International Summer School on Information Security

Bilbao, Spain, July 6-10, 2015

Course Description

Keynote Speakers

Jan Camenisch (IBM Research, Zurich), Privacy in a Digital World: a Lost Cause?


Summary. Our privacy is eroding at a fast past as we are increasingly using and forced to use electronic media for our daily tasks. In this talk we are argue that this is not only a privacy issue but as well a security problem. We then argue that lots of technologies that are ready to use do exists but are not used, and give a couple of examples of such technologies. We finally discuss research and other challenges that still need to be overcome to a realise a more secure and privacy preserving digital world.

Bio. Jan Camenisch is an Principal Research Staff Member at IBM Research and leads the Privacy & Cryptography research team. Jan got is PhD in cryptography in 1998 from ETH Zurich. He’s a member of the IBM Academy of Technology and an IEEE Fellow. He is a leading scientist in the area of privacy and cryptography, has published over 100 scientific papers, and has received a number of awards for his work including the 2010 ACM SIGSAC outstanding innovation award and the 2013 IEEE computer society technical achievement award.

Jan was leading the FP7 European research consortia PRIME and PrimeLife and he and his team have participated and continue to do so in many other projects including ABC4Trust, AU2EU, and Witdom. Jan currently holds an advanced ERC grant for personal cryptography.

Jennifer Seberry (University of Wollongong), The Global Village: the Beginning of the Need for Computer Security - (via videoconference)







Gene Tsudik (University of California, Irvine), Off-line Proximity-based Social Networking






Bio. Gene Tsudik is a Chancellor's Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). Over the years, his research interests included many topics in security and applied cryptography. He is the Director of Secure Computing and Networking Center (SCONCE) at UCI. Gene Tsudik is a former Fulbright Scholar and a fellow of the ACM and the IEEE. From 2009 to mid-2015 he served as the Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC).

N. Asokan (Aalto University), [intermediate] Mobile Security: Overview of Hardware Platform Security and Considerations of Usability


Summary. The first part of this course will provide an overview of hardware platform security mechanisms that are used widely in mobile devices. The second part of the course will explore usability considerations in mobile systems in general.


References. Supplementary (not mandatory) reading

Pre-requisites. Familiarity with basic concepts in security and cryptography (the equivalent of an introductory undergraduate course in information security).

Bio. N. Asokan is a professor at Aalto University and the University of Helsinki. Prior to joining academia, he spent over 15 years at leading industrial research laboratories. His research interests center on understanding how to build systems that are simultaneously secure, easy to use and inexpensive to deploy.

Jan Camenisch (IBM Research, Zurich), [introductory/intermediate] Technologies to Protect Online Privacy


Summary. Our existing and emerging electronic brings many advantages but also threatens our privacy. In this lectures we give a short overview of the relevant laws and regulations and of existing technologies that can help regaining and maintaining digital privacy. One example of such a technology are anonymous credentials. These allow for strong attribute-based authentication of users. We will first explain the high-level concepts of anonymous credentials, then provide a basic toolbox of building blocks for privacy-protecting cryptographic protocols, and then, as an example protocol, show how anonymous credentials can be realised from them. Next we will consider some applications of anonymous credentials. Finally, we will make further use of the presented building blocks tool box to add more features to anonymous credentials such as abuse protection and revocation of credentials.



Pre-requisites. Basic knowledge of number theory and of concepts of cryptography.

Bio. Jan Camenisch is an Principal Research Staff Member at IBM Research and leads the Privacy & Cryptography research team. Jan got is PhD in cryptography in 1998 from ETH Zurich. He’s a member of the IBM Academy of Technology and an IEEE Fellow. He is a leading scientist in the area of privacy and cryptography, has published over 100 scientific papers, and has received a number of awards for his work including the 2010 ACM SIGSAC outstanding innovation award and the 2013 IEEE computer society technical achievement award.

