Privacy is an increasingly significant concern in our modern, connected society. We all share personal information on a daily basis with a wide range of organizations. Although at times such sharing can be intentional and beneficial for the user, other times information is shared against the user’s will, used for purposes that the user did not expect, revealed to entities other than those approved by the user, or used to infer additional information that the user did not intend to reveal.
In this course, students will learn to reason about what information is revealed through the use of computer systems. They will study several different scenarios in which information sharing is either unavoidable or (to some extent) desirable, and discuss the balance between the benefits and costs of sharing. Finally, students will learn about several privacy enhancing technologies (PETs), and how these can be put to use by software developers to defend the privacy of their users.
We will use Top Hat for lecture participation. Please see Lectures for instructions.
It is extremely important that you abide by the public health regulations, the University of Pittsburgh’s health standards and guidelines, and Pitt’s Health Rules.
If you are required to isolate or quarantine, become sick, or are unable to come to class, contact me as soon as possible (and at least one hour in advance) to discuss accommodations.
If you are sick, please stay home.
The instructor will periodically post updates to the course website and Canvas page. It is each student’s responsibility to regularly monitor these updates.
The instructor and TA will periodically email enrolled students with announcements. Students must check their Pitt email at least once per day to ensure these announcements are received.
When contacting the course staff via email, messages must be addressed to (or CC) both the instructor and the TA. Email subject should be prefaced with “[1657]”.
Unless otherwise specified by your instructor, all submissions must be the sole work of each individual student. Students may not read or copy another student’s solutions or share their own solutions with other students. Students may not review solutions from students who have taken the course in previous years. Submissions that are substantively similar will be considered cheating by all students involved, and as such, students must be mindful not to post their work publicly. If an assignment explicitly permits the use of external resources, any such resources must be credited in submissions, and material may not be copied verbatim. Any use of electronics or other resources during a quiz or examination will be considered cheating.
If you have any doubts about whether a particular action may be construed as cheating, ask the instructor for clarification before taking such action. The instructor will make the final determination of what is considered cheating.
Cheating in this course will result in a report to the appropriate school and/or university authority. The instructor will impose a grade of F for the course, and additional sanctions may be imposed by school or university authorities.
Please read, understand, and abide by the Academic Integrity Policy for the School of Computing and Information.
Students are expected to attend all lectures, which frequently include material that is not directly taken from the text. If a student misses a lecture, they are still responsible for the material covered and are advised to acquire notes from a classmate.
This course may include open discussion or other interactions among students. To allow all participants to express their viewpoints, all discussion must remain civilized and respectful, and participants must avoid comments and behaviors that disparage others. A student who feels their viewpoints are not being respected is encouraged to contact the instructor, who will work to correct the situation without revealing the student’s specific concerns to the rest of the class. A student in this situation who does not feel comfortable contacting the instructor directly is encouraged to contact the TA, who will uphold the same degree of confidence in relaying the issue to the instructor.
The University of Pittsburgh does not tolerate any form of discrimination, harassment, or retaliation based on disability, race, color, religion, national origin, ancestry, genetic information, marital status, familial status, sex, age, sexual orientation, veteran status or gender identity or other factors as stated in the University’s Title IX policy. The University is committed to taking prompt action to end a hostile environment that interferes with the University’s mission. For more information about policies, procedures, and practices, see here.
I ask that everyone in the class strive to help ensure that their classmates can learn in a supportive and respectful environment. If you witness any instances of the aforementioned issues, please contact the Title IX Coordinator by calling 412-648-7860, emailing titleixcoordinator@pitt.edu, or filing a report online. You may also choose to report this to a faculty/staff member; they are required to communicate this to the University’s Office of Diversity and Inclusion. If you wish to maintain complete confidentiality, you may also contact the University Counseling Center at 412-648-7930.
To ensure the free and open discussion of ideas, students may not record lectures, discussion or other course activities without the advance written permission of the instructor. Any recording properly approved in advance can be used solely for the student’s own personal use.
