Computer Laboratory

Course pages 2015–16

Security II

Principal lecturers: Dr Frank Stajano, Dr Markus Kuhn
Taken by: Part II
Past exam questions

No. of lectures: 16
Suggested hours of supervisions: 4
Prerequisite courses: Security I; Probability; Economics, Law and Ethics; Operating Systems; Computer Networking
This course is a prerequisite for E-Commerce.


The first half of this course aims to give students additional understanding of security engineering as a systems discipline, from security policies (modelling what ought to be protected) to mechanisms (how to implement the protection goals). It also covers the interaction of security with psychology and usability; anonymity; security economics, and aspects of physical security. The second half gives and introduction to public-key cryptography, including some mathematical prerequisites and applications.


Part 1: Security Engineering [lecturer: Frank Stajano and others]

  • Security, human factors and psychology. Usability failures. Incompatibility between security requests and work practices. Thinking like an attacker/victim. Social engineering. Phishing. Why do scams work? Social psychology. Decision under risk. Prospect theory as a critique of Expected Utility theory. Framing.
    [Refs: “Why Johnny can’t encrypt”, “Users are not the enemy”, The art of deception, “Understanding scam victims”, Influence: science and practice, “The compliance budget”, “Maps of bounded rationality”] [2.5 lectures]

  • Security policies. Terminology: policy, profile, target. Vaporware policies. Influential security policies: Bell-LaPadula (multi-level security, lattices, covert channels, downgrading), Biba, Clark-Wilson (double-entry bookkeeping, separation of duties), Resurrecting Duckling (ubiquitous computing, bootstrapping a security association). [1.5 lectures]

  • Passwords. Usability and security problems of passwords. Taxonomy of replacement schemes and their salient features. Why passwords continue to dominate. [Refs: “The quest to replace passwords”, “Pico: no more passwords”, “The password thicket”].

  • Physical security. Relevance in systems security context. Pin tumbler locks. Lockpicking. Bumping. “Cryptology and physical security: rights amplification in master-keyed mechanical locks”. Burglar alarms. Sensor defeats; feature interactions; attacks on communications; attacks on trust.

  • Security economics. Why is security management hard? Misaligned incentives. Asymmetric information. Externalities. Adverse selection. Case studies: security seals, markets for vulnerabilities, phishing website takedown, cost of cybercrime.

  • Anonymity and censorship resistance. Censorship on the web: goals, technology (DNS tampering, IP blocking etc). Blocking through laws or intimidation. Why privacy and anonymity? Remailers, mix networks, attacks. Censorship resistance tools and their architecture: Tor, Freenet, Psiphon.

Part 2: Cryptography [lecturer: Markus Kuhn]

  • Secure hash functions. One-way functions, collision resistance, Merkle-Damgård construction, padding, MD5, SHA.

  • Applications of secure hash functions. HMAC, stream authentication, Merkle tree, commitment protocols.

  • Key distribution problem. Needham-Schroeder protocol, Kerberos, hardware-security modules, public-key encryption schemes, CPA and CCA security for asymmetric encryption.

  • Number theory. Modular arithmetic, greatest common divisor, Euclid’s algorithm, modular inversion, groups, rings, fields, finite groups, cyclic groups, generators, Euler’s theorem, Chinese remainder theorem, modular roots, subgroup of quadratic residues, modular exponentiation, easy and difficult problems. [2 lectures]

  • Discrete logarithm problem. Diffie-Hellman key exchange, ElGamal encryption, hybrid cryptography, elliptic-curve systems.

  • Trapdoor permutations. Security definition, turning one into a public-key encryption scheme, RSA, attacks on “textbook” RSA, RSA as a trapdoor permutation, optimal asymmetric encryption padding, common factor attacks.

  • Digital signatures. one-time signatures, ElGamal signatures, DSA, RSA signatures, Certificates, PKI.


At the end of the course students should be able to tackle an information protection problem by drawing up a threat model, formulating a security policy, and designing specific protection mechanisms to implement the policy. They also should understand the properties and main applications of secure hash functions, as well as the properties of, and some implementation options for, asymmetric ciphers and signature schemes, based on the discrete-logarithm and RSA problems.

Recommended reading

* Anderson, R. (2008). Security engineering. Wiley (2nd ed.). Freely downloadable in PDF from
* Katz, J., Lindell, Y. (2015). Introduction to modern cryptography. Chapman & Hall/CRC (2nd ed.).

Further reading:

Gollmann, D. (2010). Computer security. Wiley (3rd ed.).
Cialdini, R. (2008). Influence: science and practice. Pearson (5th ed.)
Stajano, F. (2002). Security for ubiquitous computing. Wiley.
Kahneman, D. (2012). Thinking fast and slow. Penguin.