Learning objectives
The course aims to provide the student with the knowledge of the main mechanisms used for securing networked systems and for protecting computer networks; in particular the knowledge and understanding of applied cryptography for data authentication, integrity protection and confidentiality; knowledge of the main security protocols, possible software and network vulnerabilities and protection mechanisms.
Prerequisites
Familiarity with TCP/IP protocols.
Course unit content
Cryptography basics and algorithms;
Authentication mechanisms and digital signature; identification and key exchange; anonymity;
Protocols for secure communications;
Main software and network vulnerabilities, attacks, and countermeasures.
Laboratory activities.
Full programme
Syllabus (every class or laboratory = 2 hours)
Class 1: course organization, objectives, textbooks, exam details; preview of the course; security services; symmetric cryptography, attacks, computational security
Class 2: substitution ciphers, polyalphabetic substitution ciphers, one time pad (OTP) cipher, transposition, product cipher; stream and block ciphers
Class 3: AES; encryption of long messages; padding; ECB; examples of attacks to ECB; CBC
Class 4: examples of attacks to CBC; exercises with Openssl
Class 5: OFB, CFB, CTR; hash functions, brute force attack, birthday paradox, Merkle-Damgard structure, length extension attack
Class 6: SHA1, SHA2, sponge function, SHA3; password hashing; encryption using hash functions
Class 7: number theory: modular arithmetic, prime, relatively prime, GCD, Euclid's algorithm, multiplicative inverse
Class 8: laboratory exercises with symmetric cipher and hash programming
Class 9: multiplicative inverse existence, extended Euclid's algorithm, example, totient function, Euler's theorem; RSA overview
Class 10: demonstration of Euler's theorem and corollary, primitive root, discrete logarithm, primarity test; RSA, example
Class 11: textbook RSA, RSA security, using RSA
Class 12: DH; message authentication (authenticity), MAC functions, HMAC, authenticated encryption
Class 13: digital signature, RSA signature, DSA; identification, challenge-response authentication, symmetric-key based authentication schemes
Class 14: symmetric-key based authentication schemes, mutual authentication, public-key based authentication schemes, One-Time Password, Lamport's scheme, example: HTTP authentication; secret key establishment, long and short-term keys
Class 15: key establishment properties, session key exchange through symmetric cryptography, session key exchange through asymmetric cryptography, authenticated DH; KDC; public key distribution, digital certificates
Class 16: digital certificates, cert chain, trust path; CA, PKI, X.509 certificates, PKCS, CRL
Class 17: laboratory exercises on asymmetric cryptography and X.509, using openssl
Class 18: IPSec, IKE, Transport Layer Security (TLS), example with Wireshark
Class 19: TLS handshake, DTLS; anonymity, high-latency anonymity systems; low-latency anonymity systems, onion routing, TOR
Class 20: vulnerabilities; network vulnerabilities
Class 21: software vulnerabilities, buffer overflow, SQL injection, web vulnerabilities
Class 22: vulnerability scanning; firewalls; Intrusion Detection Systems (IDSs)
Class 23: laboratory exercises on vulnerability scanning and firewalls
Class 24: exercises
Bibliography
[1] L. Veltri, "Cybersecurity", slides of the course, available on the course web site
[2] W. Stallings, "Cryptography and Network Security: Principles and Practice", 8th Edition, Pearson, 2020
[3] W. Stallings, "Computer Security: Principles and Practice", 4th Edition, Pearson, 2017
Teaching methods
Class lessons (40h), and in class and laboratory exercises (8h).
Assessment methods and criteria
The exam consists in a written test formed by questions and exercises.
Examples of exercises are shown and solved during the course.