Course pages 2012–13

**Subsections**

##

Security I

*Lecturer: Dr M.G. Kuhn*

*No. of lectures:* 12

*Suggested hours of supervisions:* 3

*Prerequisite courses: Discrete Mathematics II, Operating Systems*

*This course is a prerequisite for Security II.*

### Aims

This course covers essential concepts of computer security and cryptography.

### Lectures

**Cryptography.**Introduction, terminology, finite rings and fields, modular arithmetic, GF(2^n), pseudo-random functions and permutations, semantic security.**Classic ciphers.**Vigenére, perfect secrecy, Vernam, computational security, Kerckhoffs’ principle, random bit sources, attacking linear-congruential RNGs and LFSRs.**Block ciphers.**SP networks, Feistel/Luby-Rackoff structure, DES, AES, modes of operation, message authentication.**Secure hash functions.**One-way functions, collision resistance, Merkle-Damgård construction, padding, birthday problem, MD5, SHA, HMAC, stream authentication, Merkle tree, Lamport one-time signatures.**Asymmetric cryptography.**Key-management problem, signatures, certificates, PKI, discrete-logarithm problem, Diffie-Hellman key exchange, ElGamal encryption and signature, hybrid cryptography.**Entity authentication.**Passwords, trusted path, phishing, CAPTCHA. Authentication protocols: one-way and challenge-response protocols, Needham-Schroeder, protocol failure examples.**Access control.**Discretionary access control matrix, DAC in POSIX and Windows, elevated rights and setuid bits, capabilities, mandatory access control, covert channels, Clark-Wilson integrity.**Operating system security.**Trusted computing base, domain separation, reference mediation, residual information protection.**Software security.**Malicious software, viruses. Common implementation vulnerabilities: buffer overflows, integer overflows, meta characters, syntax incompatibilities, race conditions, unchecked values, side channels. [2 lectures]**Network security.**Vulnerabilities of TCP/IP, DNS, Firewalls, VPNs, HTTP authentication, cookies, cross-site scripting, browser sandboxes. [2 lectures]

### Objectives

By the end of the course students should

- be familiar with core security terms and concepts;
- have a basic understanding of some commonly used attack techniques and protection mechanisms;
- have gained basic insight into aspects of modern cryptography and its applications;
- appreciate the range of meanings that “security” has across different applications.

### Recommended reading

* Paar, Ch. & Pelzl, J. (2010). *Understanding cryptography*. Springer.

Gollmann, D. (2010). *Computer security*. Wiley (3rd ed.).