CS 898AB: Privacy Enhancing Technologies, Spring 2017

 

Instructor:

Murtuza Jadliwala

Department:

Electrical Engineering and Computer Science

Office Location:

242JB

Telephone:

316-978-3729

Email:

Murtuza.jadliwala@wichita.edu

Preferred Method of Contact:

In person during office hours (right after class) or email

 

Office Hours:

TR 1:30 - 2:30 pm

 

Classroom; Days/Time:

261JB; TR 9:30—10:45AM

Prerequisites:

CS 736 and CS 766 or CS 767

 

 

 

 

General University Policies

Some general university policies pertaining to all syllabi can be found at: 

https://webs.wichita.edu/?u=ofdss&p=/students/syllabusinformation/

 

Academic Honesty

Any evidence of academic dishonesty (or plagiarism), including copying of presentations or reviews (from other students or from online sources), copying or dissemination of projects and cheating during quizzes, will be treated with utmost seriousness.

 

First offense will result in a zero on the assignment/project/exam/quiz in question. Those who are involved the second time will automatically receive an F grade for the course; this applies to ALL the parties involved (including the ones who help/show). It is your responsibility to protect your computer files (by setting appropriate access protection) and printouts. Students are responsible for knowing and following the Student Code of Conduct http://webs.wichita.edu/inaudit/ch8_05.htm and the Student Academic Honesty policy http://webs.wichita.edu/inaudit/ch2_17.htm. The University Academic Honesty Policy can also be found in the WSU Student Handbook.

 

Course Description

Due to the recent advances in networking and communication technology and the tremendous popularity of context-based applications such as online social networks, online advertisement and location-based services, privacy of online users' communication and context is constantly at risk. Newer cyber-physical technologies, including smart-grids and advanced metering infrastructures, wireless medical devices, body area networks, wearable sensors and smart-home sensor systems promise exciting context-based systems and applications, but can be highly intrusive to the end-users' privacy. This research-focused course is geared towards achieving the following educational objectives:

1.       Students will develop a strong understanding of the theoretical foundations and practical implementations of privacy enhancing technologies in the areas of web anonymity, location privacy, data privacy and social network privacy.

2.       Students will be exposed to the state-of-the-art research being accomplished in the above areas, as well as in upcoming cyber-physical systems such as smart grids, wireless medical devices and smart sensor systems.

3.       Students will be trained to conduct independent research on the above topics and advance the current state-of-the-art in privacy enhancing technologies.

Credit hours: 3.0. Lecture hours: 3.0.

 

Definition of a Credit Hour

Success in this 3 credit hour course is based on the expectation that students will spend, for each unit of credit, a minimum of 45 hours over the length of the course (normally 3 hours per unit per week with 1 of the hours used for lecture) for instruction and preparation/studying or course related activities for a total of 135 hours.

 

Measurable Student Learning Outcomes: Graduate level

After passing this course, students will be able to:

1). Analyze the main privacy threats in context-based web applications such as online social networks, online advertisement and location-based services.

2). Analyze protection mechanisms and countermeasures to overcome these privacy threats.

3) Summarize state-of-the-art research results in the area of privacy and privacy enhancing technologies, both orally and in a written form.

4). Develop programs and systems to implement new privacy enhancing technologies.

 

Required Texts

No text is required. Content of this course is based on publicly archived and accessible research papers.

 

Grading Policy

Your letter grade will be based on the following components: Total out of 100%

Reviews – 40%

Class Participation and Presentation – 20%

Class quizzes – 10%

Course Project – 30% (Project proposal – 10%, Project presentation – 10% and Final project report - 10%)

 

The final letter grade for the course will be assigned based on the following distribution of the obtained grades.

Percentage obtained

Letter grade & GPA

>= 85

A & 4.0

>= 80 and < 85

B+ & 3.33

>= 75 and < 80

B & 3.0

>= 70 and < 75

B- & 2.67

>= 60 and < 70

C & 2.0

< 60

F & 0.0

 

Course Announcements and Updates

All course related announcements will be posted on the course webpage (http://www.cs.wichita.edu/~jadliwala/CS898AB/cs898ab.htm) and on the Blackboard course page. Students are expected to, and are responsible for, regularly monitoring both the course webpage and the Blackboard page for course-related updates and announcements. Please enable the e-mail feature of Blackboard in order to receive e-mail updates whenever new content/announcement is posted.