All course material is subject to copyright, including notes, slides, assignments, exams, and solutions. Students are allowed to use the provided material only for personal use, and may not share the material with others, including posting the material on the Web or other file sharing venues.
We believe that students should be able to distinguish between helping one another understand the core concepts of the course material and cheating. We encourage students to discuss the content of the course in ways that will improve understanding without violating academic integrity, such as clarifying the objective of an assignment or discussing general solution tactics. Under no circumstances should students view one another’s partial or complete solutions nor share specific details of their solutions.
All assignments specify a precise due date and time. Late assignments will not be accepted. Students must ensure they understand each assignment’s submission procedure in advance of its deadline to ensure that submission difficulties do not cause an assignment to be rejected.
All graded materials that a student receives should be saved until after the term has ended and the student receives and accepts their final grade. In this way, any grade discrepancies can be easily resolved.
An evaluation grade can be appealed up to two weeks after it has been returned. After this point, no appeals will be considered. The goal of a grade appeal is to ensure a fair and consistent score. Thus, a score will not be adjusted on an issue of partial credit if the awarded points are consistent with the grading policy adopted for the class as a whole.
When appealing a grade, first contact the grader. For grades returned on electronic platforms that have a “regrade request” feature, follow its instructions; otherwise, contact the grader directly using email (CC’ing the instructor) or office hours. If the grader does not find any mistakes made in the assigned grade, and is unable to clarify adequately the reasons for any assessed penalties, directly contact the instructor describing why you feel the assignment was graded unfairly. The entire assignment may be re-graded by the instructor, so the score may increase, remain the same, or even decrease.
Students must be present for all exams and quizzes. Make-up exams will be given only in the event of a documented medical or family emergency, in which case the instructor must be informed of the emergency in advance of the missed exam. Missing an exam or quiz under any other circumstances will result in a score of 0.
If you have a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and Disability Resources and Services, 140 William Pitt Union, 412-648-7890, drsrecep@pitt.edu, as early as possible in the term. Disability Resources and Services will verify your disability and recommend reasonable accommodations for this course.
In order to accommodate the observance of religious holidays, students should inform the instructor (by email, within the first two weeks of the term) of any such days which conflict with scheduled class activities.
Top Hat is our primary platform for in-class participation questions. It can be accessed via Canvas or via the Top Hat mobile app. Students will be added to the Top Hat section prior to Week 2. To ensure that you get credit for your participation, link your Canvas and Top Hat accounts by clicking “Top Hat - New” from our course Canvas page.
Opportunities will be given later in the semester to make up missed participation questions.
If you are required to isolate or quarantine and/or if you become sick, contact me as soon as possible (and at least one hour in advance) to discuss accommodations. Note that this does not extend to elective travel or other personal conflicts.
Students are responsible for reading assigned materials as additional context for the lectures. Note that, for some readings, only a subset of the material (certain pages or sections) is assigned. Readings are provided below.
This schedule is subject to change.
| Topics | Readings |
|---|---|
|
Course intro |
Slides [AGG01] |
|
Value of privacy |
Slides [M13], [S08], [S06], [C12], [B13] |
|
Symmetric-key cryptography, block modes |
Slides [S12], [M09] |
|
Hashing, public-key cryptography |
Slides |
|
Limits of cryptography |
Slides [G15], [G18], [C02], [GW96], [F10], [G19] |
|
Classic side-channel attacks |
Slides [K96], [R18], [P09], [KJJ99], [B05], [S15a] |
|
More side-channel attacks |
Slides [GST13], [SMK+16] |
|
Authentication |
Slides [S06a], [W16] |
|
Disk encryption |
Slides [HSH+09], [V18], [R09], [G16], [ZJG21] |
|
Access control |
Slides |
|
ReBAC and trust management |
Slides [F11], [LMW02], [J01], [J01a] |
|
Secure boot |
Slides [A19], [T16], [J18] |
|
Cloud computing |
Slides [AAC+17], [RTS+09], [G12], [ZJR+12], [I09], [WGL+17] |
|
Quantifying privacy |
Slides [BZ06], [D17], [D18], [LLV07], [G16a], [D22] |
|
Secure aggregation |
Slides [MR17], [BIK+16] |
|
Location privacy |
Slides [DHV+13], [BS03], [K08], [TCD+10], [S17] |
|
Anonymous networking |
Slides [C81], [RR98], [T18a], [DMS04], [BG03] |
|
Trusting trust: Supply-chain attacks |
[T84], [W14], [G17], [RR21], [C21], [S15] |
|
Private messaging |
[BGB04], [G18a], [PM16], [UDB+15] |
[A19] Android Source, Verified Boot, Overview and other subsections.
