difference will it make? What are the risks and the payoffs? How much will it cost? How long will it take? What are the midterm and final "exams" to check for success?

Survey Reports: Undergraduates What are you trying to do? Articulate your objectives using absolutely no jargon. What are the necessary background information for your topic? How is it done today? What are the limits of current practice? What are the advantages? What do you expect for the future of this survey topic? There will be an in-terim report in the mid-semester, and I will give you one-on-one feedback on your survey report. In-terim report will be graded, do NOT put off your writing.

Logistics and Notes Instructor Office Hours, CANVAS and Course Webpage: Instructor: Dr. Attila A. Yavuz Office: ENG 117 Email: attilaayavuz@usf.edu URL: http://www.csee.usf.edu/~attilaayavuz/ Office Hours: TR 2:30 PM – 4:00 PM Class email (important!) and in-class announcement Both CANVAS and course page will be used together A protocol and cryptography oriented approach to cyber-security Plenty cryptography! Instructor Travels 1-2 weeks of travel (out of state or out of US)

Resources Follow course webpage, slides, research papers and assignments will be announced at course webpage or CANVAS! Look for class e-mails. Free online cryptography resources: Lecture notes of Dr. Mihir Bellare: https://cseweb.ucsd.edu/~mihir/cse207/classnotes.html "The Joy Cryptography" from Dr. Mike Rosulek: http://web.engr.oregonstate.edu/~rosulekm/crypto/ Please read syllabus.