Litteratur
The course literature consists of the lecture slides and following reading material that is marked as mandatory.
Forensics:
Mandatory reading
- FAT12 Overview, Good summarize for understading
- FAT12 Documentation, Thorough description of the FAT 12 format
- Forensics of mobile phone internal memory: by Svein Y. Willassen. Norwegian University of Science and Technology
- A Hierarchical, Objectives-Based Framework for the Digital Investigations Process, Nicole Beebe, Jan Clark, DFRWS 2004
- Altheide Video The death of computer forensics
Background reading (not compulsary reading)
- http://www.c-jump.com/CIS24/Slides/FAT/lecture.html, Nice explanation of FAT12
- Video on steganography using images: construction and detection.
- Forensics of data in Flash memory
- Digital Evidence and Computer Crime, 2nd edition, Eoghan Casey, 2004, Academic Press
- Lest We Remember: Cold Boot Attacks on Encryption Keys:
- Bender et all, Techniques for data hiding
Secure networking:
Mandatory reading
- Comparison between RADIUS and Diameter, A Hosi, HUT, Finland, 2003.
- Cryptography in an all encrypted world , C. Jost, et al, Ericsson Review, Dec 2015.
- Application Layer Security for the Internet of Things, G Selander, F Palombini, J Mattsson, L Seitz, unpublished (read project B description how to access this file)
- Understanding the Mirai Botnet, M Antonakakis, et all, Usenix, Aug. 2017.
Background reading
- ETSI workshop on PQC http://www.etsi.org/images/files/Events/2014/201410_Crypto/e-proceedings-QSC-14.pdf
- Object Security in Web of Things, J Mattsson, G Selander, 2014, W3 Org.
LTE Security:
Mandatory reading
- 3GPP spec: 3GPP System Architecture Evolution (SAE); Security architecture
-
•LTE Security, D. Forsberg, et al, Wiley, 2010. Very good but only if you are really interested.
Crypto:
Mandatory reading
- Cryptography in an all encrypted world , Ericsson Review, Dec 2015
Reference/background reading (a bit dated in some parts but still very usefull)
Trusted computing:
Mandatory reading
- Mobile Trusted Computing, Ansokan et all
- SGX: Innovative Instructions and Software Model for Isolated Execution
The below article will be part of material of the last area quiz
- Secure VM lauch: Trusted Launch of Virtual Machine Instances in Public IaaS Environments, Gehrmann, et all
Background reading
- TCG specification on TPM (note there are specs for TPM versions 1.2 and 2.0)
- Guidelines on Hardware-Rooted Security for Mobile devices, NIST draft
- Security Analysis of Dockers: http://arxiv.org/pdf/1501.02967.pdf
- HSM, An Overview of Hardware Security Modules, brief description
- TPM software: TPM Software to test: http://ibmswtpm.sourceforge.net/
- SGX: Intel Tutorial on SGX, 2015
- SGX: Video Standford by Frank McKeen
- TrustZone: Samsung Knox
- TrustZone: Reflections, from Blackhat conference
-
Mifare (Little Security, Despite Obscurity), Karsten Nohl, Henryk Plötz
- RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication, 3rd Edition
Klaus Finkenzeller, Dorte Muller (Translated by) Wiley, June 2010 - New Algorithms about learning in the presence of errors, Sanjeev Arora
Rong Ge, Princeton
Trusted Computing applied:
- ICT Infrastructure
- Trusted computing in infrastructure: Trusted Infrastructure
- Cloud:
- OpenStack Trustpools:
Homomorphic Encryption
SW security:
Mandatory reading
-
Secure VM launch: http://soda.swedishict.se/5467/3/protocol.pdf
-
Video: First 44 minutes of Rustan Leino, Microsoft Research - Program Verification: Yesterday, Today, Tomorrow
Background reading
- List of static code analysis
- Proving the correctness of an OS kernel, G. Heiser, Dr Dobbs, 2010
- Understanding Software Annotation Language (SAL), Microsoft.
- Verifast, the program verifier, code