News

Mailing List

There exits now a mailing list for the lecture. To join the mailing list, please register at:

http://th.informatik.uni-mannheim.de/mailman/listinfo/itsec-fss2014

To send an email to the mailing list, please use the following mailing address:

itsec-fss2014(at)th.informatik.uni-mannheim.deitsec-fss2014(at)th.informatik.uni-mannheim.deitsec-fss2014(at)th.informatik.uni-mannheim.deitsec-fss2014@th.informatik.uni-mannheim.de

Selected Topics in IT Security (FSS 2013)

Lecturers: Dr. Jens-Matthias Bohli, Dr. Ghassan Karame

Exam Schedule/Technique: To be determined.

Lecture dates: Friday, 15:30 - 19:00 Uhr, Room A5 C014

Important Note: The first lecture takes place on March 1. At this lecture, further details will be discussed.

Vorlesungsverzeichnis

Description

Background and Learning Objectives

The large-scale deployment of Internet-based services and the open nature of the Internet come alongside with the increase of security threats against existing services. As the size of the global network grows, the incentives of attackers to abuse the operation of online applications also increase and their advantage in mounting successful attacks becomes considerable.

These cyber-attacks often target the resources, availability, and operation of online services. In the recent years, a considerable number of online services such as Amazon, CNN, eBay, and Yahoo were hit by online attacks; the losses in revenues of Amazon and Yahoo were almost 1.1 million US dollars. With an increasing number of services relying on online resources, security becomes an essential component of every system.

This course aims to increase the security awareness of students and offers them a basic understanding with respect to a variety of interesting topics. After this course, students will be able to (1) learn about symmetric and asymmetric encryption schemes, (2) classify and describe vulnerabilities and protection mechanisms of popular network protocols, web protocols, and software systems (2) analyze / reason about basic protection mechanisms for modern OSs, software and hardware systems.

Content Description

This lecture covers the security of computer, software systems, and tamper resistant hardware. The course starts with a basic introduction on encryption functions, spanning both symmetric and asymmetric encryption techniques, IBE encryption and Zero-Knowledge proofs, and discusses reported side-channel attacks. The course then continues with a careful examination of wired and wireless network security issues, and web security threats and mechanisms. This part also extends to analysis of buffer overflows. Finally, the course also covers a set of selected security topics such as trusted computing and electronic voting.

Topics:

  • Encryption Schemes (Private Key vs. Public Key, Block cipher security)
  • IBE Encryption and Zero Knowledge Proofs
  • Side channel attacks
  • Network Security
  • Wireless Security
  • Web Security (SQL, X-Site Scripting)
  • Buffer Overflows
  • Malware & Botnets
  • Trusted computing
  • Electronic Voting