 

Reading Assignments

Each week students are expected to read and be prepared with all the assigned discussion papers for that week (see the above schedule!). Students who are not prepared, and who do not participate in the discussion of the paper presented in the class, risk missing the class participation points for that week (see next).

 

Class Participation and Presentations:

All paper presentations after week 2 will be done by the students. Students are expected to prepare 30-40 minute long conference type presentations that comprehensively describe the research paper. Please see a sample here to get an idea of how such presentations should be prepared. Presentations need to be prepared by the students from scratch and students may not re-use existing presentations made available by the authors or others. Reusing other’s presentation without explicit permission from their authors and the instructor would be considered as cheating and will be dealt according to the course’s and University’s plagiarism and cheating policies (see below the guidelines on cheating). The presentation should also discuss advances in the state-of-the-art on the topic being presented in the paper. 

 

After the presentation, the presenter should engage the entire class in a productive discussion on the topic being presented. Students who are not presenting on a particular day are expected to participate in the discussions on the paper both during and after the presentation. Attendance will be taken during every class.

 

Students will need to claim papers for presentation during the first week. Based on these claims, the instructor will assign specific papers to students. Details of this will be discussed in the class. The schedule above will be updated every week with the presenters for that week. Please keep watching this webpage for updates on the schedule.

 

 

Review Assignments

All students are expected to complete a maximum two-page review of the papers discussed in the previous week. This review will be due on Friday of every week through safeAssign (on Blackboard), as outlined in the schedule above. All reviews are expected to be completed individually and should clearly describe the main contributions of the papers, details of the proposed privacy attacks or privacy-enhancing technology and summarize the results. A short critique of the papers is also expected in the review assignments. No late review assignment beyond the official deadline will be accepted (and graded) and will automatically receive zero points.

Review assignments with approximate content and due dates are as follows:

 

Assignment 1 (Feb 5): Introduction to PETs for Web; covers Outcomes 1, 2 and 3.

Assignment 2 (Feb 12): Anonymous Communications; covers Outcomes 1, 2 and 3.

Assignment 3 (Feb 19): Censorship Resistance; covers Outcomes 1, 2 and 3.

Assignment 4 (Feb 26): Privacy in P2P Systems; covers Outcomes 1, 2 and 3.

Assignment 5 (Mar 4): Privacy in Online Social Networks; covers Outcomes 1, 2 and 3.

Assignment 6 (Mar 11): Private Computations; covers Outcomes 1, 2 and 3.

Assignment 7 (Mar 25): Privacy in Internet/Mobile Advertisement; covers Outcomes 1, 2 and 3.

Assignment 8 (Apr 1): Privacy in Location-based Services; covers Outcomes 1, 2 and 3.

Assignment 9 (Apr 8): Smart-Grid Privacy; covers Outcomes 1, 2 and 3.

Assignment 10 (Apr 15): Privacy against Tracking Attacks; covers Outcomes 1, 2 and 3.

Assignment 11 (Apr 22): Privacy Applications in Health; covers Outcomes 1, 2 and 3.

Assignment 12 (Apr 29): Privacy Loss through Side-Channels; covers Outcomes 1, 2 and 3.

 

The review assignments together count for 40% of your overall grade.

 

Projects

All students are expected to complete a course project on a topic similar to the topics discussed in this course. Projects can be of three types: i) survey project, ii) implementation project, iii) research project. Details of the project expectations will be discussed by the instructor on the first day of the course. This project can be completed individually or in a group of maximum two students. Students should finalize a project topic by closely working with the instructor. There are three project-related deadlines that students should be aware of. A one-page project pre-proposal is due on February 26th. This pre-proposal should succinctly describe the project idea and needs to be approved by the instructor. Please note that the project pre-proposals are not graded. Following this, a maximum three-page detailed project proposal (of the approved pre-proposal) is due on April 1st. The project-proposal should clearly outline the tasks that the student/group plans to undertake and the expected project outcomes. A final project report should consist of an original conference quality project write-up, which is due on May 12th 2016. Project proposals and final project reports will be graded. Any form of cheating or plagiarism detected in the submitted project reports will be dealt with according to the course and University policies on plagiarism.

