# CS 459/698
**Source**: https://crysp.uwaterloo.ca/courses/data-sp/F25/index.html
**Parent**: https://crysp.uwaterloo.ca/courses/
## CS 459/698 - Privacy, Cryptography, Network and Data Security - Fall 2025
\
- [**Detailed Schedule**](https://crysp.uwaterloo.ca/courses/data-sp/F25/schedule.html)
\
- [**Piazza Discussion Forum**](https://piazza.com/uwaterloo.ca/fall2025/cs459698)
\
- [**Course Outline**](https://outline.uwaterloo.ca/viewer/view/nbdnjz)
\
- [**Course LEARN Homepage**](https://learn.uwaterloo.ca/d2l/home/1169533)
## Syllabus
| | |
| --- | --- |
| **Instructor** | [Urs Hengartner](https://cs.uwaterloo.ca/~uhengart) |
| **E-mail** | [urs.hengartner@uwaterloo.ca](mailto:urs.hengartner@uwaterloo.ca) |
| |
| **TAs** | Alim Dhanani |
| | Anais Huang |
| | Zhiao Wei |
|| **Lecture times and location** | Tuesdays and Thursdays 8:30-9:50am in MC 1056 |
| |
| **Office Hours** |
| Instructor: | Tuesdays 11:30am-12:30pm in DC 3526 | |
| TAs: | Assignment dependent, see released assignment. | |
***Disclaimer:**This syllabus is a guideline for the course and not a contract. As such, its terms maybe altered when
doing so is, in the opinion of the instructor(s), in the best interests of the class.*
### Course Description
This course provides an introduction to data privacy and security, using cryptography and related
techniques in networks, distributed systems, and data science. It examines how data and meta-data
can be protected at rest, in transit, and during computation. Students completing this course should
be able to use and deploy data security and privacy protection technologies in networks and (distributed)
data science environments. In layman terms, this course shows you how to benefit from the Internet and
machine learning and still preserve individuals' privacy.
**Learning outcomes:** By the end of this course students should be able to:
- • Evaluate the use of cryptography to protect data assets in storage, transit, and use- • Analyze security and privacy threats to data assets, including the privacy level of
various data release mechanisms, privacy-utility trade-offs, and statistical inference attacks to infer sensitive information- • Evaluate the use of network security hardware and software to protect data assets in transit and use.- • Compare various network security mechanisms, and articulate their advantages and limitations.
### Course Outline
**Foundation - Protected at rest:**
- • Intro security/privacy
- • Ethics/policy relevant to this course
- • Basics of cryptography
- • Symmetric encryption
- • Hash functions, MAC
- • Public key encryption (RSA)
- • Semantic security, etc.
**Networks - Protected in transit:**
- • Network Security Primer: Firewalls, Intrusion Detection, Honeypots
- • Authentication Failures: Spoofs (IP, user ids), rerouting attacks (DNS, etc.)
- • Authentication Primer (Needham-Schroeder/Kerberos, SAML, etc.), PAKE
- • PKI, DH, DNSSEC
- • Confidentiality Failures: Snooping, Web tracking (cookies), fingerprinting
- • TLS, VPN, WPA2
- • Tor, Mixes, Secure email and messaging (Signal, PGP, etc.)
- • Traffic analysis
- • Network covert channels
**Data - Protected during computation:**
- • Data Security: Inference attacks (leakage from function output, background information, side channels)
- • k-Anonymity, l-diversity, (t-plausibility)
- • Differential privacy (Laplace, etc.)
- • Private machine learning
- • Homomorphic encryption
- • Intro to MPC, PSI, PIR
### Grading Scheme
Grades for this course will be calculated as follows:
| | |
| --- | --- |
| 60% | Homework assignments (20%, 20%, 20%) |
| 20% | Midterm (held in class) |
| 20% | Final assessment (during exam season) |
**For graduate students:** the above scaled to 80% + 20% survey paper
**Midterm and Final Assessment:**
These assessments are written-only (no programming) but may cover any material taught
until each assessment's date. If a student misses the midterm, its weight will be shifted
to the final exam. Final grades will be available after the end of term
through LEARN.
