Selected Topics in IT-Security (FSS 2016)

Lecturers: Prof. Dr. Frederik Armknecht, Dr. Ghassan Karame

Teaching Assistant: Christian Reuter

Exercise instructors: Michael Kümmerlin, Christian Müller

Exam Schedule/Technique: Oral exam. Date: See mail. Room: B6, 26, B2.04.

 

 

Background and Learning Objectives

The large-scale deployment of Internet-based services and the open nature of the Internet come alongside with the increase of security threats against existing services. As the size of the global network grows, the incentives of attackers to abuse the operation of online applications also increase and their advantage in mounting successful attacks becomes considerable.

These cyber-attacks often target the resources, availability, and operation of online services. In the recent years, a considerable number of online services such as Amazon, CNN, eBay, and Yahoo were hit by online attacks; the losses in revenues of Amazon and Yahoo were almost 1.1 million US dollars. With an increasing number of services relying on online resources, security becomes an essential component of every system.

This course aims to increase the security awareness of students and offers them a basic understanding with respect to a variety of interesting topics. After this course, students will be able to (1) learn about symmetric and asymmetric encryption schemes, (2) classify and describe vulnerabilities and protection mechanisms of popular network protocols, web protocols, and software systems (3) analyze / reason about basic protection mechanisms for modern OSs, software and hardware systems.

 

Content Description

This lecture covers the security of computer, software systems, and tamper resistant hardware. The course starts with a basic introduction on encryption functions, spanning both symmetric and asymmetric encryption techniques, IBE encryption and Zero-Knowledge proofs, and discusses reported side-channel attacks. The course then continues with a careful examination of wired and wireless network security issues, and web security threats and mechanisms. This part also extends to analysis of buffer overflows. Finally, the course also covers a set of selected security topics such as trusted computing and electronic voting.

 

Topics:

  • Encryption Schemes (Private Key vs. Public Key, Block cipher security)
  • IBE Encryption and Zero Knowledge Proofs
  • Side channel attacks
  • Network Security
  • Wireless Security
  • Web Security (SQL, X-Site Scripting)
  • Buffer Overflows
  • Malware & Botnets
  • Trusted computing
  • Electronic Voting

Lecture and Exercise

  • On 15.02.2016: Monday, 15:30 - 17:00, Room B6, A204 and 17:15 - 18:45, room B6, A203 A102
  • From 22.02.2016 on: Monday, 15:30-18:45, room B6, A10
  • The exercise on 17.05.2016 takes place in room A5, C013.

Please note: you will have to bring your own laptop to the exercises!

The exercise scoreboard can be found here: http://itsec2016.informatik.uni-mannheim.de.

Tentative Lecture Agenda
DateTimeContentLecturer
Feb. 1515:30 - 18:45Intro To CryptoKarame
Feb. 2215:30 - 17:00WEP/WPA SecurityArmknecht
Feb. 2217:15 - 18:45Exercise
Feb. 2915:30 - 18:45Side Channels + Zero-KnowledgeKarame
Mar. 0715:30 - 17:00IPSEC + VPNArmknecht
Mar. 0717:15 - 18:45Exercise
Mar. 1415:30 - 18:45TLSKarame
Apr. 0415:30 - 18:45SQL Injection / XSSKarame
Apr. 1115:30 - 18:45Malware + Botnet + Trusted Computing (was on Apr. 18)Karame
Apr. 1815:30 - 17:00Spam + Phishing + Social Engineering + Mail Spoofing (was on Apr. 11)Armknecht
Apr. 1817:15 - 18:45Exercise (was on Apr. 11)
Apr. 2515:30 - 17:00Password-based Security + Biometric AuthenticationArmknecht
Apr. 2517:15 - 18:45Exercise
May 0215:30 - 18:45OS Security, Rights managementArmknecht
May 0915:30 - 18:45BitcoinKarame
May 1715:30 - 17:00Exercise (room A5, C013)
May 2315:30 - 18:45Blockchain and other AltcoinsKarame
May 3015:30 - 17:00Buffer OverflowArmknecht
May 3017:15 - 18:45Exercise + Q&A

Exam

The exams will take place on June 01 and June 10 2016 (tentative).

If you are eligible for the second oral exam and want to participate, please contact us (reuter(at)uni-mannheim.de) so we can send you the date and time details.

Mailing List

The mailing list does not work anymore. Please contact reuter(at)uni-mannheim.de if you have any questions or if you want to participate on the second oral exam.

Lecture Slides

Exercise Sheets

Exercise Lesson Slides & Files