Selected Topics in IT-Security (FSS 2015)

Lecturers: Prof. Dr. Frederik Armknecht, Dr. Ghassan Karame

Teaching Assistant: Christian Reuter

Exercise instructors: Michael Kümmerlin, Patrick Müller

Exam Schedule/Technique: Oral exam.

 

Background and Learning Objectives

The large-scale deployment of Internet-based services and the open nature of the Internet come alongside with the increase of security threats against existing services. As the size of the global network grows, the incentives of attackers to abuse the operation of online applications also increase and their advantage in mounting successful attacks becomes considerable.

These cyber-attacks often target the resources, availability, and operation of online services. In the recent years, a considerable number of online services such as Amazon, CNN, eBay, and Yahoo were hit by online attacks; the losses in revenues of Amazon and Yahoo were almost 1.1 million US dollars. With an increasing number of services relying on online resources, security becomes an essential component of every system.

This course aims to increase the security awareness of students and offers them a basic understanding with respect to a variety of interesting topics. After this course, students will be able to (1) learn about symmetric and asymmetric encryption schemes, (2) classify and describe vulnerabilities and protection mechanisms of popular network protocols, web protocols, and software systems (3) analyze / reason about basic protection mechanisms for modern OSs, software and hardware systems.

 

Content Description

This lecture covers the security of computer, software systems, and tamper resistant hardware. The course starts with a basic introduction on encryption functions, spanning both symmetric and asymmetric encryption techniques, IBE encryption and Zero-Knowledge proofs, and discusses reported side-channel attacks. The course then continues with a careful examination of wired and wireless network security issues, and web security threats and mechanisms. This part also extends to analysis of buffer overflows. Finally, the course also covers a set of selected security topics such as trusted computing and electronic voting.

 

Topics:

  • Encryption Schemes (Private Key vs. Public Key, Block cipher security)
  • IBE Encryption and Zero Knowledge Proofs
  • Side channel attacks
  • Network Security
  • Wireless Security
  • Web Security (SQL, X-Site Scripting)
  • Buffer Overflows
  • Malware & Botnets
  • Trusted computing
  • Electronic Voting

Lecture and Exercise

  • Tuesday, 15:30 - 18:45, Room B6, A104

The tentative agenda for this semester is as follows: 

Tentative Lecture Agenda
DateTimeContentLecturer
Feb. 1015:30 - 18:45Introduction to CryptoKarame
Feb. 1715:30 - 18:45Side Channels, Zero-KnowledgeKarame
Feb. 2415:30 - 17:00Authentication, Password Security, Biometric AuthenticationArmknecht
Feb. 2417:15 - 18:45Exercise
Mar. 315:30 - 17:00Spam, Phishing, Social Engineering, Mail SpoofingArmknecht
Mar. 317:15 - 18:45Exercise
Mar. 1015:30 - 18:45OS SecurityArmknecht
Mar. 1715:30 - 18:45Malware, Botnet, Trusted ComputingKarame
Mar. 2415:30 - 17:00IPSec, VPNArmknecht
Mar. 2417:15 - 18:45Exercise
Apr. 1415:30 - 18:45TLSKarame
Apr. 2115:30 - 18:45SQL Injection, XSSKarame
Apr. 2815:30 - 17:00WEP/WPA SecurityArmknecht
Apr. 2817:15 - 18:45Exercise
May 515:30 - 17:00Buffer OverflowsArmknecht
May 517:15 - 18:45Exercise
May 1215:30 - 18:45BitcoinKarame
May 1915:30 - 17:00IT-ForensicHoppe
May 1917:15 - 18:45Exercise
May 2615:30 - 17:00Different Encryptions (OPE, Homomorphic Encryption)
Proofs of Retrievability, Selected Topics
Armknecht
May 2617:15 - 18:45Exercise

Please note: You will have to bring your own laptop to the exercises!

Mailing List

There exists a mailing list for the lecture. To join the mailing list, please register at:

http://th.informatik.uni-mannheim.de/mailman/listinfo/itsec-fss2015

Lecture Slides

Exercise Sheets

Exercise Lesson Slides & Files

Exam Results