CS 588: Privacy in Networked and Distributed Systems


Today, Governments perform mass surveilence on large parts of the Internet. They are able to see significant amount of Internet traffic are are able to infer large amounts of information from it, including what your interests are, who you talk to, and many other things about you. Large companies, such as Google and Facebook have detailed information on billions of users. While their intestest is commercial, they have become instrumental in the functioning of democracies and other forms of government.

This course will cover privacy enhancing mechanisms, including:
  • How is privacy violated? Who are the adversaries?:
  • Surveilance techniques, including Social Network, Location, IOT, etc.
  • Cryptographic techniques to provide privacy Anonymity and Pseudo anonymity.
  • Web privacy issues and the social graph.
  • Anonymous communication: onion Routing (such as Tor)/Mix Networks/Dining Cryptographers.
  • Crypto currencies to replace cash on the Internet
  • Censorship resistence.


  • bitcoin book bitcoin book
  • bitcoin videos
  • Homework 1 (due 3/6)
    • What semantics can be implemented with RSA that cannot be implemented with DSA? Briefly describe how RSA implements it.
    • What is DH used for?
    • What is the impact of quantum computing on cryptographic algorithms?
    • Consider two values $x$ and $y$ where $x \neq y$. Is it possible they hash to the same value? Explain whether this is a problem.
    • What is a Merkel tree used for?
    • Is there any key distribution mechanism which provides authentication and does not rely on a third party? Explain.
    • Chap 11: 2, 9, 11, 12, 13, 24, 28

We will probably have a test and a final this time.

Required Text

We'll be using my manuscript, the first part of which is used in CS 587, supplemented by papers. It is over 500 pages at this point plus front and back matter, and covers a superset of the material covered in class. (Published texts only covered about 30-40% of the course material). The reason I've switched over to this is so that:
  • Lecture notes can cover material at a higher level, details and extensive examples in the text.
  • Students will have a source for more in-depth coverage of the material with examples than possible with existing texts.
  • The course is oriented towards security properties, which is new work.
  • This is the most effective way to refine the course and technical details.

Recommended Reading:

  • Ross Anderson, Security Engineering, John Wiley. (Really nice discussions of many topics and very readable. Highly recommended.)
  • Charlie Kaufman, Radia Perlman and Mike Speciner, Network Security: Private Communication in a Public World, 2nd ed., Prentice-Hall, 2002.
  • Pfleeger and Pfleeger, Security in Computing, Prentice-Hall, 3rd Edition. (Used last time for this course, good coverage of OS issues.)
  • Gollmann, Computer Security, John Wiley. (Broad coverage, but terse)
  • Ethos OS This is the home page to my Ethos operating system project with lots of links to things including a 50+ page annotated bibliography I put together.

Required Work

The work is going to include:
  • test(s) on prepared material,
  • homeworks (written and at least one programming assignment)
  • present a paper, and
  • a course project. The course project can either be
    • an implementation project,
    • possibly a project where you install and validate some software, or
    • a written project.
    The last 2 course project choices will require a 15 minute classroom presentation.

Undergraduates wishing to take the course should send me email with the following information:

  • Number of completed credit hours
  • Any required courses not yet taken.
  • List of 400 level courses taken (and grades achieved).
  • Background in OS (including kernel background)
  • Are you requesting course count as a technical elective (this will be harder)
  • Have you filed a petition?
  • Reason for wanting to take the course