The following links elaborate on topics that will be covered in lecture, as well as many topics that would make excellent presentation subjects.  It’s by no means a complete list, and will be continuously updated--- if you’d like to add something, please let me know.

Protocols

1. • Crosby, Goldberg, Johnson, Song, Wagner: Cryptanalyzing HDCP (2001)
   

2. • Wagner, Schneier: Analysis of the SSL 3.0 Protocol
   

3. • Lucks, Schuler, Tews, Weinmann, Wenzel: Security of DECT
   

4. • Kohno: Analysis of WinZip Encryption
   

5. • Stubblefield, Ioannidis, Rubin: Breaking WEP
   

6. • Bellare, Kohno, Namprempre: Breaking and Repairing SSH
   

7. • Burrows, Abadi and Needham: A Logic of Authentication
   

8. • DTLA: DTCP Additional Localization Protocol
   

Side Channel Attacks

1. • Bar-el: Introduction to Side Channel Attacks (white paper)
   

2. • Kocher: Timing attack on RSA & DL systems
   

3. • Brumley, Boneh: Remote Timing Attacks are Practical
   

4. • Bernstein: Cache Timing Attack on AES.  Osvik, Shamir, Tromer: Attacks and Countermeasures
   

5. • Eisenbarth, Kasper, Moradi, Paar, Salmasizadeh, Shalmani: Attacking KeeLoq (SpringerLink)
   

6. • Shamir, Tromer: Acoustic Cryptanalysis
   

7. • Pellegrini, Bertacco, Austin: Fault-Based Attack of RSA Authentication
   

8. • Aciicmez, Koc, Seifert: Branch Prediction Analysis (very advanced)
   

Dictionary Attacks: Optimization & Mitigation

1. • Alexander: Password Protection for Modern OSes
   

2. • RSA Laboratories: PKCS #5 2.0: Password-Based Cryptography Standard
   

3. • Provos and Mazières: “Future-adaptable” password schemes
   

4. • Stamp: Once Upon a Time Space Tradeoff
   

5. • Oeschslin: Rainbow Tables (includes papers & demo)
   

6. • Canetti, Halevi, Steiner: Mitigating (offline) Dictionary Attacks with Reverse-Turing Tests
   
   Securing Internet Infrastructure
   
   

7. • Jackson, Barth, Bortz, Shao, Boneh: Protecting Browsers from DNS Rebinding Attacks
   

8. • Kaminsky: It’s the End of the (DNS) Cache As We Know It (Black Hat 2008 - 101MB)
   

9. • DNSSEC.net: DNS Security Extensions (standards & resources)
   

10. • Ptacek: A case against DNSSEC
    

11. • Kent, Lynn and Seo: Secure BGP
    

12. • BBN.com: Secure BGP resources
    

Digital Rights Management & Conditional Access

1. • Lawson: Designing and Attacking DRM (presentation)
   

2. • Edwards: A technical description of the Content Scrambling System (CSS)
   

3. • Henry, Sui, Zhong: Overview of AACS --- and full AACS Specification
   

4. • ISE: A Comparison of SPDC (technology behind BD+) and AACS (2005)
   

5. • Craver, Wu, Liu, Stubblefield, Swartzlander, Wallach, Dean, Felten: Watermarking & SDMI
   

6. • Kuhn: Analysis of the Nagravision Video Scrambling Method (analog scrambling)
   

7. • Naor, Naor and Lotspiech: Revocation and Tracing Schemes for Stateless Receivers
   

Software, Physical Security, Backdoors

1. • Halderman et al.: Cold Boot Attacks on Encryption Keys & RSA Key Reconstruction
   

2. • Young, Yung: Cryptovirology: extortion-based security threats and countermeasures (IEEE)
   

3. • Dowd: Application-Specific Attacks: Leveraging the ActionScript Virtual Machine
   

4. • Steil: 17 Mistakes Microsoft Made in the XBox Security (2005)
   

