Security Books
Recommended Textbooks
There are three recommended textbooks (not required!) for this course. In addition, we have a number of other suggestions collected over previous years.
- Katz, Jonathan, and Yehuda Lindell. Introduction to Modern Cryptography. Chapman and Hall / CRC, 2007. ISBN: 9781584885511. [Preview with Google Books]
- Ferguson, Niels, Bruce Schneier, and Tadayoshi Kohno. Cryptography Engineering: Design Principles and Practical Applications. Wiley, 2010. ISBN: 9780470474242.
- Paar, Christof, and Jan Pelzl. Understanding Cryptography: A Textbook for Students and Practitioners. Springer, 2011. ISBN: 9783642041006. [Preview with Google Books]
Other Suggested Textbooks
- Stamp, Mark. Information Security: Principles and Practice. John Wiley & Sons, 2011. ISBN: 9780470626399. [Preview with Google Books]
- Menezes, Alfred, Paul van Oorschot, and Scott Vanstone. Handbook of Applied Cryptography. CRC Press, 1996. ISBN: 9780849385230. [Preview with Google Books]
This is a very comprehensive book. The best part is that you can download this book online! The hardcopy is very convenient though. - Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, and Source Code in C. 2nd ed. John Wiley & Sons, 1996. ISBN: 9780471117094.
This is the best book to read for an introduction to applied security and cryptography. There is much less math than the book by Menezes et al. Sometimes statements are made without much justification, but no other book even compares to this comprehensive introduction to cryptography. The bibliography alone is worth buying the book. - Paar, Christof, and Jan Pelzl. Understanding Cryptography: A Textbook for Students and Practitioners. Springer, 2011. ISBN: 9783642041006. [Preview with Google Books]
- Anderson, Ross. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, 2001. ISBN: 9780471389224.
An excellent book on security in real world systems. - Stinson, Douglas. Cryptography: Theory and Practice. Chapman and Hall / CRC, 2005. ISBN: 9781584885085. [Preview with Google Books]
This used to be required for 6.875, the theory of cryptography class at MIT. - Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons, 2004. ISBN: 9780471253112. [Preview with Google Books]
Schneier used to advocate good cryptography as the solution to security problems. He has since changed his mind. Now he talks about risk management and cost-benefit analysis. - Rescorla, Eric. SSL and TLS: Designing and Building Secure Systems. Addison-Wesley, 2001.
The only book you need to read to learn about the evolution, politics, and bugs in the development of SSL. Eric's a swell guy too; buy his book. - Neumann, Peter. Computer Related Risks. Addison-Wesley Professional, 1994. ISBN: 9780201558050. [Preview with Google Books]
Power grid failures. Train collisions. Primary and backup power lines blowing up simultaneously. These events aren't supposed to happen! Neumann offers a plethora of stories about the risks and consequences of technology, gathered from his Risks mailing list. On a side note, Neumann is also responsible for coming up with the pun/name "Unix." - Nielsen, Jakob. Usability Engineering. Morgan Kaufmann, 1993. ISBN: 9780125184069. [Preview with Google Books]
There are a lot of non-intuitive GUIs out there for security products. Anyone making a security product for use by humans should learn about the principles of smart GUIs. - Kaufman, Charlie, Radia Perlman, and Mike Speciner. Network Security: Private Communication in a Public World. 2nd ed. Prentice Hall, 2002. ISBN: 9780130460196. [Preview with Google Books]
The authors discuss network security from a very applied approach. There is a lot of discussion about real systems, all the way down to the IETF RFCs and the on-the-wire bit representations. The authors also have a fun, informal style. - Garfinkel, Simson, and Gene Spafford. Web Security, Privacy & Commerce. O'Reilly Media, 2001. ISBN: 9780596000455. [Preview with Google Books]
It's hard to keep up with all the security software out there. But these authors do a good job documenting it all. Garfinkel was an undergraduate and PhD student at MIT. - Kahn, David. Codebreakers. Signet, 1973. ISBN: 9780451089670.
- Hallam-Baker, Phillip. The dotCrime Manifesto: How to Stop Internet Crime. Addison-Wesley, 2007. [Preview with Google Books]
- Smart, Nigel. Cryptography: An Introduction. 3rd ed. Mcgraw-Hill College, 2004. ISBN: 9780077099879.
- Yan, Song Y., and Martin E. Hellman. Number Theory for Computing. Springer, 2002. ISBN: 9783540430728. [Preview with Google Books]
- Angluin, Dana. Lecture Notes on the Complexity of Some Problems in Number Theory. Yale University, 1982.
Chapters 3–10 provide relevant number theory for the class.
Security Conferences
- USENIX Security Symposium
- ACM Computers, Communications, and Security conference
- CRYPTO
- IEEE Symposium on Security and Privacy
- Network and Distributed System Security Symposium (NDSS)
- Financial Crypto
- USENIX Workshop on Hot Topics in Security (HotSec)
Papers
Most of the reading material in 6.857 comes from conferences on computer and network security. Here is a list of the papers we hope to discuss; we won't have time for everything. Send us a note if you see a paper that greatly interests you.
- Why Johnny Can't Encrypt: Security GUI
- Logical Key Distribution (LKH): Multicast group key establishment
- Revocation and Tracing Schemes for Stateless Receivers
- Mao, Wenbo, and Colin Boyd. "On the Use of Encryption in Cryptographic Protocols." University of Manchester (1995).
- End-to-End Authorization
- SSH: remote login
- Rex: Remote login through file descriptor passing
- Identity-based encryption
- Timing Analysis of Keystrokes and Timing Attacks on SSH
- Security in Plan 9
- Infranet: Circumventing Web censorship and surveillance
- Inferring Internet DoS Activity
- Xbox hacking
- Privilege separation
- Stackguard
Miscellaneous
- CSAIL Security Seminar: Attend the seminar talks if you are interested in current security research.
- The 6.033 textbook, particularly the chapter on Information security (PDF).
- IEEE CIPHER newsletter
- Schneier's CRYPTOGRAM
- comp.risks archive via UseNet contains the latest few issues, it can also be browsed via Discuss.
- sci.crypt archive via UseNet contains discussion of cryptography. A lot of the stuff is questions by people unfamiliar with the topic or just starting out, but there are sometimes useful postings in there too.
- Ron Rivest's Cryptography Page has lots of links.
- CERT is responsible for helping disseminate information on security problems with computer systems.
- Phrack is an electronic publication aimed at electronic hackers; read and enjoy, but don't abuse.
- alt.2600 is yet another hacker publication, which also has a splufty web page.