Jan was leading the FP7 European research consortia PRIME and PrimeLife and he and his team have participated and continue to do so in many other projects including ABC4Trust, AU2EU, and Witdom. Jan currently holds an advanced ERC grant for personal cryptography.

Nicolas T. Courtois (University College London), [introductory/intermediate] Security of ECDSA in Bitcoin and Crypto Currency


Summary. Introductory reading

Claude Crépeau (McGill University, Montréal), [introductory/intermediate] Quantum Computation, Cryptography and Cryptanalysis


Summary. Quantum computing is becoming an essential tool for cryptographers and their opponents. This course will introduce the students to the basics of Quantum physics required for computations, explain the principles of quantum cryptography, quantum cryptanalysis, and finally, cryptography of quantum information.

Syllabus. Quantum states, quantum measurements, quantum evolution. Error estimation, error-correcting codes, information theory and privacy amplification. Quantum computing, quantum Fourrier transform, Shor’s algorithm(s) and extensions. Encryption and Authentication of quantum data.


Pre-requisites. Secret-key cryptography, basic number theory and basic knowledge of probability theory.

Bio. Claude Crépeau is a professor in the School of Computer Science at McGill University. He received his Ph.D. in Computer Science from MIT in 1990, working in the field of cryptography. He spent two years as a Postdoctoral Fellow at Université d'Orsay, and was a CNRS researcher at École Normale Supérieure from 1992 to 1995. He was appointed associate professor at Université de Montréal in 1995, and has been a faculty member at McGill University since 1998. He was a member of the Canadian Institute for Advanced Research program on Quantum Information Processing from 2002 to 2012. Prof. Crépeau is best known for his fundamental work in zero-knowledge proof, multi-party computing, quantum cryptography, and quantum teleportation. He was nominated as a fellow of the International Association for Cryptologic Research in 2013.

Joan Daemen (ST Microelectronics Belgium, Diegem), [introductory/intermediate] Sponge Functions, Keccak and SHA-3


Summary. Since the introduction of DES by NIST in the seventies, and even more after their adoption of Rijndael as the AES in 2000, block ciphers have played a dominant role in symmetric cryptography. Even hash functions such as MD5, SHA-1 and SHA-2 use a block cipher as underlying cryptographic primitive. In 2002 it was proposed to add a feature to a block cipher called a tweak, resulting a more complex primitive but allowing the simplification of modes built on top of it.

Remarkably, in the last 10 years we have seen the return of a cryptographic primitive that is actually simpler than a block cipher: a cryptographic permutation. The permutation made its successful re-entry in schemes for stream encryption (Salsa) and MAC computation (Pelican), and after that it was also proposed as a building block for hashing, pseudorandom bit generation and even authenticated encryption. An important event in this context was the selection by NIST of Keccak as the next hash function standard SHA-3. It is based on the so-called sponge construction that generates an extendable output and forces to look at cryptographic functions from a new perspective. Later it was shown that the sponge construction can be used for quasi all symmetric cryptographic functions with modes that are at the same time simpler, more flexible and more efficient than block cipher based modes. The success of permutation-based cryptography is illustrated in the CAESAR competition for authenticated encryption, where more than a dozen permutation-based schemes have been submitted.

This mini-course will provide an introduction to permutation-based cryptography from the perspective of Keccak and the sponge construction.



Pre-requisites. Basic notions of mathematics.

Bio. Joan Daemen got his PhD in Cryptography at the Katholieke Universiteit Leuven in March 1995. He has continued to design and cryptanalyze block ciphers, stream ciphers, hash functions and permutations ever since. In 1997, he designed in collaboration with Vincent Rijmen the block cipher Rijndael that NIST selected to become the Advanced Encryption Standard (AES) in October 2000. During the 15 years that have passed, AES has become ubiquitous and it has influenced the majority of symmetric cryptography primitives designed since. Nowadays, Joan works in the Secure Microcontrollers Division of STMicroelectronics in Diegem, Belgium. There, with Guido Bertoni, Michaël Peeters and Gilles Van Assche, he formed the Keccak team, that designed of the Keccak sponge function. NIST selected selected Keccak to become the SHA-3 standard hash function in October 2012. In parallel with his crypto work, Joan designs and specifies secure microcontroller based security architectures. His work in cryptography has lead to numerous scientific publications including a book on Rijndael. Joan has also served as a jury member of about a dozen PhDs, served in numerous program committees and has given many invited talks at cryptography and security conferences.

