Network Security Primitives
- Be able to explain and use one-way hash chain and Merkle hash tree (how to construct, and how to use for authentication).
- Be able to explain and use Bloom filters (choice of (non-crypto) hash functions, calculation of false alarm rate for given settings).
- Be able to explain and use client puzzles, and the difference between the two puzzle constructions.
- Be able to explain and use the puzzle outsoucing technique, including the per-channel puzzle distribution.
- Be able to explain and use Shamir's secret sharing scheme, incluidng splitting a secret into shares and recovering from a subset of the shares.
- Be able to explain and use Rabin's Information Dispersal Algorithm.
- Be able to explain the concept of secret handshake, the pairing based secret handshake protocol, and the secret handshake from CA-oblivious encryption.
- Be able to explain the notion of ID based cryptography.
- Be able to explain elliptic curve groups, Elliptic Curve Discrete Logorithm Problem (ECDLP), bilinear map, Weil pairing, and ID based encryption using Weil pairing.
Electronic Payment Systems
- Be able to explain the NetBill transaction model and the NetBill transaction protocol.
- Be able to explain the purpose of every component of every NetBill protocol message.
- Be able to use symetric key to reduce the delivery (or exchange) of large messages to the delivery (or exchange) of the key.
- Be able to explain the difference between the basic protocol and the variations of the basic protocol for zero-priced goods in terms of cost, functionalities, and assumptions, including zero-price certified delivery, certified delivery without NetBill server, verified delivery, and unverified delivery.
- Be able to describe PayWord and MicroMint protocols.
- Explain the PayWord model, why it works, the applications it is intended for. Be able to decide what PayWord to use based on the payment context information.
- Explain the difference between PayWord and MicroMint.Explain the MicroMint model.Explain who makes the coins, how to make the coins, and the security of the coins.
- Explain how the double spending problem is addressed by MicroMint and PayWord
- Be able to explain: fair exchange, fair exchange through TTP, optimistic fair exchange, strong fairness, weak fairness, generatable and revocable items.
- Consider the optimistic fair exchange prototol covered in class. Be able to explain the goal of each component in each message. Be able to describe how to recover from failures for both parties. Be able to identify the NRO and NRR tokens for each party and why they can be used for this purpose.
- Consider the simplied versions of the optimistic fair exchange protocol. Be able to explain why these versions can be simplifed and what properties of the exchanged items are exploited to simplify the exchange.Be able to identify the NRO and NRR tokens for each party in these protocols and explain why they can be used for such purposes.
- Be able to identify unfairness in fair exchange protocols. Be able to identify strong fairness and week fairness achieved for each party in fair exchange protocols.
- Be able to explain: broadcast authentication, the challenges in broadcast authentication, why point-to-point authentication cannot be used for broadcast authentication directly.
- Be able to describe TESLA schemes, the security condition of TESLA, the protocol to synchronize sender and receivers.
- Be able to determine if a TESLA packet can be authenticated, and how to authenticate it if yes. Be able to determine which TESLA scheme should be used for a given broadcast authentication application.
- Be able to explain the DoS attacks against the TESLA protocol and the immediate authentication extension.
- Consider EMSS. Given a set of packets, be able to determine what packets can be authenticatted and how to authenticate them (the sequence of operations).
- Be able to explain how SEALs are generated and used in BiBa.
- Be able to explain how BiBa signatures are generated and verified.
- Be able to describe how SEALs are used for broadcast authentication.
- Be able to explain the Message Specific Puzzle (MSP) mechanism, its application to signature-based as well as TESLA-based broadcast authentication, and the optimization in the above two cases.
- Be able to explain the threats to the integrity and availability in remote programming in wireless sensor networks.
- Be able to explain the integrity and DoS-resilient mechanisms used in Seluge for remote programming in wireless sensor networks, including the construction of code dissemination packets, the defense of DoS attacks against the signature packets, and the defense of local DoS attacks using cluster keys.
Group Key Management
- Be able to explain the difference between group key agreement and group key distribution.
- Be able to describe the generic group DH, GDH.1, GDH.2, and GDH.3 protocols. Be able to describe the overhead of GDH.x protocols, including #messages, #rounds, #exponentiations per member, total size of messages.
- Given a group key agreement protocol based on DH, be able to determine if it is vulnerable to replay attacks, man-in-the-middle attacks, resouce consumption attacks, DOS attacks.
- Be able to explain the key tree constructed in TGDH and the difference from the constructions in GDH protocols.
- Be able to explain how the group membership events (member join, member leave, group partition, and group merge) are handled in TGDH.
- Be able to explain group key secrecy, forward secrecy, backward secrecy, and key independence.
- Be able to explain what are "1 affects n" problem and "1 does not equal n" problem.
- Be able to describe the Iolus approach. Be able to determine the cost of secure group communication in Iolus, including # encryption/decryption required, # group keys and pairwise keys each member needs, and # messages. Be able to determine the cost to used Iolus for group key distribution with the above costs.
- Be able to describe LKH. Be able to describe how a member is added and deleted, the changes in the key tree. Be able to determine the cost involved in group member changes (addition and deletion), including the number of keys each member and the group mamager need to store, the size and the number of messages required for group member addition and deletion.
- Be able to explain and use key oriented rekey, user oriented rekey, and group oriented rekey.
The following depends on the actual coverage of the class:
Security of Wireless Sensor Networks
- Be able to describe the specifical properties of sensor networks (low cost, low power, multi-functional nodes in unattended environments, wireless communication).
- Be able to explain the difference of sensor network security from traditional network security (1. resource constraints; 2. nodes subject to capture)
- Be able to explain and use the basic probabilistic key predistribution scheme. Be able to determine the parameters given the probability to establish pairwise keys and the network size.
- Be able to explain and use q-compositie scheme, multi-path enforcement for path key establishment, and random pairwise keys scheme.
- Be able to explain and use the two methods for shared key discovery (1. broadcast the list of key ids; 2. broadcast a list of challenges). Be able to explain the advantages and the disadvantages of both methods.
- Be able to explain and use the polynomial-based key predistribution sheme, the polynomial pool-based key predistribution schemes (the general framework, the random subset assignment scheme, and the grid-based scheme). In particular, be able to compute keys with the above schemes, be able to perform shared key discovery and path discovery in the random subset assignment and the grid-based scheme. Be able to explain and use the optimization technique to perform polynomial evaluation.