Introduction to IT Security: Cryptography, Software and System Security

Short Name
Introduction to IT Securi
Module Code
CS2362
Module Coordinator
  • Prof. Dr. André Rein
Teacher
  • Prof. Dr. André Rein
Short Description

This module introduces the theoretical and practical foundations of IT security, which are used in particular for implementing the security objectives of confidentiality, integrity and authenticity of data, software and systems.

Learning Objectives

The students have a sound basic knowledge in selected topics of IT security.

    They can:
  • Identify, understand, describe and use common cryptographic primitives (building blocks).
  • Understand, analyze, and evaluate software and more complex systems that integrate these primitives.
  • Identify and understand common simple attack methods on cryptographic methods
  • Identify, understand and exploit simple software vulnerabilities and identify and use appropriate countermeasures.
  • Identify and apply techniques and tools used to prevent and locate software vulnerabilities.
    They are in a position to:
  • Select suitable and secure application-specific cryptographic procedures and their parameters as a team
  • Distinguish and discuss secure from insecure procedures
  • Analyze, evaluate and implement a specific and compound mechanism using cryptographic primitives
  • Detect and avoid common attacks and software vulnerabilities
  • Assess the impact on system security and understand and apply appropriate procedures and techniques to increase the overall security of systems
Contents
  • Primary security objectives of IT security
  • Confidentiality, Integrity and Authenticity
  • Classical cryptographic methods
  • Fundamentals of modern cryptographic methods and in particular their application:
    • Symmetric, asymmetric and hybrid encryption systems
    • Cryptographic Hash Functions
    • Message authentication codes
    • Digital Signatures
    • Diffie-Hellman key exchange method
  • Basics of software and system security:
    • Attack and protection techniques to ensure system integrity
    • Softwarevulnerabilities: buffer overflows, use- after-free, format strings
    • Shellcodes
    • return oriented programming
    • Countermeasures on software and operating system level: Data Execution Prevention, Address Space Layout Randomizaion, Canaries
Duration in Semester
1
Instruction Language
German
Total Effort
6.0 CrP; an estimated 180 hours, of which approximately 60 are spent in class.
Weekly School Hours
4
Method of Instruction

Seminaristischer Unterricht 2 SWS, Praktikum 2 SWS

Requirements for the awarding of Credit Points

Examination prerequisite: 2 accepted exercises (can be carried out in teams)

Examination: The type and scope of the examination will be announced to the students at the beginning of the course.

Availability
Semesterly
References
  • Bruce Schneier: Angewandte Kryptographie - Protokolle, Algorithmen und Sourcecode in C (ISBN: 3827372283)
  • Christoph Paar/Jan Pelzl: Kryptografie verständlich: Ein Lehrbuch für Studierende und Anwender (ISBN: 9783662492963)
  • Jan Erickson: Hacking: The Art of Exploitation (ISBN: 1593271441)

Weitere Literatur wird in der Vorlesung bekannt gegeben.