Readings
This page will list all the non-textbook readings that students are responsible for in CSC 580. Note that some readings are for graduate students only, while others are for all students in the class. Note: some papers are not publicly available due to copyright, and in that case links go through the UNCG library proxy - this will directly access the paper if you are on a UNCG IP address, and otherwise it will ask you to log in with your UNCG account. Non-UNCG people trying to follow these links: Sorry... Try googling the title to see if other versions are publicly available.
Readings for All Students
This reading list is a "work in progress" - additional readings may be added throughout the course of the semester, and deadlines for completing readings will be announced in class.
- The Java Cryptography Architecture (JCA) Reference Guide. All students should read the "Introduction" section (up to "Core Classes and Interfaces") before our February 2 in-class discussion of the JCA. The remaining sections are useful reference for various phases of the semester-long secure chat project.
- Case Study: (Tentative)
T. Kohno, T., A. Stubblefield, A.D. Rubin, D.S. Wallach. "Analysis of an electronic voting system," IEEE Symposium on Security and Privacy, 2004, pp.27-40.
This is an excellent audit of a system in which security should have been paramount, an electronic voting machine used in real elections, but which was full of security-breaking implementation flaws. This paper illustrates just how easy it is for implementers with poor understanding of security concepts to make an insecure system, and how important it is to pay attention to the details. Note: The link goes to a version on Avi Rubin's web site - this version is formatted differently than the "official" version, and may or may not contain exactly the same content.
Readings for Graduate Students
The following readings are required of graduate students, who will write short reports on each research reading. These are all research papers, and go a little deeper technically than the readings above for all students. Note that while this course is an introduction to cryptography, these papers focus more on correct implementation and use of cryptography -- pure crypto research papers, as exemplified by the top-tier CRYPTO conference, typically have a depth that is beyond what is expected in this first, introductory course. Graduate students who are interested in the field are encouraged to take a look at some of these papers, and perhaps dive into some of this depth in their class project.
-
(Report due: Thurs., March 2) Jan Jurjens. "Security Analysis of Crypto-based Java Programs using Automated Theorem Provers," in Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering (ASE '06), 2006, pp. 167-176.
-
(Report due: Thurs., March 23) Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. "An empirical study of cryptographic misuse in android applications," in Proceedings of the 2013 ACM Conference on Computer and Communications Security (CCS '13), 2013, pp. 73-84.
-
Third reading cancelled - begin working on the graduate student project!