Selected Topics in IT-Security (FSS 2017)

Lecturers: Prof. Dr. Frederik Armknecht, Dr. Ghassan Karame

Teaching Assistants: Christian Gorke, Christian Müller

Exam Schedule/Technique: Oral exam. Date: 09.06.2017. Room: B6, 26, B2.04.

 

 

Background and Learning Objectives

The large-scale deployment of Internet-based services and the open nature of the Internet come alongside with the increase of security threats against existing services. As the size of the global network grows, the incentives of attackers to abuse the operation of online applications also increase and their advantage in mounting successful attacks becomes considerable.

These cyber-attacks often target the resources, availability, and operation of online services. In the recent years, a considerable number of online services such as Amazon, CNN, eBay, and Yahoo were hit by online attacks; the losses in revenues of Amazon and Yahoo were almost 1.1 million US dollars. With an increasing number of services relying on online resources, security becomes an essential component of every system.

This course aims to increase the security awareness of students and offers them a basic understanding with respect to a variety of interesting topics. After this course, students will be able to (1) learn about symmetric and asymmetric encryption schemes, (2) classify and describe vulnerabilities and protection mechanisms of popular network protocols, web protocols, and software systems (3) analyze / reason about basic protection mechanisms for modern OSs, software and hardware systems.

 

Content Description

This lecture covers the security of computer, software systems, and tamper resistant hardware. The course starts with a basic introduction on encryption functions, spanning both symmetric and asymmetric encryption techniques, IBE encryption and Zero-Knowledge proofs, and discusses reported side-channel attacks. The course then continues with a careful examination of wired and wireless network security issues, and web security threats and mechanisms. This part also extends to analysis of buffer overflows. Finally, the course also covers a set of selected security topics such as trusted computing and electronic voting.

 

Topics:

  • Encryption Schemes (Private Key vs. Public Key, Block cipher security)
  • IBE Encryption and Zero Knowledge Proofs
  • Side channel attacks
  • Network Security
  • Wireless Security
  • Web Security (SQL, Cross-Site Scripting)
  • Buffer Overflows
  • Malware & Botnets
  • Trusted computing
  • Electronic Voting

Lecture and Exercise

Please note: you will have to bring your own laptop to the exercises!

The exercise scoreboard can be found here: http://itsec.informatik.uni-mannheim.de.

Tentative Lecture Agenda
DateTimeRoomContentLecturer
Feb. 1415:30 - 18:45B6, A101Intro To Symmetric CryptoArmknecht
Feb. 2115:30 - 17:00B6, A101WEP/WPA SecurityArmknecht
Feb. 2117:15 - 18:45B6, A101ExerciseGorke/Müller
Feb. 2815:30 - 18:45B6, A101Asymmetric Crypto & Side ChannelsKarame
Mar. 0715:30 - 17:00B6, A101IPSEC & VPNArmknecht
Mar. 0717:15 - 18:45B6, A101ExerciseGorke/Müller
Mar. 1415:30 - 18:45B6, A101TLSKarame
Mar. 2115:30 - 17:00B6, A101Spam & Phishing & Social Engineering & Mail SpoofingArmknecht
Mar. 2117:15 - 18:45B6, A101ExerciseGorke/Müller
Mar. 2815:30 - 18:45B6, A101SQL Injection & XSSKarame
Apr. 0415:30 - 18:45B6, A101OS Security & Rights ManagementArmknecht
Apr. 2515:30 - 18:45B6, A101Malware & Botnet & Trusted ComputingKarame
May 0215:30 - 17:00B6, A101Password-based Security & Biometric AuthenticationArmknecht
May 0217:15 - 18:45B6, A101ExerciseGorke/Müller
May 0915:30 - 18:45B6, A101BitcoinKarame
May 1615:30 - 18:45B6, A101Blockchain and other AltcoinsKarame
May 2315:30 - 17:00B6, A101Buffer OverflowArmknecht
May 2317:15 - 18:45B6, A101ExerciseGorke/Müller
May 3015:30 - 17:00B6, A101Guest Lecture: Pentesting & Digital ForensicsA. Dewald (ERNW)
May 3017:15 - 18:45B6, A101Exercise + Q&AGorke/Müller

Exam

The oral exam takes place on Friday, June 9, 2017, in room B6, 26, B2.04.

ILIAS

To inform you about recent exercise sheets and announcements like room changes, please join this course on ILIAS.

Exercise Sheets

  • ex 1.pdfExercise Sheet 1, 14.02.2017124 K
  • ex 2.pdfExercise Sheet 2, 28.02.2017144 K
  • ex 3.pdfExercise Sheet 3, 14.03.2017117 K
  • ex 4.pdfExercise Sheet 4, 25.04.201793 K
  • ex 5.pdfExercise Sheet 5, 16.05.2017171 K
  • ex 6.pdfExercise Sheet 6, 29.05.201756 K

Exercise Files & Lesson Slides

  • ExLesson1.pdfExercise Lesson 1 (21.02.2017), Slides1.0 M
  • flag1.zip!UPDATED on 2017-02-21 2021h! Exercise Lesson 1 (21.02.2017), Zip 1266
  • flag2.zip!UPDATED on 2017-02-21 2021h! Exercise Lesson 1 (21.02.2017), Zip 2220
  • flag3.zip!UPDATED on 2017-02-21 2021h! Exercise Lesson 1 (21.02.2017), Zip 3220
  • flag4.zip!UPDATED on 2017-02-21 2021h! Exercise Lesson 1 (21.02.2017), Zip 4220
  • flag5.zip!UPDATED on 2017-02-21 2021h! Exercise Lesson 1 (21.02.2017), Zip 5236
  • itsec-2-1-b.capExercie Sheet 2, 2.1 b) Capture File37 K
  • students.ovpnExercie Sheet 2, 2.4 b) Capture File9.9 K
  • ExLesson2.pdfExercise Lesson 2 (07.03.2017), Slides2.4 M
  • ExLesson2.capExercise Lesson 2 (07.03.2017), WEP-cracking4.4 M
  • ExLesson3.pdfExercise Lesson 3 (21.03.2017), Slides3.3 M
  • ExLesson4.pdfExercise Lesson 4 (02.05.2017), Slides756 K
  • ExLesson5.pdfExercise Lesson 5 (23.05.2017), Slides631 K
  • ExLesson6.pdfExercise Lesson 6 (30.05.2017), Slides2.6 M