Hervé Debar (Télécom SudParis), [introductory/intermediate] Detection and Reaction to Attacks: from Intrusion Detection to Cyber-Defense


Summary. The course will cover the history of various attack detection methods, that have historically started under the term "intrusion detection".

In very broad terms, an attack is an activity exercised over an information system that constitutes a violation of the security policy. In order for this to work, detection systems need to acquire information about the actions occuring on the information system. This is usually done by obtaining logs, execution traces or network packet traces. Various algorithms have been used to look at the various possible violations of the security policy. One of the objectives of the course will be to draw an historically complete state of the art that shows the evolution of the research activities, in relation with evolving services and attack techniques.

The course will then move onto alert correlation and security information and event management. Since detection is an extremely difficult problem to tackle in real time, various back-end technologies have been developed to collect and analyze alerts, to improve detection and incident management. In particular, we will look into data formats, as information representation is of the utmost importance to ensure that security operators provide the proper diagnosis.

Finally, the course will cover intrusion response, proposing new techniques to block attacks or contain their effects.



Pre-requisites. A good understanding of ICT: TCP/IP networking, web systems.

Bio. More details available here.

Rosario Gennaro (City University of New York), [intermediate/advanced] A Survey of Verifiable Delegation of Computation


Summary. A Delegated Computation is a protocol between a computationally weak client asks a more powerful server to run a certain algorithm A on a given input x, an approach which has been expanding in practice with the rise of the Cloud Computing paradigm and the proliferation of mobile devices. In this class we will survey methods to secure delegated computations, and in particular efficient methods for the client to verify that the result provided by the server is the correct one.

Syllabus. A survey of Probabilistically Checkable Proofs. Cryptographic protocols based on PCPs for arbitrary computations. Protocols for ad-hoc computations. Delegation of memory.

References. References will be provided during the course of the lectures.

Pre-requisites. Above the knowledge of a typical CS undergraduate major, students will be expected to have knowledge and familiarity with Cryptography and Complexity Theory.

Bio. Rosario Gennaro is a Professor of Computer Science and the Director of the Center for Algorithms and Interactive Scientific Software (CAISS) at The City College of New York. He has a 20 year research career in Theoretical Computer Science, Cryptography and Network Security. His most recent work has been focused on security for the cloud computing paradigm, deniability and anonymity in electronic transactions, identity-based cryptography and password-based authentication. Dr. Gennaro received his Ph.D. from MIT in 1996, and was a research scientist at the IBM T.J.Watson Research Center from 1996 to 2002, when he joined City College. He has published extensively in his research areas, hold 12 patents, and has been serving on many program committees.

Trent Jaeger (Pennsylvania State University, University Park), [intermediate/advanced] How to Add Security Enforcement to Legacy Programs


Summary. Despite the mantra of "program for security," functionality is the primary focus in software development. The question we explore is how to design security protections for legacy programs. In this course, we first explore the security requirements we expect programs to enforce, including control-flow integrity and authorization. We then explore methods for enforcing those security requirements and retrofitting programs, systems, and/or policies to enforce such requirements.


