Selected Topics in IT-Security (FSS 2018)

Background and Learning Objectives

The large-scale deployment of Internet-based services and the open nature of the Internet come alongside with the increase of security threats against existing services. As the size of the global network grows, the incentives of attackers to abuse the operation of online applications also increase and their advantage in mounting successful attacks becomes considerable.

These cyber-attacks often target the resources, availability, and operation of online services. In the recent years, a considerable number of online services such as Amazon, CNN, eBay, and Yahoo were hit by online attacks; the losses in revenues of Amazon and Yahoo were almost 1.1 million US dollars. With an increasing number of services relying on online resources, security becomes an essential component of every system.

This course aims to increase the security awareness of students and offers them a basic understanding with respect to a variety of interesting topics. After this course, students will be able to (1) learn about symmetric and asymmetric encryption schemes, (2) classify and describe vulnerabilities and protection mechanisms of popular network protocols, web protocols, and software systems (3) analyze / reason about basic protection mechanisms for modern OSs, software and hardware systems.

Lecture Topics

  • Bitcoin & Blockchain
  • Password Security
  • Biometric Authentication
  • Symmetric and Asymmetric Crypto
  • Side Channels
  • TLS
  • IPSEC & VPN
  • TOR
  • WEP / WPA / WPA2
  • System Security
  • Spam & Social Engineering
  • Mail Spoofing & Mail Encryption
  • Web Security & SQL Injection & XSS
  • Buffer Overflows & Meltdown/Spectre
  • Malware & Trusted Computing

Lecture and Exercise Timetable

Please note: you will have to bring your own laptop to the exercises!

The exercise system can be found here: http://itsec.informatik.uni-mannheim.de.

Tentative Lecture Agenda
DateTimeRoomContentLecturer
13.02.15:30 - 18:45B6, A101Bitcoin & Blockchain, OrganizationalKarame, Gorke
20.02.15:30 - 17:00B6, A101Authentication: Password SecurityGorke
20.02.17:15 - 18:45B6, A101ExerciseGorke
27.02.15:30 - 18:45B6, A101CryptoKarame
06.03.15:30 - 17:00B6, A101Side ChannelsKarame
06.03.17:15 - 18:45B6, A101ExerciseGorke/Karame
13.03.15:30 - 18:45B6, A101TLSKarame
20.03.15:30 - 17:00B6, A101IPSEC & VPN & TORArmknecht
20.03.17:15 - 18:45B6, A101ExerciseGorke
10.04.15:30 - 17:00B6, A101WEP/WPA/WPA2Armknecht
10.04.17:15 - 18:45B6, A101ExerciseGorke/Müller
17.04.15:30 - 18:45B6, A101Right Management & Spam & Social EngineeringArmknecht
24.04.15:30 - 17:00B6, A101Mail Spoofing & Mail EncryptionArmknecht
24.04.17:15 - 18:45B6, A101ExerciseGorke
08.05.15:30 - 18:45B6, A101Web Security & SQL Injection & XSSKarame
15.05.15:30 - 17:00B6, A101Buffer Overflow & Meltdown/SpectreArmknecht
15.05.17:15 - 18:45B6, A101ExerciseMüller
22.05.15:30 - 18:45B6, A101System Security
Guest Lecture
Armknecht
O. Knapp (Capgemini)
D. Milicevic (Capgemini)
29.05.15:30 - 17:00B6, A101MalwareKarame
29.05.17:15 - 18:45B6, A101Exercise / Q&AGorke/all

Exam

You need to achieve at least 40% of the exercise points of the first half of the semester, and 40% of the exercise points of the second half of the semester to participate in the exam. You can track your progress in the ITSec-Flag-System. You will receive an exercise points notification via mail on 12.04.2018 and 31.05.2018, respectively.

Exam Date: 08.06.2018, 08:30 - 10:00

Exam Room: A5, B244

ILIAS

To inform you about announcements like room changes, please join this course on ILIAS.

You will also find the lecture and exercise slides there available for download.

Exercise Sheets

Exercise Files