#### Assignments:
The three assignments are meant to be completed individually.
The assignments are based on a mix of theory (written) and practical (programming) exercises. Students
will leverage the knowledge and techniques presented in the lectures for completing
the assignments.
The assignments are due at 3:00 pm Eastern Time on their respective due dates. Please start working on
the assignments in advance of the deadlines. Late submissions for Assignments 1, 2, and 3 will be accepted
only up to 48 hours after the due date. Multiple assignments can be submitted late, including the last one. There is no penalty for accepted late submissions. Assignments
can be submitted multiple times, and the last one will be used for marking. Course personnel will not give
assistance for assignments after their due dates, so you are encouraged to respect the due date.
#### Remarking Policy:
If you have an assignment that you would like to have reappraised, please follow the
instructions given on Piazza to submit your request. Include a clear justification for your claims. The
appeals deadline is one week after the respective graded item is first made available. If your appeal is
concerned with a simple calculation error, please see the TA(s) during their office hours.
#### Late/Missed Content:
Please see the [Faculty's Absence declarations](https://uwaterloo.ca/math/absence-declarations) for the different types of absences and the declaration requirements.
For short-term absences (and other types of absences lasting at most 48 hours) that happen before an assignment's due date, students can take advantage of the automatic 48-hour, no-penalty grace period (see above). No further extensions will be granted.
For short-term absences (and other types of absences lasting at most 48 hours) during an assignment's automatic 48-hour, no-penalty grace period, no further extensions will be granted.
For absences lasting more than 48 hours, students should contact the instructor(s) as soon as possible and present valid justification.
If a student misses the midterm, the midterm's weight is shifted to the final assessment to take place during exam season.
#### Research Survey Paper (CS 698):
Students registered in CS 698 must write a research survey paper on a
topic related to data security or privacy. In writing your paper, you must become familiar with the
research literature relevant to your topic. Your focus should be on academic venues, such as the
USENIX Security Symposium, ACM CCS, IEEE Symposium on Security and Privacy, Privacy Enhancing
Technologies Symposium (PETS), or the NDSS Symposium.
Your topic must be approved in advance by the instructor(s) before you submit your full survey at the end of term.
Your proposal should be one page in length and include at least 10 references, preferably
including (but not limited to) papers from the aforementioned venues. Email your proposal to the
instructor(s) by Oct 21.
Your paper should be a summary of past and current work on your topic, as well as an overview
of known open problems and potential future directions in the area. You should provide a concise summary
of work, emphasizing major accomplishments, rather than a detailed accounting of individual pieces of
research activity. Email your final paper to the instructor(s) by Dec 2.
Your proposal and paper paper should be formatted in the two-column ACM proceedings format,
using one of the ACM SIG Proceedings Templates. Your paper should not be longer than six pages. The
ACM templates include headings for “Categories and Subject Descriptors”, “General Terms”, and “Keywords”,
which you do not need to use.
### Textbooks
There is no required textbook. Additional readings may be assigned, and will appear on the course website.
Readings marked as mandatory contain required material for the course. You must read these mandatory readings.
### Communication
Please direct all communication to the Piazza discussion forum.
This includes questions about materials in lectures, assignments, and general logistics.
\
It is your responsibility to keep up with all course-related information posted to LEARN,
the course Piazza forum, and the course website.
#### Etiquette:
Please go through your peers' and the instructor(s)/TAs' notes or comments, before posting a question.
If question doesn't exist and it involves private content (query about grades, partial progress towards solution), then create a private question that is only visible to the instructor(s) and TAs. (The instructor(s) or TAs may make a private question public, possibly after editing it, if they decide that it is of general interest.) Otherwise, in general, create a public one so that your peers can benefit too.
Tag your question with the appropriate folder for the assignment, etc.\
\
#### Email:
Important course information will generally be posted to LEARN, but may also be sent to your uwaterloo.ca email address. For personal matters, such as an illness, please email the instructor(s) directly. We will only reply back to email from your uwaterloo.ca email address, for privacy rules.
---
### General University Policy
- **Academic Integrity**:
In order to maintain a culture of academic
integrity, members of the University of Waterloo community are expected
to promote honesty, trust, fairness, respect and responsibility.
