Advanced Security:  2013-2014

Overview

The Advanced Security course is designed to bring students towards the research boundaries in computer security, covering contemporary topics in depth. It is split into two modules, each an area of interest to members of the Computer Security research group. This year the modules will be called :

Bootstrapping Security: 8 lectures, first half of term, Bill Roscoe

Connecting and authenticating devices in the modern world.

Information Hiding: 10 lectures, second half of term, Andrew Ker

Hiding secret information inside apparently-innocent covers.

Learning outcomes

To attain a deeper understanding of certain contemporary topics in computer security, bridging the gap to research.

Bootstrapping Security

Modern technology brings many opportunities for connecting devices together by means such as wifi, Bluetooth or connection to the internet. In many cases we want to make these connections secure: authenticating the identity of the device connected to, making them secret and carrying out (e.g. financial) transactions using them. In this module we examine the theory and practice of doing this using both conventional means (using a pre-existing security structure) and methods based on things such as co-location and human judgement.

Information Hiding

Steganography is the art and science of hiding a secret payload inside an innocent cover, typically hiding inside digital media such as images, movies, or mp3 audio. The course covers the definitions, practice, and theory of hidden information in way accessible to newcomers. We will cover the details of getting inside digital images in order to hide information, the different sorts of embedding operations commonly used, and how hidden information can be detected. Some linear algebra allows for more efficient hiding. Finally, we see some mathematical theory which explains how the amount of hidden data grows with the space in which is can be hidden.

Prerequisites

For both modules, the Computer Security course (or its equivalent).

For the Information Hiding module: basic (1st yr) probability, basic (1st yr) linear algebra. The Information Hiding practical will be in C, but only a very basic understanding of the language will be required.

Synopsis

Bootstrapping Security (weeks 1-4, 2 classes, 1 practical)

Background The concept of authentication and authentication protocols.  The Dolev-Yao model of an attacker and the impossibility ofbootstrapping security under it without some pre-existing security infrastructure.  Examples of weak protocols and attacks on them. Authentication and key establishment via PKIs and trusted third parties. Diffie Hellman key agreement and the need for additional authentication. Limitations of conventional authentication in the world of pervasive computing. [2-3 lectures]

Non-standard authentication Out-of-band channels and modified Dolev-Yao. Bluetooth V1 and its security weaknesses.  Cutting out post-hoc attacks.  The limitations of the "perfect cryptography" model: combinatorial search and the "birthday attack".   Separating two roles of hashingin search of short authenticating strings.  HCBK and related protocols for symmetric and asymmetric authentication, and forgroups and pairing. Digest functions and how to construct them. [3-4 lectures]

Applications in social networking, payment, coalition working and healthcare. [2 lectures]

Information Hiding (weeks 5-8, 2 classes, 1 practical)

Steganography. Secret communication, the Prisoners' Problem and the Warden; types of steganography; aims of a cover-modification stegosystem; raw and JPEG digital images; examples of steganography in digital images: spatial-domain LSB replacement, LSB matching, and F5; variations. [2-3 lectures]

Steganalysis. Aims of steganalysis, receiver operating characterstic; examples of structural attacks and payload size estimators on LSB replacement; attacks based on machine learning, example using simplified SPAM features; the wider setting. [2-3 lectures]

Countermeasures. Improving embedding efficiency; syndrome codes, with example based on Hamming codes, theoretical bounds; solving the non-shared selection channel using syndrome codes, applications; optimal embedding. [2-3 lectures]

Theory. Probabilistic models of covers and embedding; using Kullback-Leibler divergence to bound detector performance; the data processing theorem; the square root law for IID covers, and (without proof) extensions. [2-3 lectures]

Syllabus

Bootstrapping Security

Models of attacker: the Dolev-Yao model and the impossibility of bootstrapping security from nothing. Out of band channels. Bootstrapping security from authentication: asymmetric cryptography and Diffie-Hellman. Conventional authentication: PKI and trusted third parties.  Options for authentication by context: position  and human judgement. Two roles of hashing in authentication. Preventing combinatorial attacks. Pairwise and group protocols based on exchange of short strings. Keyed digest functions and their construction. Examples: mobile payment and social networking. The human factor.

Information Hiding

Basic steganography definitions. Examples of hiding in digital images, both spatial and transform domain. Simple detection, advantages and disadvantages of various embedding operations. Hamming codes and wet paper codes, and their applications to hiding. Detection of hidden data via feature vectors, countermeasures. Theory of hidden information: the square root law in the case of i.i.d. discrete sources. Steganography and steganalysis with multiple sources.

Examination: both part C undergraduate and MSc students will be examined by take-home assignment over the Easter vacation. Students must answer questions on both modules.

Reading list

Bootstrapping security

Papers, including:

Lecture notes for this part of the course will be provided, but alternative reading is as follows:

Security basics at the start of the course:

Dieter Gollmann. Computer Security, third edition (any edition is fine). Wiley, 2010. 

The rest of this section some modern, and by some measures unconventional, approaches to security whichis only accessible through academic papers.

Two fairly accessible papers:
L.H. Nguyen and A.W. Roscoe   Authenticating ad hoc networks by comparison of short digests http://www.cs.ox.ac.uk/files/390/arspaLongVersion.pdf
A.W. Roscoe, B. Chen and L.H Nguyen.  Reverse authentication in financial transactions http://www.cs.ox.ac.uk/files/3882/iwssi-spmu2010-roscoe.pdf

Comprehensive treatment that goes into much more depth than we will be doing:L.H. Nguyen and A.W. Roscoe. Authentication protocols based on low−bandwidth unspoofable channels: a comparative survey http://www.cs.ox.ac.uk/files/2857/Compara.pdf

Information Hiding

Jessica Fridrich. Steganography in Digital Media: Principles, Algorithms, and Applications. CUP, 2009.

Andrew Ker. Lecture notes: Introduction to Information Hiding.

Further reading: a few papers from the literature will be disseminated during the course.

Feedback

Students are formally asked for feedback at the end of the course. Students can also submit feedback at any point here. Feedback received here will go to the Head of Academic Administration, and will be dealt with confidentially when being passed on further. All feedback is welcome.

Taking our courses

This form is not to be used by students studying for a degree in the Department of Computer Science, or for Visiting Students who are registered for Computer Science courses

Other matriculated University of Oxford students who are interested in taking this, or other, courses in the Department of Computer Science, must complete this online form by 17.00 on Friday of 0th week of term in which the course is taught. Late requests, and requests sent by email, will not be considered. All requests must be approved by the relevant Computer Science departmental committee and can only be submitted using this form.