 

Students are also expected to make a presentation of their course project during the week of May 1st. The exact presentation schedule and slots will be decided later. Project covers outcomes 1, 2, 3 and 4.

 

Quizzes

There will be occasional short quizzes in the class, which will be announced a week in advance. There will be no make-up quizzes, unless there is a STRONG well-documented reason for missing the quiz, for example, medical emergency or illness.

 

Important Academic Dates

For the Spring semester 2017, classes begin Jan 17, 2017, and end May 4, 2017.  The last date to drop a class and receive a W (withdrawn) instead of F (failed) is March 31, 2017. The final exam period is May 6-11, 2017.

 

Tentative Schedule

Week

Dates

Topics

Submission Dates

1

Jan 17 -20

·         Course Introduction and Expectations (Instructor)

·         Privacy Terminology: “Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management – A Consolidated Proposal for Terminology”, Andreas Pfitzmann and Marit Hansen (Instructor)

·         No review due

·         Jan 19 – Murtuza Jadliwala (slides)

2

Jan 23-27

Introduction to PETs for the Web

·         “Privacy-enhancing Technologies for the Internet”, I. Goldberg, D. Wagner, E. Brewer, IEEE Spring COMPCON, 1997. (Instructor)

·         “Privacy-enhancing technologies for the Internet, II: Five years later”, Ian Goldberg, PET 2002. (Instructor)

·         “Privacy-enhancing technologies for the Internet III: Ten years later”,
Ian Goldberg, “Digital Privacy: Theory, Technologies and Practices", Alessandro Acquisti, Stefanos Gritzalis, Costas Lambrinoudakis, and Sabrina De Capitani di Vimercati, editors, 2007 (Instructor)

·         “Untraceable electronic mail, return addresses, and digital pseudonyms”, David Chaum, Communications of the ACM, 1981 (Instructor)

·         No review due

·         Jan 24 – Murtuza Jadliwala (slides)

·         Jan 26 – Murtuza Jadliwala (slides)

3

Jan 30 - Feb 3

Anonymous Communications

·         “Tor: The Second-Generation Onion Router”, Roger Dingledine, Nick Mathewson, Paul Syverson, USENIX Security, 2004. (Alexander Truong)

·         “HORNET: High-speed Onion Routing at the Network Layer”, Chen Chen, Daniele Enrico Asoni, David Barrera, George Danezis, Adrian Perrig, ACM CCS, 2015. (Srikanth Kumar)

·         Wk 2 review due Feb 3rd.

·         Jan 31 – Alexander Truong (slides)

·         Feb 2 – Srikanth Kumar (slides)

4

Feb 6-10

Censorship Resistance

·         “The Parrot is Dead: Observing Unobservable Network Communications”, Amir Houmansadr, Chad Brubaker, Vitaly Shmatikov, Oakland Security and Privacy (S&P), 2013. (Nelson Mandela)

·         “TapDance: End-to-Middle Anticensorship without Flow Blocking”, E Wustrow, CM Swanson, JA Halderman, USENIX, 2014. (Sultan Moukli)

·         Wk 3 review due Feb 10th.

·         Quiz 1 on Feb 7th.

·         Feb 7 – Nelson Mandela (slides)

·         Feb 9 – Sultan Moukli (slides)

 

5

Feb 13-17

Privacy in P2P Systems

·         “Vanish: Increasing Data Privacy with Self-Destructing Data”, Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy, Henry M. Levy, USENIX Security, 2009. (Sintayehu Garedew)

·         “Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs”, Scott Wolchok, Owen S. Hofmann, Nadia Heninger, Edward W. Felten, J. Alex Halderman, Christopher J. Rossbach, Brent Waters, Emmett Witchel, NDSS, 2010. (Jose Crosa)

·         Wk 4 review due Feb 17th.