Check the [Office of
Academic Integrity's website](https://uwaterloo.ca/academic-integrity/) for more information.
All members of the UW community are expected to hold to the highest standard
of academic integrity in their studies, teaching, and research.
This site explains why academic integrity is important and how students
can avoid academic misconduct. It also identifies resources available on
campus for students and faculty to help achieve academic integrity in — and
out — of the classroom.
- **Grievance**:
A student who believes that a decision affecting some
aspect of his/her university life has been unfair or unreasonable may
have grounds for initiating a grievance. Read
[Policy 70 — Student Petitions and Grievances](https://uwaterloo.ca/secretariat/policies-procedures-guidelines/policy-70), Section 4.
When in doubt please be certain to contact the department's administrative
assistant who will provide further assistance.
- **Discipline**:
A student is expected to know what constitutes academic
integrity, to avoid committing academic offenses, and to take
responsibility for his/her actions. Check the Office of Academic Integrity for more information.
A student who is unsure whether an
action constitutes an offense, or who needs help in learning how to
avoid offenses (e.g., plagiarism, cheating) or about "rules" for group
work/collaboration should seek guidance from the course professor,
academic advisor, or the Undergraduate Associate Dean. For information on
categories of offenses and types of penalties, students should refer to
[Policy 71 — Student Discipline](https://uwaterloo.ca/secretariat/policies-procedures-guidelines/policy-71). For typical penalties, check
[Guidelines for the Assessment of Penalties](https://uwaterloo.ca/secretariat/policies-procedures-guidelines/guidelines/guidelines-assessment-penalties).
- **Avoiding Academic Offenses**:
Most students are unaware of the line between acceptable and
unacceptable academic behaviour, especially when discussing assignments
with classmates and using the work of other students. For information
on commonly misunderstood academic offenses and how to avoid them,
students should refer to
the [Office of Academic Integrity's site on Academic Misconduct](https://uwaterloo.ca/academic-integrity/academic-misconduct) and
the
[Faculty
of Mathematics Cheating and Student Academic Discipline Policy](https://uwaterloo.ca/math/current-undergraduates/regulations-and-procedures/cheating-and-student-academic-discipline-guidelines).
- **Appeals**:
A decision made or penalty imposed under Policy 70, Student Petitions
and Grievances (other than a petition) or Policy 71, Student
Discipline may be appealed if there is a ground. A student who
believes he/she has a ground for an appeal should refer to [Policy
72, Student Appeals](https://uwaterloo.ca/secretariat/policies-procedures-guidelines/policy-72).
### Note for Students with Disabilities
[AccessAbility
Services](https://uwaterloo.ca/accessability-services/), located in Needles Hall, Room 1401,
collaborates with all academic departments to arrange appropriate
accommodations for students with disabilities without compromising the
academic integrity of the curriculum. If you require academic accommodations
to lessen the impact of your disability, please register with AccessAbility at the
beginning of each academic term.
### Coronavirus Information and Resources
- [Library COVID-19: Updates on library services and operations](https://uwaterloo.ca/library/covid-19-updates-library-services-and-operations)
- [Coronavirus Information for Students](https://uwaterloo.ca/coronavirus/academic-information)
This resource provides updated information on COVID-19 and guidance for accommodations due to COVID-19.
### Mental Health Support
All of us need a support system. We encourage you to seek out
mental health supports when they are needed. Please reach out to [Campus
Wellness and Counselling Services](https://uwaterloo.ca/campus-wellness/counselling-services).\
We understand that these circumstances can be troubling, and you
may need to speak with someone for emotional support. [Good2Talk](https://uwaterloo.ca/campus-wellness/services/good2talk) is
a post-secondary student helpline based in Ontario, Canada that is
available to all students.
### Territorial Acknowledgement
We acknowledge that we live and work on the traditional territory
of the Attawandaron (Neutral), Anishinaabeg, and Haudenosaunee
peoples. The University of Waterloo is situated on the Haldimand
Tract, the land promised to the Six Nations that includes ten
kilometres on each side of the Grand River.