Oral Exam

As already communicated in the lecture and via the email list, the oral exams take place on

June 4, 2014

Location is B6, A301.

Time table of the exams


No Lecture on May 23

Due to date conflicts, the lectures need to be re-scheduled slightly. This Friday (May 23) will be NO lecture! The lecture of J. Bohli on eVoting will take place one week later on May 30.


No Lecture on February 21

Due to date conflicts, the lectures need to be re-scheduled slightly. This Friday (February 21) will be NO lecture! The lecture of F. Armknecht on AES will take place one week later on February 28 instead of the lecture of J. Bohli.


Talks on IT-Security
February 25, 2014
5PM; A5, B244

On February 24, we organize together with the Stiftung der Deutschen Wirtschaft several talks on current topics on IT-Security. The talks aim for a broad audience and will be given in English.

Time: February 24, 5 PM
Place: A5, B244

Tentative Programme:

  •  Secure Internet Communication (Prof. Dr. F. Armknecht, University of Mannheim)
  • IT-Forensics (Dr. Dewald, University of Erlangen)
  • On the Security Provisions of Bitcoin (Dr. Karame, NEC Labs)

Flyer of the seminar.


Mailing List

There exits now a mailing list for the lecture. To join the mailing list, please register at:

To send an email to the mailing list, please use the following mailing address:


Selected Topics in IT Security (FSS 2014)

Lecturers: Prof. Dr. Frederik Armknecht, Dr. Jens-Matthias Bohli, Dr. Ghassan Karame

Exam Schedule/Technique: Oral exam.

Exercises: Exercises (90mins) will take place on Tuesday, 1:45-3:15 PM, in B6, A303.

Lectures: As Dr. Bohli and Dr. Karame are lecturers from industry, no weekly lectures are possible. Instead there will be longer lectures (3:30-7 PM, B6, A303) at selected dates. The tentative agenda for this semester is as follows:


Tentative Lecture Agenda
Feb. 14Introduction to CryptographyKarame
Feb. 21NO LECTURE!! -
Feb. 28AESArmknecht
Mar. 7Zero-knowledge Protocols, Side Channel AttacksKarame
Mar. 14Network SecurityArmknecht
Mar. 21Web-SecurityBohli
Mar. 28Electronic VotingBohli
Apr. 4Malware, Trusted ComputingKarame
Apr. 11Bitcoin SecurityKarame
May 9OS SecurityArmknecht
May 23Questions & AnswersAll
May 30Electronic VotingBohli

Important Note: The first lecture takes place on February 14. At this lecture, further details will be discussed.


Background and Learning Objectives

The large-scale deployment of Internet-based services and the open nature of the Internet come alongside with the increase of security threats against existing services. As the size of the global network grows, the incentives of attackers to abuse the operation of online applications also increase and their advantage in mounting successful attacks becomes considerable.

These cyber-attacks often target the resources, availability, and operation of online services. In the recent years, a considerable number of online services such as Amazon, CNN, eBay, and Yahoo were hit by online attacks; the losses in revenues of Amazon and Yahoo were almost 1.1 million US dollars. With an increasing number of services relying on online resources, security becomes an essential component of every system.

This course aims to increase the security awareness of students and offers them a basic understanding with respect to a variety of interesting topics. After this course, students will be able to (1) learn about symmetric and asymmetric encryption schemes, (2) classify and describe vulnerabilities and protection mechanisms of popular network protocols, web protocols, and software systems (2) analyze / reason about basic protection mechanisms for modern OSs, software and hardware systems.

Content Description

This lecture covers the security of computer, software systems, and tamper resistant hardware. The course starts with a basic introduction on encryption functions, spanning both symmetric and asymmetric encryption techniques, IBE encryption and Zero-Knowledge proofs, and discusses reported side-channel attacks. The course then continues with a careful examination of wired and wireless network security issues, and web security threats and mechanisms. This part also extends to analysis of buffer overflows. Finally, the course also covers a set of selected security topics such as trusted computing and electronic voting.


  • Encryption Schemes (Private Key vs. Public Key, Block cipher security)
  • IBE Encryption and Zero Knowledge Proofs
  • Side channel attacks
  • Network Security
  • Wireless Security
  • Web Security (SQL, X-Site Scripting)
  • Buffer Overflows
  • Malware & Botnets
  • Trusted computing
  • Electronic Voting