Introduction to Computer Security
NYU Paris


CSCI-UA.9480

Welcome, Fall 2019 Students!

I believe that computer security is an exciting field that combines computer science, mathematics, global politics, but also a large dose of the human elements of intrigue, curiosity and thinking outside the box. I hope that by the end of this course, you too will develop an interest in what the world of computer security has to offer.

I strongly recommend that you bookmark this website for the duration of the course and that you visit it regularly.

See you in class,
Professor Nadim Kobeissi

Course Description

Technology increasingly permeates every aspect of our lives, including communication, finance and health. The security of the computer systems that enable these services has become a critical issue. This course will cover basic principles of computer security and security engineering. It will introduce fundamental computer security concepts, principles, and techniques. It will also cover notions of real-world cryptography, the mathematical building blocks that underlie any digital security construction. This course will focus on security from an attacker's perspective (threat modeling) and the defender's perspective (building and deploying secure systems). Specific topics will include operating system security, network security, web security, applied cryptography, security economics and security psychology. Course projects will focus both on writing secure code and exploiting insecure code.

Course Goals

Upon completion of this course, students will be able to:

  • Understand the principles of the cryptographic constructions underlying modern computer security.
  • Acquire knowledge in important security topics such as operating system security, network security, web security, security economics and security psychology.
  • Write secure code and exploit insecure code from an attacker’s perspective (threat modeling) and the defender’s perspective (building and deploying secure systems).

Prerequisites

CSCI-UA.0201 (Computer Systems Organization) and experience with web programming. Recommended prerequisite courses include CSCI-UA.0202 (Operating Systems), and CSCI-UA.04809-009 (Computer Networks).

Administrative Links

  • Instructor: Professor Nadim Kobeissi (nk76@nyu.edu)
  • Lectures: Mondays and Wednesdays, 4:00pm to 5:15pm. Room 4.06.
  • Recitations: Mondays, 5:30pm to 7:00pm. Room 4.06.
  • Term Dates: September 2, 2019 until December 13, 2019.
  • Office Hours: Email me to make an appointment.
  • Online Resources: Discussion Group.

Syllabus and Course Schedule

A PDF copy of the Fall 2019 syllabus is available.

Part 0: Introduction and Threat Modeling

  • 0.1: Introduction and Threat Modeling (slides)
    • Security Engineering, Chapter 1
    • Serious Cryptography, Chapter 1
    • An Introduction to Approachable Threat Modeling

Part 1: Cryptography

  • 1.1: One-Way Functions and Hash Functions (slides)
    • Security Engineering, Chapter 3
    • Security Engineering, Chapter 6
  • 1.2: Symmetric Key Encryption (slides)
    • Serious Cryptography, Chapters 3, 4, 5
  • 1.3: Public Key Cryptography and Randomness (slides)
    • Serious Cryptography, Chapters 9, 11, 12, 2
  • 1.4: Transport Layer Security (slides)
    • Serious Cryptography, Chapter 13
    • Let's Encrypt: How It Works
    • The New Illustrated TLS Connection
  • 1.5: Usable Security and Secure Messaging (slides)
    • Security Engineering, Chapter 2
    • 15 Reasons not to Start Using PGP
    • State of Knowledge: Secure Messaging
    • Automated Verification for Secure Messaging Protocols and their Implementations: A Symbolic and Computational Approach
    • More is Less, On the End-to-End Security of Group Chats in Signal, WhatsApp and Threema
  • 1.6: Attacking Cryptographic Systems (no slides)
    • Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS and Other Systems
    • Remote Timing Attacks are Practical
    • Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH
    • On the Practical (In-)Security of 64-bit Block Ciphers
    • Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
    • DROWN: Breaking TLS using SSLv2
  • 1.7: Cryptocurrencies, Blockchains, Smart Contracts (slides)
    • Bitcoin and Cryptocurrency Technologies, Chapters 1, 2
    • The Idea of Smart Contracts
  • 1.8: E-Voting and Other Modern Uses of Cryptography (slides)
    • E-Voting Crypto Protocols
    • The Remote Voting Minefield: from North Carolina to Switzerland