  1. Introduction and Security Problems
  2. Retrofitting for Control-flow Integrity
  3. Retrofitting for Program Authorization
  4. Retrofitting for System Authorization
  5. Conclusions and Future Work




Bio. Trent Jaeger is a Professor in the Computer Science and Engineering Department at The Pennsylvania State University and the Co-Director of the Systems and Internet Infrastructure Security (SIIS) Lab. Trent's research interests include systems security and the application of programming language techniques to improve security. He has published over 100 referreed papers on these topics and the book "Operating Systems Security," which examines the principles behind secure operating systems designs. Trent has made a variety of contributions to open source systems security, particularly to the Linux Security Modules framework, SELinux, integrity measurement in Linux, and the Xen security architecture. He is currently the Chair of the ACM Special Interest Group on Security, Audit, and Control (SIGSAC). Trent has an M.S. and a Ph.D. from the University of Michigan, Ann Arbor in Computer Science and Engineering in 1993 and 1997, respectively, and spent nine years at IBM Research prior to joining Penn State.

Antoine Joux (Pierre et Marie Curie University, Paris), [introductory/intermediate] Discrete Logarithms in Finite Fields


Summary. This course will cover the computation of discrete logarithms in finite fields, from the early index calculus algorithms designed in the 80s to the most recent advances concerning small characteristic finite fields.

Syllabus. Generic discrete logarithm algorithms, representation of finite fields, index calculus algorithms

Pre-requisites. Algebra : finite fields, polynomials over finite fields, elementary knowledge of function fields and number fields, solid background in algorithms

Bio. Antoine Joux currently is a professor on the chair of cryptology of the Foundation of the University Pierre et Marie Curie (Paris). He is an IACR fellow and received the Gödel prize in 2013.

Songwu Lu (University of California, Los Angeles), [introductory/intermediate] Cellular Network Security: Issues and Defenses







Catherine Meadows (Naval Research Laboratory, Washington DC), [introductory/intermediate] Formal Analysis of Cryptographic Protocols


Summary. Cryptographic protocols are the glue that holds the security of the internet together. But, since they are required to enable secure communication among principals communicating asynchronously over an insecure network controlled by a hostile intruder. they are difficult to design correctly. Indeed, there are many cases in which protocols have been found to have security problems even when the underlying crypto-algorithms are themselves secure. This has lead to the development of formal methods and tools for their verification and analysis.

One approach used in the formal verification of cryptographic protocols is to represent the cryptographic algorithms symbolically in a free algebra. This simple model has turned out to be surprisingly fruitful but is hard to apply to many popular crypto-algorithms. Thus tools are now being extended to more fine-grained models in which the crypto-algorithms may have certain algebraic properties. In this course we will give an introduction to the formal analysis of cryptographic protocols, with a focus on the Maude-NPA cryptographic protocol analysis tool, a tool designed to take algebraic properties of cryptographic algorithms into account, as an example.

The aim of this course is to give the student of a basic understanding of the theory and design principals behind these types of tools, as well as an introduction to their applications.


References (Supplementary Reading:)

Pre-requisites. Some familiarity with the way cryptoalgorithms and crypto protocols work is desirable. Previous exposure to formal methods is useful but not necessary.

Bio. Dr. Meadows is a senior researcher in computer security at the Center for High Assurance Systems at the Naval Research Laboratory (NRL), heading that group's Formal Methods Section. She was the principal developer of the NRL Protocol Analyzer (NPA), which was one of the first software tools to find previously undiscovered flaws in cryptographic protocols, and has been used successfully in the analysis of a large number of protocols, including the Internet Key Exchange Protocol and the Group Domain of Interpretation protocol, both of which became standards for the Internet Engineering Task Force. Currently she is co-PI on a project that is developing a successor to the NRL Protocol Analyzer, Maude-NPA, that takes into account complex algebraic properties of cryptosystems. Other research efforts she has been involved recently with include logical methods for reasoning about security procedures, the machine-verified analysis of crypto-algorithms and protocols for the IARPA-sponsored Security and Privacy Assurance Research Program, and the development of automated methods for the generation and analysis of cryptosystems. Prior to joining NRL, she was on the mathematics faculty at Texas A&M University. There she worked in various areas of cryptography, including secret sharing schemes and software protection. She received her Ph.D. in mathematics from the University of Illinois at Urbana-Champaign.