[AAC+17] Jay Aikat, Aditya Akella, Jeffrey S. Chase, Ari Juels, Michael K. Reiter, Thomas Ristenpart, Vyas Sekar, and Michael Swift, Rethinking Security in the Era of Cloud Computing, IEEE Security & Privacy, Jun 2017.
[AGG01] Anish Athalye, Jon Gjengset, and Jose Javier Gonzalez Ortiz, Version Control, The Missing Semester of Your CS Education, Jan 2020.
[B05] Daniel J. Bernstein, Cache-timing attacks on AES, Apr 2005. (Skim for main ideas)
[B13] Katy Glenn Bass, Chilling Effects: NSA Surveillance Drives US Writers to Self-Censor, PEN American Center, Nov 2013.
[BG03] Krista Bennett and Christian Grothoff, GAP: Practical Anonymous Networking, Workshop on Privacy Enhancing Technologies, Mar 2003.
[BIK+16] Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, and Karn Seth, Practical Secure Aggregation for Federated Learning on User-Held Data, NIPS Workshop on Private Multi-Party Machine Learning, Nov 2016.
[BS03] Alastair R. Beresford and Frank Stajano, Location Privacy in Pervasive Computing, IEEE Pervasive Computing, Jan 2003.
[BZ06] Michael Barbaro and Tom Zeller Jr., A Face Is Exposed for AOL Searcher No. 4417749, The New York Times, Aug 2006.
[C02] CNET, Record set in cracking 56-bit crypto, CNET, Jan 2002.
[C12] Julie E. Cohen, What Privacy in For, Harvard Law Review, Sections I–III, Nov 2012.
[C21] Catalin Cimpanu, Hacker group inserted malware in NoxPlayer Android emulator, ZDNet, Feb 2021.
[C24] Andrew Cunningham, Can a $10 Raspberry Pi break your PC’s disk encryption? It’s complicated., Ars Technica, Feb 2024.
[C81] David L. Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, Communications of the ACM, Feb 1981.
[D17] Damien Desfontaines, k-anonymity, the parent of all privacy definitions, Ted is writing things, Aug 2017.
[D18] Damien Desfontaines, l-diversity, because reidentification doesn’t tell the whole story, Ted is writing things, Feb 2018.
[D22] Damien Desfontaines, Is differential privacy the right fit for your problem?, Ted is writing things, Jul 2022.
[DHV+13] Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen, and Vincent D. Blondel, Unique in the Crowd: The Privacy Bounds of Human Mobility, Scientific Reports, Mar 2013.
[DMS04] Roger Dingledine, Nick Mathewson, and Paul Syverson, Tor: The Second-Generation Onion Router, Proceedings of USENIX Security Symposium, Aug 2004.
[F10] fail0verflow, Console Hacking 2010: PS3 Epic Fail, 27th Chaos Communication Congress, Dec 2010.
[F11] Philip W.L. Fong, Relationship-Based Access Control: Protection Model and Policy Language, ACM Conference on Data and Application Security and Privacy (CODASPY), Feb 2011. (Use as a reference)
[G12] Matthew Green, Attack of the week: Cross-VM side-channel attacks, A Few Thoughts on Cryptographic Engineering, Oct 2012.
[G15] Matthew Green, Let’s talk about iMessage (again), A Few Thoughts on Cryptographic Engineering, Sep 2015.
[G16] Matthew Green, The limitations of Android N Encryption, A Few Thoughts on Cryptographic Engineering, Nov 2016.
