Syllabus for Course:

I. Fundamentals: (Avi) 1 lecture 9/10

public key, signatures, hash functions, certification authorities,
MAC functions, pseudorandomness, symmetric encryption, RSA

II. IETF standards: (Avi) 2 lectures 9/17 & 9/24

Network layer:

     URL: http://www.ietf.cnri.reston.va.us:80/proceedings/96mar/
     charters/ipsec-charter.html

     Security Architecture for the Internet Protocol (RFC 1825) 
     IP Authentication Header (RFC 1826) 
     IP Encapsulating Security Payload (ESP) (RFC 1827) 
     The ESP DES-CBC Transform (RFC 1829) 
     IP Authentication using Keyed MD5 (RFC 1828) 

Socket layer:
	SSL

Application layer:
	SSH, SET, MOSS, S/MIME, SESAME (Kerberos), GSSAPI

Key Management: (Internet drafts)

     Internet Security Association and Key Management Protocol (ISAKMP).
     Photuris 
     Simple Key-Management For Internet Protocols (SKIP). 
     SKIP extension for Perfect Forward Secrecy (PFS). 

III. Verifiability in Protocols: (Matt) 3 lectures 10/1, 10/8 & 10/15

 O. Goldreich, S. Micali, and A. Wigderson, ``Proofs that yield nothing
 but their validity and a methodology of cryptographic protocol
 design,'' IEEE FOCS 1986, 174-187.

 T. Pedersen, ``Non-interactive and information-theoretic secure
 verifiable secret sharing,'' Crypto 1991, 129-140.

IV. Protocol failures: (Avi) 2 lectures 10/22 & 10/29

 J. Moore, "Protocol Failures in Cryptosystems," Proceedings of the
 IEEE, 5(76), 1988, 594-602.

 P. Kocher, "Cryptanalysis of Diffie-Hellman, RSA, DSS, and other
 Systems using Timing Attacks", Crypto 1996.

 D. Dean, E. Felten, D. Wallach, "Java Security: From HotJava
 to Netscape and Beyond," IEEE Symposium on Security and Privacy,
 Oakland, CA, 1996, 190-200.

 Netscape RNG flaw: http://hplyot.obspm.fr/~dl/netscapesec/

 P. Syverson, "Limitations on Design Principles for Public Key
 Protocols," IEEE Symposium on Security and Privacy,  Oakland, CA,
 1996, 62-72.

V. Logics: (Avi) 1 lecture 11/5

BAN-type logics: 

 M. Burrows, M. Abadi, R. Needham, "A Logic of Authentication,"
 ACM Transactions on Computer Systems, vol. 8, 1990.

 P. Syverson, P. van Oorschot, "On Unifying Some Cryptographic Protocol
 Logics," submitted for publication, 1996. 

 S. Stubblebine, R. Wright, "An Authentication Logic Supporting
 Synchronization, Revocation and Recency," 3rd ACM CCS, 1996.

VI. Model-Based Proof Methods: (Matt) 1 lecture 11/12

 M. Bellare, P. Rogaway, "Provably secure session key distribution --
 The three party case", ACM STOC 1995, 57-66.

VII. Protocol Engineering: (Matt) 1 lecture 11/19

 M. Abadi, R. Needham, "Prudent engineering practice for cryptographic
 protocols," IEEE Symposium on Security and Privacy (Oakland '94).

 R. Anderson, R. Needham, "Robustness principles for public key
 protocols," Crypto '95, 236-247.

VIII. Smart Cards in Protocols: (Avi) 1 lecture 11/26

IX. Escrow in Protocols: (Matt) 1 lecture 12/3

Clipper, fair encryption (Micali, Leighton, DDFY).

X. Anonymity in Protocols: (Matt) 1 lectures 12/10

 D. Chaum, "Security without identification: Transactions to
 make big brother obsolete," CACM, Vol 28, No 10 (October 1985), 1030-1044.