Selected Topics in IT-Security (FSS 2018)

Background and Learning Objectives

The large-scale deployment of Internet-based services and the open nature of the Internet come alongside with the increase of security threats against existing services. As the size of the global network grows, the incentives of attackers to abuse the operation of online applications also increase and their advantage in mounting successful attacks becomes considerable.

These cyber-attacks often target the resources, availability, and operation of online services. In the recent years, a considerable number of online services such as Amazon, CNN, eBay, and Yahoo were hit by online attacks; the losses in revenues of Amazon and Yahoo were almost 1.1 million US dollars. With an increasing number of services relying on online resources, security becomes an essential component of every system.

This course aims to increase the security awareness of students and offers them a basic understanding with respect to a variety of interesting topics. After this course, students will be able to (1) learn about symmetric and asymmetric encryption schemes, (2) classify and describe vulnerabilities and protection mechanisms of popular network protocols, web protocols, and software systems (3) analyze / reason about basic protection mechanisms for modern OSs, software and hardware systems.

Lecture Topics

  • Bitcoin & Blockchain
  • Password Security
  • Biometric Authentication
  • Symmetric and Asymmetric Crypto
  • Side Channels
  • TLS
  • TOR
  • WEP / WPA / WPA2
  • System Security
  • Spam & Social Engineering
  • Mail Spoofing & Mail Encryption
  • Web Security & SQL Injection & XSS
  • Buffer Overflows & Meltdown/Spectre
  • Malware & Trusted Computing

Lecture and Exercise Timetable

Please note: you will have to bring your own laptop to the exercises!

The exercise system can be found here after the first lecture:

Tentative Lecture Agenda
13.02.15:30 - 18:45B6, A101Bitcoin & Blockchain, OrganizationalKarame, Gorke
20.02.15:30 - 17:00B6, A101Password Security & Biometric AuthenticationGorke/Armknecht
20.02.17:15 - 18:45B6, A101ExerciseGorke
27.02.15:30 - 18:45B6, A101CryptoKarame
06.03.15:30 - 17:00B6, A101Side ChannelsKarame
06.03.17:15 - 18:45B6, A101ExerciseGorke/Karame
13.03.15:30 - 18:45B6, A101TLSKarame
20.03.15:30 - 17:00B6, A101IPSEC & VPN & TORArmknecht
20.03.17:15 - 18:45B6, A101ExerciseGorke/Müller
10.04.15:30 - 17:00B6, A101WEP/WPA/WPA2Armknecht
10.04.17:15 - 18:45B6, A101ExerciseGorke/Müller
17.04.15:30 - 18:45B6, A101System Security & Spam & Social EngineeringArmknecht
24.04.15:30 - 17:00B6, A101Mail Spoofing & Mail EncryptionArmknecht
24.04.17:15 - 18:45B6, A101ExerciseGorke/Müller
08.05.15:30 - 18:45B6, A101Web Security & SQL Injection & XSSKarame
15.05.15:30 - 17:00B6, A101Buffer Overflow & Meltdown/SpectreArmknecht
15.05.17:15 - 18:45B6, A101ExerciseGorke/Müller
22.05.15:30 - 18:45B6, A101Malware & Trusted ComputingKarame
29.05.15:30 - 17:00B6, A101Right Management / Guest LectureArmknecht/TBA
29.05.17:15 - 18:45B6, A101Exercise + Q&Aall


You need to achieve at least 40% of the exercise points of the first half of the semester, and 40% of the exercise points of the second half of the semester to participate in the exam. You can track your progress in the ITSec-Flag-System. You will receive an exercise points notification via mail on 12.04.2018 and 31.05.2018, respectively.

Exam Date: tba.

Exam Room: tba.


To inform you about announcements like room changes, please join this course on ILIAS.

You will also find the lecture slides there available for download.

Exercise Sheets

Exercise Files