CSE 209B: Transport Layer Security

Winter 2016

Instructor: Hovav Shacham, hovav@cs.ucsd.edu
Lectures: Mondays, Wednesdays, and Fridays, 2:00–2:50 PM in WLH 2114.
(Most Friday lectures canceled, see course calendar)
Office hours: Tuesdays, 10:00 AM–1:00 PM in EBU3B 3124.

Overview

This course will study the design, implementation, and deployment of the TLS protocol, formerly called SSL.

Recommended preparation includes coursework in cryptography (CSE 107 or equivalent), security (CSE 127 or equivalent), operating systems (CSE 120 or equivalent), and networking (CSE 123 or equivalent).

Before each lecture, you are to read and be prepared to discuss all readings assigned. The course calendar lists the readings:

Calendar and Readings

Announcements

Please sign up for two units of CSE209B.

Programming Project

As a class, we will modernize Eric Rescorla’s ssldump utility. Our working repository will be on GitHub.

Our goal is to clean up the code and to add support for TLS versions and extensions added since 2002.

TLS Working Group Resources

TLS References

Peter Gutmann, X.509 Style Guide, 2000.
Eric Rescorla, SSL and TLS, Addison-Wesley, 2001
Ivan Ristic, Bulletproof SSL and TLS, Feisty Duck, 2015

Other Recommended References

Ross Anderson, Security Engineering, 2nd ed., Wiley, 2008
Dan Boneh and Victor Shoup, A Graduate Course in Applied Cryptography, book draft, 2015.
Peter Gutmann, Engineering Security, book draft, 2014
Michal Zalewski, The Tangled Web, No Starch, 2011

TLS Implementations

OpenSSL · BoringSSL · LibreSSL · NSS · GnuTLS · Microsoft Schannel · Apple Secure Transport · Bouncy Castle · SunJSSE · cryptlib · RSA BSAFE · Amazon s2n · Not-Quite-So-Broken