Part 2: Network Security

  • 2.1: Networking Basics, IP, TCP and DNS (slides)
    • Security Engineering, Chapter 21
    • An Introduction to Computer Networks, Chapters 1, 22
    • An Introduction to Computer Networks, Chapter 7
    • How DNSSec Works
  • 2.2: Denial of Service (slides)
    • Security Engineering, Chapter 21.2
    • Understanding the Mirai Botnet
    • How Netflix DDoSd Itself to Help Protect the Entire Internet
  • 2.3: Designing Secure Network Systems (slides)
    • How does Apple (Privately) Find Your Offline Devices?
  • 2.4: New Secure Protocols (slides)
    • Noise Explorer
  • Midterm Exam

Part 3: Software Security

  • 3.1: Understanding and Preventing Vulnerabilities (slides)
    • Software Security Knowledge Area
  • 3.2: Control Flow Hijacking (slides by Cătălin Hriţcu, used with permission)
    • Security Engineering, Chapter 4.4
    • Low-level Software Security: Attacks and Defenses
  • 3.3: Systems Security and Isolation (slides)
    • Security Engineering, Chapter 4.3
    • Security in Ordinary Operating Systems
    • Apple T2 Security Chip Overview
  • 3.4: Mobile Security (slides and more slides by John Mitchell and Dan Boneh, used with permission)
    • iOS Security Guide
    • Android Security: 2017 Year In Review
    • Google Blog: Titan M Makes Pixel 3 our Most Secure Phone Yet
  • 3.5: Meltdown and Spectre: Diving Into Hardware Vulnerabilities (slides)
    • Meltdown: Reading Kernel Memory from User Space
    • Spectre Attacks: Exploiting Speculative Execution
    • The Mysterious Case of the Linux Page Table Isolation Patches

Part 4: Web Security

  • 4.1: Browser Security Model (slides)
    • OWASP Top 10 - 2017: The Ten Most Critical Web Application Security Risks
    • Browser Security Handbook, part 1
    • Browser Security Handbook, part 2
  • 4.2: Web Application Security (slides by Alex Inführ, used with permission)
    • Introduction to Cross-Site Scripting
    • Password Storage Cheat Sheet
    • Why Don't we Follow Password Security Best Practices?
    • The unescape() Room
  • 4.3: Hybrid Runtimes: Electron and Node.js (the reading is the slides)
    • Electron Security Checklist: A Guide for Developers and Auditors
  • 4.4: Web Privacy (slides)
    • Tools from the EFF's Tech Team
    • Europe's New Privacy Law Will Change the Web, and More
  • 4.5: Spam and Abuse (slides)
    • Click Trajectories: End-to-End Analysis of the Spam Value Chain

Part 5: Security and Society

  • 5.1: Economics, Ethics and Law (slides available after class)
    • Security Engineering, Chapter 7.5
    • Vulnerability Reporting FAQ
  • 5.2: Censorship and Mass Surveillance (slides available after class)
    • Security Engineering, Chapter 24.3
    • Project Bullrun: Dual EC DRBG
  • Final Exam

Materials

Every lecture will be accompanied by outside readings that expand on what is discussed in class or present the same material in a different way. Neither the readings nor the lectures are a replacement for each other; deeply understanding the material will likely require attendance as well as reading. It is possible to read before or after class, depending on your learning style.

Aside from the textbooks and materials, students will also require their own personal computer for various parts of this course. Windows, Linux and Mac computers are all suitable.

Textbooks

Especially during Part 1 of the course, we will frequently be using Serious Cryptography by Jean-Philippe Aumasson. You may purchase this book from your local NYU Bookstore: copies have been pre-ordered for students. We will also be using the freely available textbook Security Engineering by Ross Anderson.

Online Readings

Interactive Learning Tools

Assignments

Problem Sets are scheduled evenly throughout the course to help you assess your understanding of the material thus far. Recitations give you chances to get real-world experience in designing and breaking digital security systems.

Problem Sets

Recitation Example 1: Designing and Breaking Cryptographic Protocols

Designing your own secure messaging protocol is a challenging task, full of opportunities to learn and experiment. Your professor will be working closely with you to help you determine how such systems can be constructed. Then, it's time for you to jump to the other side and try to break the systems designed by your peers!

