6.857: Computer and Network Security

References

Related MIT Courses

• 6.858: Computer Systems Security
• 6.875: Cryptograpy & Cryptanalysis
• 18.783: Elliptic Curves

Security books

There are three recommended textbooks (not required!) for this course. In addition, we have a number of other suggestions collected over previous years. You're welcome to send us suggestions if you find a security book you think should be on this list.

• Mark Stamp Information Security: Principles and Practice John Wiley & and Sons 2006
• Alfred Menezes, Paul van Oorschot, Scott Vanstone Handbook of Applied Cryptography CRC Press 1997 This is a very comprehensive book. The best part is that you can download this book online! The hardcopy is very convenient though.
• Bruce Schneier Applied Cryptography, 2nd Edition John Wiley & Sons 1996 This is the best book to read for an introduction to applied security and cryptography. There is much less math than the book by Menezes et al. Sometimes statements are made without much justification, but no other book even compares to this comprehensive introduction to cryptography. The bibliography alone is worth buying the book.
• Christof Paar and Jan Pelzl Understanding Cryptography Springer 2010 This is a new book. Initial impressions are good, but if you decide to look at it, we'd appreciate your feedback about it to see if it's good to use in this course!
• Ross Anderson Security Engineering John Wiley & Sons 2001 An excellent book on security in real world systems.
• Douglas Stinson Cryptography Theory and Practice CRC Press 1995 This used to be required for 6.875, the theory of cryptography class at MIT.
• Bruce Schneier Secrets and Lies John Wiley & Sons 2000 Schneier used to advocate good cryptography as the solution to security problems. He has since changed his mind. Now he talks about risk management and cost-benefit analysis.
• Eric Rescorla SSL and TLS: Designing and Building Secure Systems Addison-Wesley 2001 The only book you need to read to learn about the evolution, politics, and bugs in the development of SSL. Eric's a swell guy too; buy his book.
• Peter Neumann Computer Related Risks Addison-Wesley 1995 Power grid failures. Train collisions. Primary and backup power lines blowing up simultaneously. These events aren't supposed to happen! Neumann offers a plethora of stories about the risks and consequences of technology, gathered from his Risks mailing list. On a side note, Neumann is also responsible for coming up with the pun/name "Unix."
• Jakob Nielsen Usability Engineering Academic Press 1993 There are a lot of non-intuitive GUIs out there for security products. Anyone making a security product for use by humans should learn about the principles of smart GUIs.
• Charlie Kaufman, Radia Perlman, Mike Speciner Network Security: Private Communication in a Public World, 2nd Edition Prentice Hall 2002 The authors discuss network security from a very applied approach. There is a lot of discussion about real systems, all the way down to the IETF RFCs and the on-the-wire bit representations. The authors also have a fun, informal style.
• Simson Garfinkel, Gene Spafford Web Security, Privacy & Commerce O'Reilly 2002 It's hard to keep up with all the security software out there. But these authors do a good job documenting it all. Garfinkel was an undergraduate and PhD student at MIT.
• David Kahn The Codebreakers Scribner 1973
• Phillip Hallam-Baker The dotCrime Manifesto: How to Stop Internet Crime Addison-Wesley 2008
• Jonathan Katz, Yehuda Lindell Introduction to Modern Cryptography Chapman & Hall/CRC Press 2007 This book contains broad coverage of cryptography. (This is one of the recommended books this year.)
• Nigel Smart Cryptography: An Introduction, 3rd Edition 2008
• Song Y. Yan and Martin E. Hellman Number Theory for computing Springer 2002
• Dana Angluin Lecture Notes on the Complexity of Some Problems in Number Theory Chapters 3-10 provide relevant number theory for the class 1982

Security Conferences

• USENIX Security Symposium
• ACM Computers, Communications, and Security conference
• CRYPTO
• IEEE Symposium on Security and Privacy
• Network and Distributed System Security Symposium (NDSS)
• Financial Crypto
• Workshop on Information Hiding
• USENIX Workshop on Hot Topics in Security (HotSec)

Papers

Most of the reading material in 6.857 comes from conferences on computer and network security. Here is a list of the papers we hope to discus; we won't have time for everything. Send us a note if you see a paper that greatly interests you.

• Why Johnny Can't Encrypt: Security GUI [ PDF, PS, HTML ]
• Logical Key Distribution (LKH) : multicast group key establishment
• Revocation and Tracing Schemes for Stateless Receivers
• On the use of encryption in cryptographic protocols
• End-to-End Authorization
• SSH: remote login
• Rex: remote login through file descriptor passing
• Identity-based encryption
• Timing Analysis of Keystrokes and Timing Attacks on SSH
• Security in Plan 9
• Infranet: Circumventing Web censorship and surveillance
• Inferring Internet DoS Activity
• Xbox hacking
• Privilege separation
• Stackguard

Miscellaneous

• CSAIL Security Seminar: attend the seminar talks if you are interested in current security research.
• The 6.033 textbook, particularly the chapter on Information security.
• Crypto links
• Security courses at other institutions
• Citeseer
• IEEE CIPHER newsletter
• Schneier's CRYPTOGRAM
• comp.risks archive via UseNet contains the latest few issues, it can also be browsed via Discuss
• sci.crypt archive via UseNet contains discussion of cryptography. A lot of the stuff is questions by people unfamiliar with the topic or just starting out, but there are sometimes useful postings in there too
• Ron Rivest's Cryptography Page has lots of links
• CERT is responsible for helping disseminate information on security problems with computer systems
• Phrack is an electronic publication aimed at electronic hackers; read and enjoy, but don't abuse
• alt.2600 is yet another hacker publication, which also has a splufty web page