[G16a] Matthew Green, What is Differential Privacy?, A Few Thoughts on Cryptographic Engineering, Jun 2016.
[G17] Andy Greenberg, Software has a Serious Supply-Chain Security Problem, Wired, Sep 2017.
[G18] Matthew Green, Apple in China: who holds the keys?, A Few Thoughts on Cryptographic Engineering, Jan 2018.
[G19] Chris Gilliard, Privacy’s not an abstraction, Fast Company, Mar 2019.
[GST13] Daniel Genkin, Adi Shamir, and Eran Tromer, RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, Dec 2013.
[GW96] Ian Goldberg and David Wagner, Randomness and the Netscape Browser, Dr. Dobb’s Journal, Jan 1996.
[HSH+09] J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten, Lest We Remember: Cold Boot Attacks on Encryption Keys, Proceedings of USENIX Security Symposium, Sections 1–4 and 7–8, Jul 2009.
[I09] Immunity Inc., Cloudburst, Black Hat USA, Jun 2009. (Skim for main ideas)
[J01] Trevor Jim, SD3, May 2001.
[J01a] Trevor Jim, SD3: A trust management system with certified evaluation, May 2001. (Use as a reference)
[J18] Nolen Johnson, Qualcomm’s Chain of Trust, The LineageOS Project, Sep 2018.
[K08] John Krumm, A Survey of Computational Location Privacy, Personal and Ubiquitous Computing, Oct 2008.
[K96] Paul Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Advances in Cryptology, Aug 1996.
[KJJ99] Paul Kocher, Joshua Jaffe, and Benjamin Jun, Differential Power Analysis, Advances in Cryptology, Aug 1999. (Skim for main ideas)
[L23] Ijlal Loutfi, TPM-backed Full Disk Encryption is coming to Ubuntu, Canonical Ubuntu Blog, Sep 2023.
[LLV07] Ninghui Li, Tiancheng Li, and Suresh Venkatasubramanian, t-Closeness: Privacy Beyond k-Anonymity and l-Diversity, Proceedings of IEEE International Conference on Data Engineering (ICDE), Apr 2007.
[LMW02] Ninghui Li, John C. Mitchell, and William H. Winsborough, Design of A Role-based Trust-management Framework, ACM Conference on Computer and Communications Security (CCS), Sections 1–5, May 2002. (Use as a reference)
[M09] Jeff Moser, A Stick Figure Guide to the Advanced Encryption Standard, Moserware, Acts 1–3, Sep 2009.
[M13] Moxie Marlinspike, We Should All Have Something To Hide, Jun 2013.
[MR17] Brendan McMahen and Daniel Ramage, Federated Learning: Collaborative Machine Learning without Centralized Training Data, Google Research Blog, Apr 2017.
[P09] Conrado Porto Lopes Gouvêa, Understanding the Montgomery reduction algorithm, Alice and Bob in Cryptoland (via Internet Archive), Dec 2009.
[R09] Joanna Rutkowska, Evil Maid goes after TrueCrypt, The Invisible Things Lab’s blog, Oct 2009.
[R18] Kenneth W. Regan, Doing Mod N Via Mod R, Gödel’s Lost Letter and P=NP, Feb 2018.
[RR21] Jordan Robertson and Michael Riley, The Long Hack: How China Exploited a U.S. Tech Supplier, Bloomberg, Feb 2021.
[RR98] Michael K. Reiter and Aviel D. Rubin, Crowds: Anonymity for Web Transactions, ACM Transactions on Information and System Security (TISSEC), Nov 1998.
[RTS+09] Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, ACM Conference on Computer and Communications Security (CCS), Nov 2009.
[S06] Bruce Schneier, The Value of Privacy, Schneier on Security, May 2006.
[S06a] Bruce Schneier, Why Everyone Must Be Screened, Schneier on Security, Oct 2006.
[S08] Daniel J. Solove, “I’ve Got Nothing to Hide” and Other Misunderstandings of Privacy, San Diego Law Review, Feb 2008.