Part 1: Designing Your Own Secure Messaging Protocol

In this first practical assignment, you will have the exciting opportunity to design your very own secure messaging protocol. Your protocol must offer end-to-end encryption between two principals, Alice and Bob, while guaranteeing:

  • Secrecy: A message sent between Alice and Bob can only be decrypted between these principals.
  • Authenticity: If Alice receive an apparently valid message from Bob, then Bob must have sent this message to Alice.
  • Replay attack resistance: If Alice receives a valid message from Bob, the attacker cannot replay that same ciphertext to Alice at a later time.

Additionally, your protocol could also include the following optional properties:

  • Indistinguishability: If Alice randomly chooses between two messages of the same size and sends only one to Bob, an attacker cannot determine which message was sent.
  • Forward secrecy: If Alice sends a message to Bob and Alice's key state at the time of this message is subsequently compromised, all previous messages retain their Secrecy property.
  • Future secrecy: If Alice sends a first message to Bob, receives a reply from Bob, and then sends a second message to Bob, Alice's second message remains secret even if her key state for the first message is compromised.
Part 2: Finding Weaknesses in Secure Messaging Protocols

In the second stage of this practical assignment, submitted secure messaging protocols will be anonymized, shuffled and then reviewed by your peers. You too will review a peer's protocol and try to find weaknesses, bugs or outright breaks.

Part 3: Understanding the General Practice of Implementing Cryptographic Protocols

In the final stage of this practical assignment, we will choose a proposed secure messaging protocol and discuss its implementation. What are the elements we must consider when turning this protocol into code? How do we design the API? How do we manage the protocol's internal state?

The final result of your participation in all three parts will be a hands-on experience in designing, breaking, and planning the software architecture of secure messaging protocols and systems.

Recitation Example 2: Hunting for Bugs in Web Applications

Despite the fact that today's web applications are indispensable in our daily lives, many different kinds of bugs, errors and weaknesses can exist in their programming. In this practical assignment, you will audit a web application written specifically for this class and attempt to find and exploit five different bugs representing each of the types described above. Successfully exploiting all five bugs will grant you a perfect score.

Here are just a few different types of bugs that occur in web applications:

  • Cross-site scripting (XSS): a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.
  • Cross-site request forgery (XSRF): an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing.
  • Bad cryptography: a web application could use insufficient or outdated cryptographic constructions in order to protect user data. This can lead to passive attackers obtaining privileged information out of publicly available tokens.
  • Flawed authentication logic: a web application could neglect to impose restrictions on its login pages, which could lead to forced authentication through anything from brute force to crafting invalid input values that force the application to authenticate the user.
  • Injection: while XSS is a form of client-side injection, there also exist "server-side" injections that could permanently alter a web application's database, resulting in more severe consequences that could range from permanent database corruption to permanent alterations of key web application code or content.

Academic Honesty

At NYU, a commitment to excellence, fairness, honesty, and respect within and outside the classroom is essential to maintaining the integrity of our community. Plagiarism is defined as presenting others' work without adequate acknowledgement of its source, as though it were one’s own.  Plagiarism is a form of fraud.  We all stand on the shoulders of others, and we must give credit to the creators of the works that we incorporate into products that we call our own. Some examples of plagiarism:

  • A sequence of words incorporated without quotation marks or an unacknowledged passage paraphrased from another's work.
  • The use of ideas, sound recordings, computer data or images created by others as though it were one’s own.
  • Submitting evaluations of group members’ work for an assigned group project which misrepresent the work that was performed by another group member.
  • Altering or forging academic documents, including but not limited to admissions materials, academic records, grade reports, add/drop forms, course registration forms, etc.

Furthermore, my courses have a zero tolerance policy for cheating. Any instance of cheating will result in an immediate, non-negotiable grade of 0 on the pertinent assignment and a report to the university faculty:

  • Your code has to be your own. No copying code (or rewriting it line by line based on someone else's code) will be tolerated.
  • Any sharing of any answers on any assignment is considered cheating.
  • Coaching another student by helping them writing their answers line by line is also cheating.
  • Copying answers or code from the Internet or hiring someone to write your answers for you is cheating.

Explaining how to use systems or tools and helping others with high-level design issues is not cheating.

For further information, students are encouraged to check NYU's Academic Integrity Policy.