Computer Laboratory

Course pages 2013–14

Security I

Principal lecturer: Dr Markus Kuhn
Taken by: Part IB
Past exam questions: Security I, Introduction to Security
Information for supervisors (contact lecturer for access permission)

No. of lectures: 12
Suggested hours of supervisions: 3
Prerequisite courses: Discrete Mathematics II, Operating Systems
This course is a prerequisite for Security II.


This course covers some essential computer-security techniques, focussing mainly on private-key cryptography, discretionary access control and common software vulnerabilities.


  • Introduction. Malicious intent. Security policies, targets, mechanisms. Aspects of confidentiality, integrity, availability, privacy. Requirements across different applications.

  • Cryptography. Overview, private vs. public-key ciphers, MACs vs. signatures, certificates, application examples. Some discrete-mathematics prerequisites: notation, finite rings and fields, modular arithmetic, GF(2^n), probability, birthday problem, random mappings.

  • Classic ciphers. Attacks on substitution and transposition ciphers, Vigenére, perfect secrecy, one-time pads, computational security, stream ciphers, attacking linear-congruential RNGs and LFSRs, CRCs, Kerckhoffs’ principle.

  • Private-key encryption. Security definitions for pseudo-random generators, functions and permutations. Advantage. Oracle queries.

  • Block ciphers. Feistel/Luby-Rackoff structure, DES, TDES, AES.

  • Chosen-plaintext attack security. Security with multiple encryptions. Modes of operation: CBC, OFB, CNT. Malleability.

  • Message authentication codes. Existential unforgeability, CBC-MAC, ECBC-MAC, CMAC, birthday attacks.

  • Authenticated encryption. Chosen-ciphertext attack security, ciphertext integrity, encrypt-and-authenticate, authenticate-then-encrypt, encrypt-then-authenticate, padding oracle example, GCM.

  • Entity authentication. Passwords, trusted path, phishing, CAPTCHA. Authentication protocols: replay attacks, one-way and challenge-response protocols, Needham-Schroeder, protocol failure examples.

  • Operating system security. Trusted computing base, domain separation, reference mediation, residual information protection.

  • Discretionary access control. Matrix model, DAC in POSIX and Windows, elevated rights and setuid bits, capabilities, Clark-Wilson integrity.

  • Software security. Malicious software. Common implementation vulnerabilities: buffer overflows, integer overflows, meta characters, syntax incompatibilities, race conditions, unchecked values, side channels, random-bit sources.


By the end of the course students should

  • be familiar with core security terms and concepts;

  • understand security definitions of modern private-key cryptographic primitives;

  • understand the POSIX and Windows NTFS discretionary access control system;

  • understand the most common security pitfalls in software development.

Recommended reading

* Paar, Ch. & Pelzl, J. (2010). Understanding cryptography. Springer.
Katz, J., Lindell, Y. (2008). Introduction to modern cryptography. Chapman & Hall/CRC.
Gollmann, D. (2010). Computer security. Wiley (3rd ed.).