Introduction to IT Security: Cryptography, Software and System Security
- Prof. Dr. André Rein
- Prof. Dr. André Rein
This module introduces the theoretical and practical foundations of IT security, which are used in particular for implementing the security objectives of confidentiality, integrity and authenticity of data, software and systems.
The students have a sound basic knowledge in selected topics of IT security.
- They can:
- Identify, understand, describe and use common cryptographic primitives (building blocks).
- Understand, analyze, and evaluate software and more complex systems that integrate these primitives.
- Identify and understand common simple attack methods on cryptographic methods
- Identify, understand and exploit simple software vulnerabilities and identify and use appropriate countermeasures.
- Identify and apply techniques and tools used to prevent and locate software vulnerabilities.
- They are in a position to:
- Select suitable and secure application-specific cryptographic procedures and their parameters as a team
- Distinguish and discuss secure from insecure procedures
- Analyze, evaluate and implement a specific and compound mechanism using cryptographic primitives
- Detect and avoid common attacks and software vulnerabilities
- Assess the impact on system security and understand and apply appropriate procedures and techniques to increase the overall security of systems
- Primary security objectives of IT security
- Confidentiality, Integrity and Authenticity
- Classical cryptographic methods
- Fundamentals of modern cryptographic methods and in particular their application:
- Symmetric, asymmetric and hybrid encryption systems
- Cryptographic Hash Functions
- Message authentication codes
- Digital Signatures
- Diffie-Hellman key exchange method
- Basics of software and system security:
- Attack and protection techniques to ensure system integrity
- Softwarevulnerabilities: buffer overflows, use- after-free, format strings
- return oriented programming
- Countermeasures on software and operating system level: Data Execution Prevention, Address Space Layout Randomizaion, Canaries
Seminaristischer Unterricht 2 SWS, Praktikum 2 SWS
Examination prerequisite: 2 accepted exercises (can be carried out in teams)
Examination: The type and scope of the examination will be announced to the students at the beginning of the course.
- Bruce Schneier: Angewandte Kryptographie - Protokolle, Algorithmen und Sourcecode in C (ISBN: 3827372283)
- Christoph Paar/Jan Pelzl: Kryptografie verständlich: Ein Lehrbuch für Studierende und Anwender (ISBN: 9783662492963)
- Jan Erickson: Hacking: The Art of Exploitation (ISBN: 1593271441)
Weitere Literatur wird in der Vorlesung bekannt gegeben.