6.915
Network and Computer Security

(Note 6.915 was the temporary name for 6.857)

6.915 is an upper-level undergraduate, first-year graduate course on network and computer security. It fits within the Computer Systems and Architecture Engineering Concentration. The prerequisites are 6.033, and either 6.046 or 18.063.

Topics covered will include the following:

• Techniques for achieving security in multi-user computer systems and distributed computer systems;
• Cryptography: secret-key, public-key, digital signatures;
• Authentication and identification schemes;
• Intrusion detection: viruses;
• Formal models of computer security;
• Secure operating systems;
• Software protection;
• Electronic mail;
• Security of the World Wide Web;
• Electronic commerce: payment protocols, electronic cash;
• Firewalls;
• Risk assessment, and others.

• Instructor: rivest@theory.lcs.mit.edu.)
• Teaching Assistant: rosario@theory.lcs.mit.edu.)
• Course Secretary: Be Hubbard (be@theory.lcs.mit.edu.)

One of the requirements for the class was to write a term paper. You can follow a link to the 6.915 Term Papers Page

Lectures

• Lecture 1: Administrivia. Overview of course. Discussion of security objectives. Ethics.

  Handout 1: Course Information.

  Handout 2: Course Outline.

• Lecture 2: Physical Security. Discussion of risks. Physical protection. Tamperproof devices and chips. Copy protection. Backup; disaster planning; cold sites.

  Reading: MIT Guide to Lock Picking

• Lecture 3: Risk analysis. Communications Security. Introduction to Cryptography.

  Readings:

  • alt.2600 Survival Guide
  • alt.2600 FAQ

  Handout 3: Problem Set 1.

• Lecture 4: Secret-Key Cryptography. One-time pad. Message authentication codes (MAC). One-time linear MAC. DES. RC5. Discussion over the recently discovered Netscape security flaw.

  Readings:

  • On the Netscape Security problems
  • Efficient DES Key Search by M. Wiener
  • The RC5 Encryption Algorithm by Ron Rivest

• Lecture 5: Modes of operations for symmetric encryption: Cipher-Block Chaining (CBC), Electronic Code Book (ECB), Cipher Feedback (CF), Output Feedback (OF.) CBC MACs. Introduction to Public Key Cryptography.

  Handout 4: Problem Set 2.

  Handout 5: Following reading material:

  • How to Share a Secret by Adi Shamir
  • Toward a National Public Key Infrastructure by Santosh Chokhani
  • Key Escrowing Today by Dorothy Denning and Miles Smid

• Lecture 6: Digital Signatures. Collision-free hash functions. MD5. SHA. Specifics of public-key systems. RSA. El Gamal. DSS. Secret Sharing.

  Handout 6: Reading material.

  Readings:

  • The MD5 Message Digest Algorithm by Ron Rivest, Internet RFC 1321.

• Lecture 7: Key agreement. Key Escrow. Oblivious Transfer. Zero-knowledge proofs.

  Handout 7: Problem Set 3.

  Handout 8: Following reading material:

  • Authentication and authenticated key exchange by Whitfield Diffie, Paul Van Oorschot and Michael Wiener
  • Translucent Cryptography by Ron Rivest

• Lecture 8: Logic of Authentication. Proving protocols secure using logic. Analysis of Kerberos.

  Handout 9: Problem Set 1 Solutions.

  Handout 10: Problem Set 2 Solutions.

  Handout 11: Following reading material:

  • A Logic of Authentication by Michael Burrows, Martin Abadi and Roger Needham
  • EC plans encryption rules from NATURE

• Lecture 9: Passwords.

  Handout 12: Problem Set 4

  Handout 13: Following reading material:

  • A Performance Evaluation of Biometric Identification Devices by J.P. Holmes, R.L. Maxwell and L.J. Wright.
  • The S/KEY One-Time Password System by N. Haller.

• Lecture 10: Biometric identification devices. Auditing. Intrusione detection.