[S12] Richard E. Smith, A Contemporary Look at Saltzer and Schroeder’s 1975 Design Principles, IEEE Security & Privacy, Nov 2012.
[S15] Dave Shackleford, Combatting Cyber Risks in the Supply Chain, SANS Whitepaper, Sep 2015.
[S15a] Peter Schwabe, Eliminating Timing Side-Channels, ShmooCon, Jan 2015. Talk available here.
[S17] Bruce Schneier, Tracking People Without GPS, Schneier on Security, Dec 2017.
[SMK+16] Raphael Spreitzer, Veelasha Moonsamy, Thomas Korak, and Stefan Mangard, Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices, arXiv:1611.03748 [cs.CR], particularly Sections III–VI and VIII, Nov 2016.
[T16] Sami Tolvanen, Strictly Enforced Verified Boot with Error Correction, Android Developers Blog, Jul 2016.
[T18a] Tor Project, Tor: Overview, Tor Documentation, Mar 2018.
[T84] Ken Thompson, Reflections on Trusting Trust, Communications of the ACM, Aug 1984.
[TCD+10] Eran Toch, Justin Cranshaw, Paul Hankes Drielsma, Janic Y. Tsai, Patrick Gage Kelley, James Springfield, Lorrie Cranor, Jason Hong, and Norman Sadeh, Empirical Models of Privacy in Location Sharing, ACM International Conference on Ubiquitous Computing (UbiComp), Sep 2010.
[V18] VeraCrypt, VeraCrypt, Technical details. (Use as a reference)
[W14] Wiki Wiki Web, The Ken Thompson Hack, Wiki Wiki Web, Aug 2014.
[W16] Chester Wisniewski, NIST’s new password rules—what you need to know, Sophos Naked Security, Aug 2016.
[WGL+17] Liang Wang, Paul Grubbs, Jiahui Lu, Vincent Bindschaedler, David Cash, and Thomas Ristenpart, Side-Channel Attacks on Shared Search Indexes, IEEE Symposium on Security & Privacy (S&P), Sections I–II, VII–IX, May 2017.
[ZJG21] Maximilian Zinkus, Tushar Jois, and Matthew Green, Data Security on Mobile Devices, securephones.io, Jan 2021.
[ZJR+12] Yinqian Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart, Cross-VM Side Channels and Their Use to Extract Private Keys, ACM Conference on Computer and Communications Security (CCS), Sections 1–3 and 7–8, Oct 2012.
Expect 2 to 4 homeworks, each with a ~1-week deadline. Homework assignments will primarily be written, and may include structured journaling, analyzing readings, or applying lecture material to new scenarios. In your written submission, you will be responsible for discussing real-world privacy issues using our course topics and vocabulary as a critical lens.
Homework will be assigned and submitted via GitHub Classroom. Links will be provided via Canvas.
Expect 3 to 4 projects, each with a 2–3-week deadline. Each project will have programming and written components. You will be asked to write code that helps you study an open-ended privacy issue, then explain your code and interpret its results. In your written submission, you will be responsible for demonstrating that you meaningfully engaged with the material and highlighting what you learned beyond our discussion in lecture.
Projects will be assigned and submitted via GitHub Classroom. Links will be provided via Canvas.
During Lecture 2, we will discuss our goals for the course and collaboratively design an evaluation standard. Our full assessment matrix will be posted to Canvas.
Throughout the semester, you will write several reflections. The first will ask you to reflect on the goals we develop as a group and apply them by discussing your own individual goals. Later reflections will ask you to evaluate your performance, referring to your specific course goals, work you submitted, and feedback you received. You will be asked to grade your work in the course on the “letter grade” scale and support your suggested grade using concrete evidence from your portfolio of deliverables, alongside our assessment matrix. You will receive feedback on your preliminary reflections geared toward helping you continue to grow toward your course goals.
The Final Reflection will be the last submitted deliverable toward the end of the semester and will be used to assign a letter grade for your overall work in the course. The schedule for unreleased assignments is tentative; see Canvas for specific dates once assignments are released.