Nasir Memon (New York University), [introductory/intermediate] User Authentication


Summary. Authentication is an issue that is at the heart of the security posture of a system and the authentication of humans has been among the most vexing problems that the security community has faced as the interaction with computing systems has entered every aspect of everyday life. There have been a variety of proposals that have been explored in the past few decades ranging from the ubiquitous but highly vilified passwords to esoteric techniques based on brain signals. This course will survey the different approaches that have been used for authenticating humans. The focus of the course is more on specific techniques that have been developed and less on system wide protocols, frameworks or implementations of such techniques.


PART 1: What you know. Perhaps the most widely used approach to authenticate a human has been based on a shared secret between the human and the authenticating entity, be it a device or a remote server. We will look at the different types of secrets that have been used including textual, visual etc. We will explore their security and their usability and discuss some open research questions.

PART 2: What you are. An alternative for authentication that is becoming increasingly viable in practice is based on biometric identity. In this part we will look at various physical biometrics that can provide the basis for authenticating a user and also other behavioral biometrics that have been proposed as privacy friendly alternatives.

PART 3: What you have. In part 3 we finally look at authentication techniques that leverage the possession of a token or a device. With the numerous mobile and wearable devises that have been entering the market, using such objects in authentication as the sole or second factor is becoming increasingly deployed. We will look at some of the techniques that are used and their strengths and limitations.

Bio. Nasir Memon is Head of the Department of Computer Science and Engineering and Director of the Information Systems and Internet Security Laboratory at NYU Engineering. A founding member of the Center for Interdisciplinary Studies in Security and Privacy (CRISSP), a collaborative initiative of several NYU schools, Prof. Memon’s research covers digital forensics, data compression, and multimedia computing and security. A Fellow of IEEE and SPIE and a past Distinguished Lecturer of IEEE Signal Processing Society, he is the author of more than 250 scholarly papers and holds a dozen patents. Recipient of several awards, including best paper awards, the NYU Engineering Jacobs Excellence in Education Award. Memon is and was on the editorial staff of many journals, including a stint as the Editor-in-Chief of IEEE Transactions on Information Security and Forensics.

Ethan L. Miller (University of California, Santa Cruz), [introductory/intermediate] Securing Stored Data in a Connected World


Summary. Our society increasingly relies on digital storage for our cultural, financial, medical, and personal data, yet security breaches are increasingly common. This tutorial will describe a range of issues that arise in securing information at rest, focusing on problems of ensuring the confidentiality and integrity of data stored in the cloud. The tutorial will cover background material and describe existing approaches and open problems in areas such as encryption for stored data, provable data possession and other integrity techniques, encryption for distributed data, and oblivious memory.


References. Please see for the most up-to-date list.

Pre-requisites. Participants should have an understanding (at the undergraduate level) of file and storage systems, such as that provided by an undergraduate course in operating systems. They should also be familiar with basic cryptography primitives including symmetric-key encryption, public-key encryption, and digital signatures.

Bio. Ethan L. Miller is a Professor in the Computer Science Department at the University of California, Santa Cruz, where he holds the Symantec Presidential Chair in Storage & Security. He is a Fellow of the IEEE and an ACM Distinguished Scientist, and his publications have received several Best Paper awards. Prof. Miller received an Sc.B. from Brown University in 1987 and a Ph.D. from UC Berkeley in 1995, and has been on the UC Santa Cruz faculty since 2000. He has co-authored over 130 papers in a number of topics in file and storage systems, operating systems, parallel and distributed systems, information retrieval, and computer security. He was a member of the team that developed Ceph, a scalable high-performance distributed file system for scientific computing that is now being adopted by several high-end computing organizations. His work on reliability and security for distributed storage is also widely recognized, as is his work on secure, efficient long-term archival storage and scalable metadata systems. Prof. Miller also works closely with industry to help move research results into commercial use at companies such as NetApp, Symantec, and Pure Storage. Additional information is available here.