·         Feb 14 – Sintayehu Garedew (slides)

·         Feb 16 – Jose Crosa (slides)

 

6

Feb 20-24

Privacy in Online Social Network

·         “De-anonymizing Social Networks”, Arvind Narayanan, Vitaly Shmatikov, Oakland Security and Privacy (S&P), 2009 (Humam Nameer)

·         “Community-Enhanced De-anonymization of Online Social Networks”, S Nilizadeh, A Kapadia, YY Ahn, ACM CCS, 2014. (Adam Sweeney)

·         “LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships”, C Liu, P Mittal, NDSS, 2016. (Adam Sweeney)

·         Wk 5 review due Feb 24th.

·         Project pre-proposals due on Feb 26th.

·         Feb 21 – Humam Nameer (slides)

·         Feb 23 – Adam Sweeny (slides1, slides2)

 

7

Feb 27- Mar 3

Private Computations

·         “On the Computational Practicality of Private Information Retrieval”, Radu Sion, Bogdan Carbunar, NDSS, 2007. (Sultan Moukli)

·         “M2R: Enabling Stronger Privacy in MapReduce Computation”, A Dinh, P Saxena, EC Chang, BC Ooi, C Zhang, USENIX, 2015. (Raveen Wijewickrama)

·         Wk 6 review due Mar 3th.

·         Quiz 2 on Mar 2nd.

·         Feb 28 – Sultan Moukli (slides)

·         March 02 – Raveen Wijewickrama (slides)

 

 

8

Mar 6-10

Privacy in Internet/Mobile Advertisement

·         “Adnostic: Privacy Preserving Targeted Advertising”, Vincent Toubiana, Arvind Narayanan, Dan Boneh, Helen Nissenbaum, Solon Barocas, NDSS, 2010. (Humam Nameer)

·         “Privacy-Aware Personalization for Mobile Advertising”, Michaela Hardt and Suman Nath, ACM CCS, 2012. (Michael Clegg)

·         Wk 7 review due Mar 10th.

·         Mar 07 – Humam Nameer (slides)

·         March 09 – Michael Clegg (slides)

9

Mar 13-17

Privacy in Location-based Services

·         “Preserving privacy in GPS traces via uncertainty-aware path cloaking”, B. Hoh, M. Gruteser, H. Xiong, and A. Alrabady. ACM CCS, 2007. (Solomon Njorombe)

·         “Quantifying Location Privacy”, Reza Shokri, George Theodorakopoulos, Jean-Yves Le Boudec, Jean-Pierre Hubaux. Oakland Security and Privacy (S&P), 2011. (Solomon Njorombe)

·         Wk 8 review due Mar 17th.

·         Mar 14 – Solomon Njorombe (slides)

·         Mar 16 – Solomon Njorombe (slides)

 

Mar 20-24

No lectures, Spring break;

·         No review due.

10

Mar 27-31

Smart-Grid and IoT Privacy

·         “Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems”, Ishtiaq Rouf, Hossen Mustafa, Miao Xu, Wenyuan Xu, Rob Miller, Marco Gruteser, ACM CCS, 2012. (Subramanya Holla)

·         “Security Analysis of Emerging Smart Home Applications”, Earlence Fernandes, Jaeyeon Jung, Atul Prakash, 37th IEEE Symposium on Security and Privacy (Oakland S&P), May 23-25, 2016, San Jose, CA. (Michael Clegg)

·         “Multimedia Content Identification through Smart Meter Power Usage Profiles”, Ulrich Greveler, Benjamin Justus, Dennis Loehr, in Computers, Privacy and Data Protection (CPDP), 2012. (Kiran Kumar Surapathi)

·         Project Proposals due on Apr 1st.

·         Quiz 3 on Mar 28th.

·         Wk 9 review due Mar 31st.

