519/ECE 599 (Special Topic): Applied Cryptography
School of Electrical
Engineering and Computer Science
Dr. Attila A. Yavuz
| Kelley Engineering Center
MW 2:00 – 3:20 PM
Tuesday 4:00 – 6:00
covers essential concepts of cryptographic primitives, applied
tools, specialized authentication methods and digital signatures. This
focuses on the latest security and privacy issues in applied
domain such as Privacy Enhancing Technologies and their
applications. Finally, this course explores the
state-of-art applied cryptography research problems and solutions via
literature survey and research projects. Remark
that this is a research-oriented
course, in which students are expected to read
conduct surveys on recently emerging topics in applied cryptography
finally develop original solutions to important problems.
the end of this course, successful students will have a
of applied cryptography and network security essentials, which will
help them as a
differentiating factor to obtain competitive R&D positions in
Furthermore, the students will gain experience on conducting research
writing (preliminary) papers in applied cryptography domain.
encourage/prepare interested students to purse advanced degrees in
PLEASE SEE SYLLABUS
Introduction-Level security course is recomended.
A good programming knowledge on C/C++ and/or Java is recommended.
However, these prerequisites will not be enforced, and open to
contact with the instructor if you have doubts.
The details of scheduling and
course material (e.g., research
papers, slides) will be provided as the course progresses.
will be provided (generally) a few days advance. Students are
strongly suggested to read research papers and slides before coming to
the class. The material will be non-trivial and prior
reading/familiarity will be very helpful.
Material to Recap: Assuming you have already
taken crypto/security classes, please recap on cryptographic
hash functions, block-ciphers, encryption modes, basic number theory
including multiplicative inverse, cyclic-multiplicative groups,
generators, totient-functions, RSA, DH, Elgamal, Schnorr signatures.
These are the minimum background information you will need.
- Jonathan Katz and Yehuda Lindell, Introduction to Modern
Cryptography: Principles and Protocols
- Douglas Stinson, Cryptography:
Theory and Practice, 3rd Edition.
The below schedule, topics and paper/presentations are tentative,
it will be updated frequently, please check accordingly:
||Research Papers and
Objectives and Vision,
discussion on the course content and Syllabus
The below links are for backup and background if needed
Constructions and More on Signatures
Authentication and Digital Signatures I
Practical and Immutable Signature Bouquests
Hardware-Accelerated Authentication and RA
Structure-Free Compact Authentication (SCRA)
A. Mudgerikar, Ankush Singla, Ioannis Papapanagiotou and Attila
Hardware-Accelerated Authentication for Internet of Things in Mission
Critical Vehicular Networks”,
International Conference for Military Communications (IEEE MILCOM
2015), to appear, October 2015
Attila A. Yavuz,
Immutable Signature Bouquets (PISB) for Authentication and Integrity in
27th Annual Conference on Data and Applications Security and Privacy
(DBSec 13), Lecture Notes in Computer Science (LNCS), Volume
7964, July 2013.
SCRA is on the board with BLS signatures
| Privacy Enhancing Technologies (I)
a) TESLA Variants
Group Key Management
b) Tree-based GHD
c) Logical Key Hiearchy (LHK)
Attila A. Yavuz and
Jorge Guajardo, “Dynamic
Searchable Symmetric Encryption with Minimal Leakage and Efficient
Updates on Commodity Hardware”, Selected Areas in
Cryptography (SAC) 2015, Sackville, New Brunswick, Canada, August 2015.
Thang Hoang, Attila A. Yavuz and Jorge Guajardo, “Practical and Secure Dynamic Searchable Encryption via Oblivious Access on Distributed Data Structure”, in Proceedings of the 32nd Annual Computer Security Applications Conference (ACSAC '16), Los Angeles, California, USA.
Perrig, R. Canetti, D. Song, and D. Tygar, “Efficient
and Signing of Multicast Streams over Lossy Channels,” in
Proc. of IEEE
Security and Privacy Symposium, May 2000.
A. Perrig, R. Canetti,
D. Song, and D. Tygar, “Efficient
and Secure Source Authentication for
Multicast,” in Proceedings of Network and Distributed System
Symposium, February 2001
\M. Steiner, G. Tsudik, and M. Waidner, "Diffie-Hellman Key Disttribution Extended to Group Communication", in Proceedings of the 3rd ACM Conference on Computer and Communications Security, pages 31--37, 1996.
