IT-Security and Cryptography
Introduction
This module deals with IT-security and cryptography.
Contents
The course offers a broad overview of concepts and technologies relevant to IT security: - Theoretical aspects: security in information theory and computability, introduction to cryptography (historical and modern ciphers, hash functions, pseudo-random number generators, message authentication codes, public-key cryptography) - Network security: security of protocols and TCP/IP, public key infrastructure, user authentication, Kerberos, IPsec, TLS protocol, SSH, DNS Security, Email Security, and Phishing Attacks. - Software security: security vulnerabilities, common programming errors and techniques for exploiting them, reverse engineering and obfuscation, malware and anti-malware - Platform security: access control models, security policies, operating system security, virtualisation, security mechanisms with hardware support - Methods for secure and reliable transmission and processing of information, error-correcting coding methods - Fundamentals of cryptographic systems, methods for information analysis, complexity aspects, applications - Necessary foundations of mathematics and complexity theory are introduced alongside the topics - Private key cryptosystems, Vernam one-time pad, AES, perfect security, public key cryptosystems, RSA, Diffie-Hellman, Elgamal, Goldwasser-Micali, digital signature, challenge-response procedure, secret sharing, millionaire problem, secure circuit evaluation, homomorphic encryption - Symmetric Encryption, Integrity protection, Asymmetric Encryption, Digital Signatures, Certificates and Public Key Infrastructures, and Authentication and Key Agreement
Learning Objectives
Students are able to - understand the mathematical foundations of secure and reliable information processing and their complexity-theoretical basis - are capable of analysing thesecurity of methods - model threats and evaluate the security of systems critically from the attacker’s perspective - understand the purpose and functioning of some security technologies and be aware of their limitations - select and apply appropriate cryptographic primitives in different application scenarios - select suitable security protocols for a given scenario and configure the relevant options for the cryptographic building blocks used within these protocols - identify security requirements and adequate security mechanisms in various application domains - identify potential weaknesses in security protocols not covered in detail during the course and propose appropriate fixes - assess the severity of novel attacks against security protocols and cryptographic primitives
Examination methods
- Either a written exam (90 minutes).
- Or an oral examination (30 minutes).
Lecture: Security and Cryptography
SWS: 2 ECTS: 2
Exercise: Security and Cryptography Exercise
SWS: 2 ECTS: 4
Module Competences
| ID | Description | Disciplines | Prerequisites | Evidence | Author | Source |
|---|---|---|---|---|---|---|
| sec_complex_1 | explain the necessity and methods of error-protected transmission and storage of data | Computer Science | describe and apply the taught methods to given examples | University of Potsdam | Link | |
| sec_complex_2 | analyse the correctness, security and complexity of algorithms | Computer Science | Submit a written analysis for a given algorithm | University of Potsdam | Link |