14s 6501 Privacy Enhancing Technology Seminar

It has been made abundantly clear that we face state-level adversaries who are willing to engage in society-wide drag-net style surveillance. We also face corporations who are willing to tease us with free services while surreptitiously collecting bits and pieces of perhaps innocuous information, who then combine these nuggets of information through sophisticated algorithms in order to maintain alarmingly accurate profiles of individuals for marketing purposes. In such regimes, the possibility for disutopian outcomes have been well-studied in fiction literature and political science circles.

What can a responsible technologist do ? Join the party or attempt to disrupt it?

This course will survey modern cryptographic topics that are designed to enhance user privacy. There will be a strong theory-and-practice aspect to the course. We will really attempt to build interesting systems based on what we have learned. Course topics include key exchange protocols, the Transport Layer Security protocol (TLS), the ANONIZE protocol, garbled circuits for secure computation, oblivious ram protocols, bitcoin protocols, attacks such as the man-in-the-middle attack, secure public key infrastructures, and unintended disclosures of privacy arising from network analysis. The course will consider practical cryptographic questions through a course-long project and interspersed exercises.

Logistics

We will meet in Rice Hall 011 on TuTh 3:30PM - 4:45PM. Note: the first class on Jan 14 will not meet. Instead, students must review the assigned videos listed below.

Pre-requisites

This class is intended for serious undergraduates and beginning graduate students who are interested in participating in a research and practice-based seminar. Students should have a strong mathematical background and a deep curiosity and passion for the subject of internet privacy and also a strong systems and programming background.

Grading

The grade for the course is based entirely on course projects that run throughout the year. During the first 3 weeks of the course, each team will meet with the instructor and select a topic for deep study during the rest of the course. Each team will be responsible for producing weekly blog posts that describe the progress on their project; each week should demonstrate several thoughtful hours of work on the project. These posts will be evaluated by a subset of the other teams in the class each week. At the end of the semester, the project shall be presented as a roughly 15-20 page paper akin to a conference submission.

Rough outline by week

1. Basic Cryptographic tools
2. Key derivations
3. Key Exchange and TLS
4. TLS attacks
5. Man in the middle, theory and practice
6. Ecash protocols
7. Credentials and the Anonize protocol
8. Bitcoin, zerocoin, peppercoin
9. Spring break
10. Obfuscation and App Security, how to analyze the privacy safeguards of your favorite iphone app
11. Secure computation
12. Oblivious RAM
13. Threshold secret sharing; how to store your passwords online?
14. Presentations

Project ideas

• searching encrypted email with local index + ORAM
• implement secure computation thru ORAM via garbled circuits
• google docs via ORAM?
• How to get 100k people to start encrypting their email
• PAKE via garbled circuits
• format preserving encryption e.g. how to encrypt your videos such that the ciphertext is a video
• how to encrypt every piece of social media content that you share such that your friends (and only your friends) can recover the keys to decrypt these messages;
• snapchat snafu, check 50? popular apps for similar flaws
• the notion of private APIs, best implementation practices and practical study

Course Blog