5. • Bartolozzo et al.: Attacking and Fixing PKCS#11 Security Tokens
   

6. • Bardou et al.: Efficient Padding Oracle Attacks on Cryptographic Hardware
   

Privacy and Anonymity

1. • Dingledine, Mathewson, Syverson: Tor: The Second Generation Onion Router
   

2. • McCoy, Bauer, Grunwald, Kohno, Sicker: Analyzing Tor Usage
   

3. • Murdoch, Danezis: Low-cost Traffic Analysis of Tor
   

4. • Murdoch: Hot Or Not: Using clock skew to locate hidden services
   

5. • Wang, Chen, Jajodia: Tracking Anonymized VoIP Calls
   

Hash Functions and Random Oracles

1. • Coron, Dodis, Malinaud, Puniya: Merkle-Damgård Revisited
   

2. • Wang, Yu: How to break MD5 and other hash functions
   

3. • Stevens, Lenstra, de Weger: Target collisions for MD5
   

4. • Kaminsky: MD5 To Be Considered Harmful Someday
   

5. • Sotirov et al.: MD5 considered harmful today (building a rogue CA cert)
   

6. • Wang, Yin, Yu: SHA1 broken (at least, on its way...)
   

7. • NIST: “SHA3” competition: list of first round candidates (December 2008)
   

8. • Canetti, Goldreich, Halevi: Random oracles revisited, and...
   

9. • Bellare, Boldyreva, Palacio: A more natural uninstantiable Random-Oracle-Model scheme
   

10. • Coron, Patarin, Seurin: The random oracle model and the ideal cipher model are equivalent
    

11. • Bellare, Canetti, Krawczyk: HMAC
    

Symmetric Crypto

1. • Bellare, Namprempre: Authenticated encryption, generic composition
   

2. • Ferguson: Authentication weaknesses in GCM.  McGrew, Viega: Response & Update.
   

Public Key Crypto

Bleichenbacher: CCA Attacks against Protocols (SSL) based on PKCS #1

Bellare, Rogaway: Optimal Asymmetric Encryption Padding (OAEP)

Manger: CCA Attacks against Implementations of OAEP

Bernstein: An Introduction to Post-Quantum Cryptography

Random Number Generation

1. • Dorrendorf, Gutterman, Pinkas: RNG Weaknesses in Windows 2000
   

2. • Gutterman, Pinkas: Flaws in the Linux RNG
   

3. • Barker, Kelsey: NIST Special Pub. 800-90: Recommendations for PRNGs
   

4. • Kelsey, Schneier, Wagner, Hall: Cryptanalytic attacks on PRNGs
   

5. • Schoenmakers, Sidorenko: Dual EC not kosher
   

6. • Shumow, Ferguson: There May Be a Backdoor in Dual EC.
   

7. • Keller: ANSI X9.31 (Block cipher-based PRNG). Various artists: FIPS 186-2 (see Appendix 3)
   

Implementation Issues

1. • Gutmann: Lessons Learned in Implementing and Deploying Crypto Software
   

2. • Berson: Security Evaluation of Skype (2005, conducted at Skype’s request)
   

3. • Biondi, Desclaux: Silver Needle in the Skype (2006, REing of Skype binary)
   

Financial Services

1. • Berkman, Ostrovsky: The Unbearable Lightness of PIN cracking
   

2. • Bond, Zieliński: Decimalisation table attacks for PIN cracking
   

3. • Murdoch, Drimer, Anderson, Bond: Chip and PIN is Broken
   

RFID and Wireless

1. • Nohl, Evans, Starbug, Plötz: Reverse-Engineering a Cryptographic RFID Tag
   

2. • Bono, Green, Stubblefield, Juels, Rubin, Szydlo: Security Analysis of TI DST Tags
   

Misc.

1. • Halperin et al.: Pacemakers and ICDs (no crypto)
   

2. • Ellis: Non-secret Encryption (historically very interesting)
   

3. • TheGrugq: Opsec for Freedom Fighters