Stefano Paraboschi (University of Bergamo), [introductory/intermediate] Data Protection in Network-enabled Systems


Summary. The management and protection of data in modern information systems requires a significant revision of existing paradigms. There are many aspects in the evolution of Information Technology that have a significant impact on this domain. Networks are pervasive, storage continuously decreases its cost, and each user accesses and controls a number of devices with significant computational power. In this scenario, security can be obtained by using high-level abstractions for the representation of data and integrating these abstract models with robust protection mechanisms, typically relying on the use of encryption. Several problems arise that require a careful investigation.


References. References will be provided during the lectures. A project that investigates these topics is ESCUDO-CLOUD.

Pre-requisites. Attendees are expected to be familiar with the content of BSc- level courses on Databases, Operating systems and Computer security.

Bio. Stefano Paraboschi obtained the Laurea degree in Ingegneria Elettronica and a PhD in Ingegneria Informatica e Automatica from Politecnico di Milano, where he was an assistant professor and then an associate professor. Since November 2002 he is a professor at the School of Engineering of Università di Bergamo, where he chairs the program in Computer Science and Engineering. The research of Stefano Paraboschi has focused on several areas. He initially worked in the database and information system area (specifically on active rules, view management, data warehouses, workflow management systems), then on Web technologies (data intensive Web sites, XML) and currently focuses on information security (security for databases, access control for XML and Web services, secure reputation in P2P networks, data outsourcing). His research has been supported by several Italian and EC-funded projects.

Bart Preneel (KU Leuven), [introductory/intermediate] Cryptology: State of the Art and Research Challenges


Summary. These lectures will give an overview of the state of the art in cryptology with an emphasis on the basic concepts and on applications in network and computer security (communications security, software updates, DRM, payments). We will also discuss how cryptology is broken or bypassed in practice. We conclude with an overview of the Snowden revelations and how they affect threat models in cryptography.


Pre-requisites. Basic knowledge of mathematics.

Bio. Prof. Bart Preneel is a full professor at the KU Leuven in Belgium where he heads the COSIC research group. He was visiting professor at five universities in Europe. He has authored more than 400 scientific publications and is inventor of 5 patents. His main research interests are cryptology, information security and privacy. Bart Preneel is president of LSEC (Leaders in Security) and has served for six years as president of the IACR (International Association for Cryptologic Research). He has testified in the European Parliament, in several courts and has served as consultant to governments and industry. He is a fellow of the IACR, member of the Permanent Stakeholders group of ENISA (European Network and Information Security Agency) and of the Academia Europaea. He has been invited speaker at more than 100 conferences in 40 countries. At the RSA Conference 2014 he has received the Award for Excellence in the Field of Mathematics.

Shantanu Rane (Palo Alto Research Center), [introductory/intermediate] Privacy-preserving Data Analytics: Problems, Solutions and Challenges


Summary. Big data analytics has the potential to solve many of the world's pressing problems and to create exciting new opportunities for individuals, corporations and governments. Application examples include finding treatments and cures for diseases, streamlining the world’s transportation systems, securing people and infrastructure against acts of terrorism, deploying sustainable energy sources in smart grids, driving customer-centric businesses in the internet age, and many more. However, the big data requirement appears, almost fundamentally, to be in conflict with the idea of privacy. Indeed, much of big data analytics today involves indiscriminate information gathering with scant regard for individual privacy. How can expressive data analysis be conducted while protecting the privacy of people on whom that data is collected?

The objective of this course is to present a systematic study of the area of privacy preserving analytics, and to encourage an understanding of the various capabilities, limitations, tradeoffs and challenges. We will motivate the need for privacy-aware analytics and specify the privacy requirements of various players in the big data analytics setting. Next, we will introduce privacy preserving technologies that can be brought to bear on this problem, including beautiful results from cryptography (homomorphic encryption, secure multiparty computation, verifiable computing), and statistical privacy mechanisms (k-anonymity and its variants, differential privacy). We will then highlight the gap between what existing privacy technologies have achieved and the demands of privacy-preserving analytics. This gap creates several interesting challenges that should fuel future research in this area.