·         Mar 28 – Subramanya Holla (slides)

·         Mar 30 – Michael Clegg (slides)

·         Mar 30 – Kiran Kumar (slides)

11

Apr 3-7

Privacy against Tracking Attacks

·         “Elastic Pathing: Your Speed is Enough to Track You”, Xianyi Gao, Bernhard Firner, Shridatt Sugrim, Victor Kaiser-Pendergrast, Yulong Yang, and Janne Lindqvist, ACM UbiComp, 2014. (Nelson Mandela)

·         “PowerSpy: Location Tracking using Mobile Device Power Analysis”, Yan Michalevsky, Aaron Schulman, Gunaa Arumugam Veerapandian, Dan Boneh, and Gabi Nakibly, USENIX Security, 2015. (Sintayehu Garedew)

·         “Track Me If You Can: On the Effectiveness of Context-based Identifier Changes in Deployed Mobile Networks”, Laurent Bindschaedler, Murtuza Jadliwala, Igor Bilogrevic, Imad Aad, Philip Ginzboorg, Valtteri Niemi, and Jean-Pierre Hubaux, NDSS, 2012. (Siddartha Ailuri)

·         Wk 10 review due Apr 7th.

·         Apr 4 – Sintayehu Garedew (slides)

·         Apr 6 – Nelson Mandela (slides)

·         Apr 6 – Siddartha Ailuri (slides)

 

12

Apr 10-14

Privacy Applications in Health

·         “Efficient Genome-Wide, Privacy-Preserving Similar Patient Query based on Private Edit Distance”, Xiao Wang, Yan Huang, Yongan Zhao, Haixu Tang, Xiaofeng Wang, and Diyue Bu, ACM CCS 2015. (Raveen Wijewickrama)

·         “Privacy-Preserving Deep Learning”, Reza Shokri, Vitaly Shmatikov, ACM CCS, 2015. (Srikanth Kumar)

·         Wk 11 review due Apr 14th.

·         Apr 11 – Raveen Wijewickrama (slides)

·         Apr 13 – Srikanth Kumar (slides)

13

Apr 17 -21

Privacy Loss through Side-Channels

·         “ACComplice: Location Inference using Accelerometers on Smartphones”, Jun Han, Emmanuel Owusu, Le T. Nguyen, Adrian Perrig, Joy Zhang, IEEE COMSNETS, 2012. (Kiran Kumar Surapathi)

·         “Smartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms”, Anindya Maiti, Oscar Armbruster, Murtuza Jadliwala, and Jibo He, ACM ASIACCS, 2015. (Jose Crosa)

·         Wk 12 review due Apr 21st.

·         Quiz 4 (April 20th)

·         Apr 18 – Kiran Kumar Surapathi (slides)

·         Apr 20 – Jose Crosa (slides)

 

14

Apr 24 -28

Mobile and Wearable Side-Channels Continued

·         “Gyrophone: Recognizing speech from gyroscope signals”, Yan Michalevsky, Dan Boneh, and Gabi Nakibly, USENIX Security, 2014. (Alexander Truong)

·         “Leave Your Phone at the Door: Side Channels that Reveal Factory Floor Secrets”, Avesta Hojjati, Anku Adhikari, Katarina Struckmann, Edward J. Chou, Thi Ngoc Tho Nguyen, Kushagra Madan, Marianne S. Winslett, Carl A. Gunter, and William P. King, ACM CCS, 2016. (Subramanya Holla)

·         “(sp)iphone: Decoding vibrations from nearby keyboards using mobile phone accelerometers”, Philip Marquardt, Arunabh Verma, Henry Carter, and Patrick Traynor, ACM CCS, 2011. (Siddartha Ailuri)

·         Wk 13 review due Apr 28th.

 

 

 

 

 

                              

15

May 1-5

Miscellaneous Side-Channel Attacks

·         “Listening through a Vibration Motor”, Nirupam Roy and Romit Roy Choudhury, ACM MobiSys, 2016. (Mohsin Thara)

·         “My Smartphone Knows What You Print: Exploring Smartphone-based Side-channel Attacks Against 3D Printers”, Chen Song, Feng Lin, Zongjie Ba, Kui Ren, Chi Zhou, Wenyao Xu, ACM CCS, 2016. (Atiyeb Anjum)

 

·         Quiz 5 (May 2nd).

 

16

Tuesday, May 9

Final Project Presentations

 

 

·         Final project report due May 12th.