Computer Laboratory

Course pages 2017–18

Security II

Principal lecturers: Dr Markus Kuhn, Dr Daniel Thomas
Taken by: Part II
Past exam questions

No. of lectures: 16
Suggested hours of supervisions: 4
Prerequisite courses: Security I; Discrete Mathematics, Economics, Law and Ethics; Operating Systems; Computer Networking
This course is a prerequisite for E-Commerce.


The first half of this course completes the introduction to cryptography started Security I (Part IB), looking at secure hash functions and public-key cryptography, including some mathematical prerequisites and applications.

The second half of this course aims to give students additional understanding of security engineering as a systems discipline, from security policies (modelling what ought to be protected) to mechanisms (how to implement the protection goals). It also covers the interaction of security with psychology and usability; anonymity; security economics, and aspects of networking security.


Part 1: Cryptography [lecturer: Markus Kuhn]

  • Secure hash functions. One-way functions, collision resistance, Merkle-Damgård construction, padding, MD5, SHA.

  • Applications of secure hash functions. HMAC, stream authentication, Merkle tree, commitment protocols.

  • Key distribution problem. Needham-Schroeder protocol, Kerberos, hardware-security modules, public-key encryption schemes, CPA and CCA security for asymmetric encryption.

  • Number theory and finite groups. Modular arithmetic, greatest common divisor, Euclid’s algorithm, modular inversion, groups, rings, fields, finite groups, cyclic groups, generators, Euler’s theorem, Chinese remainder theorem, modular roots, subgroup of quadratic residues, modular exponentiation, easy and difficult problems. [2 lectures]

  • Discrete logarithm problem. Diffie-Hellman key exchange, ElGamal encryption, hybrid cryptography, elliptic-curve systems.

  • Trapdoor permutations. Security definition, turning one into a public-key encryption scheme, RSA, attacks on “textbook” RSA, RSA as a trapdoor permutation, optimal asymmetric encryption padding, common factor attacks.

  • Digital signatures. one-time signatures, ElGamal signatures, DSA, RSA signatures, Certificates, PKI.

Part 2: Security Engineering [lecturer: Daniel Thomas and others]

  • Security, human factors and psychology. Usability failures. Incompatibility between security requests and work practices. Thinking like an attacker/victim. Social engineering. Phishing. Why do scams work? Social psychology.
    [Refs: “Why Johnny can’t encrypt”, “Users are not the enemy”, The art of deception, “Understanding scam victims”, Influence: science and practice, “The compliance budget”, “Maps of bounded rationality”] [2 lectures]

  • Security policies. Terminology: policy, profile, target. Influential security policies. Design & implementation.

  • Authentication. Usability and security problems of passwords. Taxonomy of replacement schemes and their salient features. Why passwords continue to dominate. Authentication as machine learning. [Refs: “The quest to replace passwords”, “The password thicket”].

  • Network security. Firewalls, intrusion detection, DDoS, spoofing, honeypots, security protocols.

  • Web application security. HTTP authentication and authorization, cookies, web single-signon systems (Ucam-Webauth, SAML, OpenID, OAuth 2), cross-site scripting and request forgery, JavaScript security model.

  • Security economics. Why is security management hard? Misaligned incentives. Asymmetric information. Externalities. Adverse selection. Case studies: security seals, markets for vulnerabilities, phishing website takedown, cost of cybercrime.

  • Anonymity and censorship resistance. Censorship on the web: goals, technology (DNS tampering, IP blocking etc). Blocking through laws or intimidation. Why privacy and anonymity? Remailers, mix networks, attacks. Censorship resistance tools and their architecture: Tor, Freenet, Psiphon.


At the end of the course students should be able to tackle an information protection problem by drawing up a threat model, formulating a security policy, and designing specific protection mechanisms to implement the policy. They also should understand the properties and main applications of secure hash functions, as well as the properties of, and some implementation options for, asymmetric ciphers and signature schemes, based on the discrete-logarithm and RSA problems.

Recommended reading

* Anderson, R. (2008). Security engineering. Wiley (2nd ed.). Freely downloadable in PDF from
* Katz, J., Lindell, Y. (2015). Introduction to modern cryptography. Chapman & Hall/CRC (2nd ed.).

Further reading:

Gollmann, D. (2010). Computer security. Wiley (3rd ed.).
Cialdini, R. (2008). Influence: science and practice. Pearson (5th ed.)
Stajano, F. (2002). Security for ubiquitous computing. Wiley.
Kahneman, D. (2012). Thinking fast and slow. Penguin.