References. We will cite a large number of papers and reading material in the course. The small selection below is intended for attendees who would like an overview of some of the topics beforehand.

Pre-requisites. Privacy-preserving big-data analytics is a vast field which borrows theoretical and practical ideas from many aspects of computer science and electrical engineering. Our material will not assume deep expertise in any particular area, and should be accessible to a general engineering audience. The more technical parts of the course will be more useful to attendees with basic familiarity with one or more of the following topics: applied cryptography, statistical signal processing, and machine learning.

Bio. Shantanu Rane received a Ph.D. degree in electrical engineering from Stanford University, California in 2007. He has a Masters degree from The University of Minnesota, Minneapolis and a Bachelors degree from Pune University, India. He has previously worked at the National Center for Radio Astrophysics (Tata Institute of Fundamental Research, Pune) and at Mitsubishi Electric Research Laboratories (MERL) in Cambridge, Massachusetts. He is currently a Senior Member of the Research Staff at the Palo Alto Research Center (PARC) where he works on problems in privacy-preserving analytics. His research interests are in signal processing, applied cryptography and information theory. He has participated in standardization activity for the Joint Video Team (JVT) under the ITU-T/MPEG H.264/AVC video compression standard, INCITS-M1, the US National Body for standardization of biometrics, and the ISO/IEC JTC1 SC37 Subcommittee on Biometrics. Shantanu currently serves as an associate editor for the IEEE Transactions on Information Forensics and Security and the IEEE Signal Processing Letters. More information about his research is available at:

Mark Ryan (University of Birmingham), [introductory/intermediate] Designing Security Protocols: Electronic Voting, and Electronic Mail


Summary. The course will introduce the challenges of designing protocols for fully-functional, real-world systems. Many of these challenges stretch to phenomena that are often considered out-of-scope, such as: the difficulty (or impossibility) of having a public-key infrastructure based on trustworthy CAs, and the possible presence of malware on user devices. We focus on two applications in particular: e-mail, and e- voting. The course will overview the literature and present the current state of the art.



Pre-requisites. Familiarity with concepts in cryptography (symmetric and public key cryptography, hash functions, etc.).

Bio. Mark Ryan is Professor of Computer Security and leads Security and Privacy group in Birmingham, where he is an EPSRC Leadership Fellow (2010-2015).He is best known for his work on analysis of system security (e.g., electronic passport security and mobile phone security), electronic voting, privacy and anonymity (e.g.\ in trusted computing electronic voting, passports, telephones and e-mail), and the tension between security and privacy. He has also worked in access control models, cloud computing security, and verification of the trusted platform module (TPM).

Stefan Saroiu (Microsoft Research, Redmond), [advanced] Protecting Data on Smartphones and Tablets Using Trusted Computing


Summary. Our smartphone and tablets have treasures of personal, highly sensitive data, such as our e-mails, our calendars, our phone call histories, our voice recordings, our notes, and even our health information. This data can be easily stolen or lost. For example, malware could siphon this data off to a remote server. Malicious applications can fabricate or alter sensors data by faking GPS locations or photoshopping photos. Even worse, moderately skilled attackers could read sensitive information straight from a stolen device's flash card or even RAM.

This course starts with an overview of trusted computing hardware for mobile devices. This hardware is essential to bootstrapping secure solutions to data protection. We will cover Trusted Platform Module (TPM) versions 1.1, 1.2, and 2.0, ARM TrustZone, Intel SGX, Apple's Secure Enclaves, and HSMs. We will then provide an in-depth examination of today's research on leveraging trusted computing hardware for malware protection. Our examination is focused primarily on mobile devices, such as smartphones and tablets. Finally, we will present state of the art work on protecting data from memory attacks, such as coldboot attacks, using a bus monitor to observe the memory bus, and DMA attacks. Such attacks are relatively inexpensive to mounts on stolen smartphones.


