IT-Security and Cryptography
Introduction
This module deals with IT-security and cryptography.
Contents
The course offers a broad overview of concepts and technologies relevant to IT security: - Theoretical aspects: security in information theory and computability, introduction to cryptography (historical and modern ciphers, hash functions, pseudo-random number generators, message authentication codes, public-key cryptography) - Network security: security of protocols and TCP/IP, public key infrastructure, user authentication, Kerberos, IPsec, TLS protocol, SSH, DNS Security, Email Security, and Phishing Attacks. - Software security: security vulnerabilities, common programming errors and techniques for exploiting them, reverse engineering and obfuscation, malware and anti-malware - Platform security: access control models, security policies, operating system security, virtualisation, security mechanisms with hardware support - Methods for secure and reliable transmission and processing of information, error-correcting coding methods - Fundamentals of cryptographic systems, methods for information analysis, complexity aspects, applications - Necessary foundations of mathematics and complexity theory are introduced alongside the topics - Private key cryptosystems, Vernam one-time pad, AES, perfect security, public key cryptosystems, RSA, Diffie-Hellman, Elgamal, Goldwasser-Micali, digital signature, challenge-response procedure, secret sharing, millionaire problem, secure circuit evaluation, homomorphic encryption - Symmetric Encryption, Integrity protection, Asymmetric Encryption, Digital Signatures, Certificates and Public Key Infrastructures, and Authentication and Key Agreement
Learning Objectives
Students are able to - understand the mathematical foundations of secure and reliable information processing and their complexity-theoretical basis - are capable of analysing thesecurity of methods - model threats and evaluate the security of systems critically from the attacker’s perspective - understand the purpose and functioning of some security technologies and be aware of their limitations - select and apply appropriate cryptographic primitives in different application scenarios - select suitable security protocols for a given scenario and configure the relevant options for the cryptographic building blocks used within these protocols - identify security requirements and adequate security mechanisms in various application domains - identify potential weaknesses in security protocols not covered in detail during the course and propose appropriate fixes - assess the severity of novel attacks against security protocols and cryptographic primitives
Examination methods
- Either a written exam (90 minutes).
- Or an oral examination (30 minutes).