  Handout 14: Problem Set 5

  Handout 15: Following reading material:

  • Stalking the Wily Hacker by Cliff Stoll
  • An Intrustion-Detection Model by Dorothy Denning
  • Reflections on Trusting Trust by Ken Thompson

  Handout 16: An article that appeared on the New York Times on October 11, 1995. Also the Lecture 11: Secure sharing of information. Access control. Discretionary versus mandatory access control. Access control lists. Capabilities.

  Handout 17: Following reading material:

  • The Protection of Information in Computer Systems by Jerome Saltzer and Michael Schroeder.
  • Protection and the Control of Information Sharing in Multics by Jerome Saltzer

• Lecture 12: Viruses. Trojan horses.

  Handout 18: Problem Set 6.

  Handout 19: Following reading material:

  • The Design and Implementation of TripWire: A File System Integrity Checker, by G.H. Kim and E.H. Spafford.
  • With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988, by M.W. Eichin and J.A. Rochlis.
  • Experience with viruses on UNIX systems, by Tom Duff.

  Handout 20: Problem Set 3 Solutions.

• Lecture 13: Mandatory access control. The Bell-LaPadula disclosure model.

• Lecture 14: The Biba and Clark-Wilson integrity model.

  Handout 21: Midterm exam. This is the correct version with the new due date and a revised version of both Problem 2

  Handout 22: Following reading material:

  • Chapters 9 and 12 of Fundamentals of Computer Security Technology, by E. Amoroso, Prentice Hall.
  • A comparison of Commercial and Military Computer Security Policies, by D. Clark and D. Wilson.

• Lecture 15: Fingerprinting of software and data.

  Handout 23: Problem Set 4 Solutions.

  Handout 24: Problem Set 5 Solutions.

  Handout 25: The paper Collusion-Secure Fingerprinting for Digital Data. by Dan Boneh and James Shaw.

• Lecture 16: Electronic Payments Schemes

  Handout 26: Problem Set 7

  Handout 27: The paper iKP -- A Family of Secure Electronic Payment Protocols by M.Bellare, J.Garay, R.Hauser, A.Herzberg, H.Krawczyk, M.Steiner, G.Tsudik, M.Waidner.

• Lecture 17: Electronic Money: Micropayments. The First Virtual Scheme. Millicent. Payword.

  Handout 28: The papers

  • PayWord and MicroMint: Two simple micropayemnt schemes by Ron Rivest and Adi Shamir.
  • The Millicent Protocols for Electronic Commerce by Mark Manasse

• Lecture 18: Micorpayments: Micromint. Introduction to Digital Cash.

  Handout 29: Problem Set 8

  Handout 30: Reading material.

• Lecture 19: Digital Cash, continuation.

• Lecture 20: Digital Cash, continuation.

  Handout 31: The paper Untraceable off-line cash in wallets with observers by Stefan Brands.

• Lecture 21: Anonymous transactions.

  Handout 32: Problem Set 9

  Handout 33: The paper Security Without Identification: Transaction Systems to Make Big Brother Obsolete by David Chaum.

• Lecture 22: Network Firewalls

  Handout 34: Problem Set 6 Solutions

  Handout 35: The paper Network Firewalls by Steve Bellovin and William Cheswick

• here for a PostScript version of the notes)

  Handout 36: The paper Security Flaws in the HotJava Web Browser by Drew Dean and Dan S. Wallach

  Handout 37: Problem Set 7 Solutions

• Lecture 24: Electronic Elections Protocols

  Handout 38: The paper A receipt--free election scheme tolerating a dynamic coercer by Rosario Gennaro.

• Lecture 25: Authentication in Distributed Systems

  Handout 39: Problem Set 8 Solutions

  Handout 40: The paper Kerberos: An Authentication Service for Computer Networks by B. Clifford Neuman and Theodore Ts'o

  Reading Material: Internet Request for Comment RFC1510

• Lecture 26:: Timing attacks. Presentation of term papers

  Handout 41: The paper Cryptanalysis of Diffie-Hellman, RSA, DSS and other systems using timing attacks by Paul Kocher

  Handout 42: Problem Set 9 Solutions

Students are required to scribe notes for each lecture. These notes are available by clicking on the lecture number link.

LaTeX Help: Click on this link to get some documentation on how to get started with LaTeX to write class notes.