Y. Kim. A. Perrig and G. Tsudik, "Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups." In Proceedings of the 7th ACM Conference on Computer and Communications Security (ACM CCS 2000), ACM Press, Nov. 2000.
Suvo Mittra, "Iolus: a framework for scalable secure multicasting," InProceedings of the ACM SIGCOMM '97, pages 277 - 288, 1997.
D. Wallner, E. Harder, R. Agee, "Key Management for Multicast: Issues and Architectures," IETF RFC 2627, June 1999.
Chung Kei Wong, Mohamed Gouda, Simon S. Lam, "Secure group communications using key graphs," InProceedings of SIGCOMM '98, Pages: 68 - 79.
Mr. Richard Kramer
ESIGN and Other RSA Alterative Signature Schemes
| Privacy Enhancing Technologies (II)
Oblivious Random Access Memory (ORAM)
b) Partition ORAM
c) Path ORAM
d) Novel ORAM Constructions
with Improved Constants
Oblivious Dynamic Symmetric
a) A multi-server
Oded Goldreich and Rafail Ostrovsky. 1996.
Software protection and simulation on oblivious RAMs.J.
ACM 43, 3 (May 1996), 431-473.
E. Stefanov, E. Shi, and D. Song. Towards practical
Oblivious RAM. In Proc. NDSS, 2011.
Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling
Ren, Xiangyao Yu, and Srinivas Devadas. 2013.
Path ORAM: an extremely simple oblivious RAM protocol.
In Proceedings of the 2013 ACM SIGSAC conference on Computer
& communications security (CCS '13).
Oblivious DSSE is on the board
Dr. Jesse Walker
|Slides and board
will be presented
otherwise specified, described papers and presentations are
given by the Instructor with the exceptions of "Selected
Topics Presentations" and" Research Project Presentations", which are
given by students. Responsible students and topics will be announced
later (please see respective (prospective) deadlines).
How to obtain research papers:
Unless otherwise specified, you can obtain them from the ACM Digital
Library or the IEEE Digital Library. OSU has subscriptions to both, so
all you have to do is (1) be using an OSU IP# and you can just go to the ACM
Digital Library or IEEE
or (2) if you're working from elsewhere, go to the OSU
Library e-journals access page,
make your way to the ACM Digital Library or the IEEE Digital Library,
and be ready to type in your ONID username and password.
- Selection of Research
survey/scouting topic: 01.16.2017
- Selection of papers for
in-class presentations: 01.23.2017
- Slides for in-class
presentation is provided to the Instructor:
A week before the
- Interim report for research project
and survey/scouting": TBA
possible one-on-one (team) meetings (depending on the size of the
class) with the Instructor, identification of next steps
- Research project and survey/scouting
report final delivery: TBA
deadlines will be announced under "Take-home Assignments" (if optional
take homes are required)
and Survey/Scouting Topics
Discussed in detail in
Introduction class and office hours.
Potential topics include development and deployment of DSSE schemes in
mobile and parallizable environments, implementation of advanced ORAM
constructions, quantum-computer resilicient r-time signatures,
efficient digital signatures, and cost/benefit analysis of PETs.
The objective of this assignment is twofold:
(i) To identify critical technology
trends and innovation paths in network security, it is very important
where to look for the state-of-art developments. This assignment will
students to learn the top venues in security and privacy field and
activities on important topics.
(ii) Students will gain experience
on presenting advanced research topics and papers,
which is an invaluable skill for
industry and academia.
topics include but not
The Instructor will assign a topic to a student from the above list.
The student then may select one or two papers of that they
prefer from top cryptography or network security
conferences/journals. The papers must be discussed with the Instructor
topics in privacy-preserving data mining
analysis of PETs and secure data outsourcing
(OS, mobile) security
look for Rank 1 or Rank 2 only. The selected paper(s)
be recently (e.g., 2012-2015) published, unless it
useful list is:
presentations are an
essential part of this course and will be evaluated strictly. There are
aspects that will help students to deliver a good
some cases, the slides of the research papers are available at
conference or author(s)'s websites. Moreover, it may be even possible
to obtain the slides from authors directly (if requested sufficiently
early and politely), if they are not publicized. Students are
allowed to utilize such existing slides. This will allow
students to focus on the content and best possible delivery.
you cannot find the slides of your favorite paper, please do not
hesitate to make your own slides. This would be an excellent learning
experience. A good presentation prepared from
scratch may receive extra credit if
the presentation is successful.