  1. Overview of trusted computing hardware.
  2. Protecting data from malware using trusted computing hardware.
  3. Protecting data from memory attacks.



Bio. Stefan Saroiu is a senior researcher in the Mobility and Networking Research group at Microsoft Research (MSR) in Redmond. Stefan's research interests span mobile systems, computer security, and distributed systems. With his colleagues at MSR, he has designed and built the reference implementation of a software-based Trusted Platform Module (TPM), which is used in many smartphones and tablets on the market today. Before joining MSR in 2008, Stefan spent three years as an Assistant Professor at the University of Toronto, and four months at as a visiting researcher where he worked on the early designs of their new shopping cart system (aka Dynamo). Stefan obtained his Ph.D. from the University of Washington where he was co-advised by Steve Gribble and Hank Levy.

Gene Tsudik (University of California, Irvine), [intermediate/advanced] Security and Privacy in Candidate Future Internet Architectures


Summary. This short course will discuss, compare and contrast security and privacy issues (both problems and proposed solutions) in several prominent Future Internet Architectures (FIAs). These include: XIA, NDN, MobilityFirst, NEBULA and ChoiceNet. Topics will span DDoS, routing/forwarding security, communication privacy, access control, trust management, as well as anonymity and authentication of entities and data.

Syllabus. TBA.

References Background on the five prominent FIA projects:

Pre-requisites. Working knowledge of network security and (inter-)networking is absolutely necessary for this short course. Basic understanding of cryptography is recommended.

Bio. Gene Tsudik is a Chancellor's Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). Over the years, his research interests included many topics in security and applied cryptography. He is the Director of Secure Computing and Networking Center (SCONCE) at UCI. Gene Tsudik is a former Fulbright Scholar and a fellow of the ACM and the IEEE. From 2009 to mid-2015 he served as the Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC).

Yang Xiao (University of Alabama, Tuscaloosa), [introductory/advanced] Security in Smart Grids


Summary. Smart grid is a promising power delivery infrastructure integrated with communication and information technologies. Its bi-directional communication and electricity flow enable both utilities and customers to monitor, predict, and manage energy usage. It also advances energy and environmental sustainability through the integration of vast distributed energy resources. Deploying such a green electric system has enormous and far-reaching economic and social benefits. Nevertheless, increased interconnection and integration also introduce cyber vulnerabilities into the grid. Failure to address these problems will hinder the modernization of the existing power system.

The course will first give overview of smart grid. Then it covers security and privacy issues of smart grid including difference of IT networks and smart grid in terms of security and privacy, attacks and countermeasures, intrusion detection, privacy, etc. The course will then move onto some research problems and solutions related to smart grid including accountability, malicious meter inspection, intrusion detection, etc.


  1. Introduction of Smart Grid
  2. Smart Grid Security and Privacy
  3. Smart Grid Attacks and Countermeasures
  4. Intrusion Detection
  5. Accountability in Smart Grid
  6. Malicious Meter Inspection
  7. etc.


Pre-requisites. Some basic knowledge of computer science and computer security.

Bio. Dr. Yang Xiao currently is a Professor of Department of Computer Science at the University of Alabama, Tuscaloosa, AL, USA. His current research interests include networking and computer/network security. He has published over 200 journal papers and over 200 conference papers. Dr. Xiao was a Voting Member of IEEE 802.11 Working Group from 2001 to 2004, involving IEEE 802.11 (WIFI) standardization work. He is a Fellow of IET. He currently serves as Editor-in-Chief for International Journal of Security and Networks and International Journal of Sensor Networks. He had (s) been an Editorial Board or Associate Editor for 15 international journals. He served (s) as a Guest Editor for over 20 times for different international journals. Dr. Xiao has delivered over 20 keynote speeches at international conferences around the world and gave more than 60 invited talks at different international institutes.