Responsibilities of the
presenter (not just a presentation, but a lecture!):
Note that 75-80 minutes is a plenty of time. Instead of presenting two
papers independently, the presenter must follow a strategy that will
turn these paper presentations into a cohesive lecture.
That is, if needed, the presenter may present only one paper, but
before that spend half hour on required preliminaries and math
concepts, which are needed to fully understand the paper. In addition
to this, the presenter must prepare the following:
- Providing Material Timely: The
selected paper and slides must be provided to the instructor
on time (%50 will be deduced otherwise). This is important to allow the
audience to know the material beforehand and prepare her/his
questions/feedback properly (see below Q&A session).
- Finishing Timely:
In any industrial presentation (e.g., presentations for
upper-management or project managers) or academic talk (e.g.,
conference presentations, thesis exams), "not finishing on time" is
perceived very negatively. It is considered as being disrespectful to
other presenters as well as the audience. This aspect of the
presentation will be graded rigidly (over-timed presentations will be
common timing practice in respected conferences is (generally) 25
minutes. You can use 21 (or 22) minutes for the presentation itself and
4 (or 3) minutes for Q&A session.
- Understanding and Delivery: It
is vital for student to emphasis the main idea (i.e., intuition) behind
the selected paper. The student must understand any
mathematical transformation and algorithm that she/he
presents. The presentation must ensure the clarity, each slide and each
bullet item must deliver a specific message. All these messages can be
supported with visuals and animations (not excessively). Explanations
on the board to support the slides are also acceptable. There are
common mistakes that must be avoided at all cost (absolutely not to do list):
bulk sentences or paragraphs from the paper and then just reading them,
sentences from the paper and repeating it (without
understanding the concept),
turning your back to the audience without zero eye contact and reading
slides as if reading the paper itself,
complex math equations without understanding or explaining them,
the above (and similar) obvious mistakes defeat the whole purpose of
giving an in-class presentation (it is better for the audience to read
the paper herself/himself instead of wasting time to listen
such a presentation). These kinds of presentations will naturally
receive a bad grade.
- Q&A Session and Feedback:
Each student must read the paper and slides before coming to the class,
and prepare a set of question (3 to 5 questions). Some of these
questions will be addressed during 3-4 minutes Q&A session.
Remaining questions will be compiled in the class and provided to the
presenter (or send your questions via email, cc the Instructor if you
wish). The presenter is responsible to answer to those questions.
Answers could be brief like a paragraph. Each student will also
evaluate the presentation (and this will be a certain part of grading).
Please give a grade in rage (1-5, 5 is the highest) for the following
criteria: (i) clarity, (ii) explaining intuition/main idea, (iii)
understanding the paper, (iv) effective delivery, (v) quality of
slides, (vi) timing. Please also provide "confidential comments" to the
presenter about how she/he could improve the presentation (be fair and
- Rehearsal before presentation: Rehearsals
are the best way to avoid common mistakes and deliver a good
presentation. Giving a presentation without practice will be noticed
immediately and will leave a bad impression on the audience. Please
practice well before your own presentation.
Depending on the size of class, the students may give just one or two
presentations. The grades for such case will be adjusted
presenter is encouraged to create three comprehensive questions on the
topic. These questions are comprehensive questions, which can
considered as a homework/take-home question on this concept. Examples
of such questions can be seen during the assigned take-homes. This may
include asking about specific algorithmic modifications, formula
evaluations, analysis of the concept/algorithms and more. While
preparing such a question is difficult, it can be very rewarding from
the learning perspective, and you will receive extra credit for this.
Both questions and their detailed answers must be provided to the
Instructor latest one-week after the presentation. The quality of the
questions will be evaluated.
Students must send their "selected paper" latest
to the instructor for consent and feedback. The
slides of the presentation must be provided to the instructor
week (or earlier) before from the
actual presentation so that it will be made available in course
Optional: Students must work individually
unless otherwise specified. For the collaborative problems (if it is
assigned), you may form a team of 2 person (only students in this
class) to work together. After discussing the problems, please write up
your answers individually.
Indicate the names of the other members in your team.
basic grading policy is as
• In-class paper presentations (35% each
presentation, total %30, extra
credit is possible)
• Research project (55%) (extra credit is possible
deliveries, may supersede survey/scouting report for promising
Please see Syllabus
• Class attendance, participation/discussions (%10)
• Take-home assignments
(. %) (optional, late take-homes are not accepted)
Grading will work in
favor of the student as long as she/he shows a full
commitment, which is quantified by regular progress and