Computer Laboratory

Course pages 2014–15

Security II

Principal lecturers: Dr Frank Stajano, Dr Markus Kuhn
Taken by: Part II
Past exam questions
Information for supervisors (contact lecturer for access permission)

No. of lectures: 16
Suggested hours of supervisions: 4
Prerequisite courses: Security I; Probability; Economics, Law and Ethics; Operating Systems; Computer Networking
This course is a prerequisite for E-Commerce.


The first half of this course aims to give students additional understanding of security engineering as a systems discipline, from security policies (modelling what ought to be protected) to mechanisms (how to implement the protection goals). It also covers the interaction of security with psychology and usability; anonymity; security economics, and aspects of physical security. The second half covers public-key cryptography and related applications.


Part 1: Security Engineering [lecturer: Frank Stajano and others]

  • Security, human factors and psychology. Usability failures. Incompatibility between security requests and work practices. Thinking like an attacker/victim. Social engineering. Phishing. Why do scams work? Social psychology. Decision under risk. Prospect theory as a critique of Expected Utility theory. Framing.
    [Refs: “Why Johnny can’t encrypt”, “Users are not the enemy”, The art of deception, “Understanding scam victims”, Influence: science and practice, “The compliance budget”, “Maps of bounded rationality”] [2.5 lectures]

  • Security policies. Terminology: policy, profile, target. Vaporware policies. Influential security policies: Bell-LaPadula (multi-level security, lattices, covert channels, downgrading), Biba, Clark-Wilson (double-entry bookkeeping, separation of duties), Resurrecting Duckling (ubiquitous computing, bootstrapping a security association). [1.5 lectures]

  • Passwords. Usability and security problems of passwords. Taxonomy of replacement schemes and their salient features. Why passwords continue to dominate. [Refs: “The quest to replace passwords”, “Pico: no more passwords”, “The password thicket”].

  • Physical security. Relevance in systems security context. Pin tumbler locks. Lockpicking. Bumping. “Cryptology and physical security: rights amplification in master-keyed mechanical locks”. Burglar alarms. Sensor defeats; feature interactions; attacks on communications; attacks on trust.

  • Security economics. Why is security management hard? Misaligned incentives. Asymmetric information. Externalities. Adverse selection. Case studies: security seals, markets for vulnerabilities, phishing website takedown, cost of cybercrime.

  • Anonymity and censorship resistance. Censorship on the web: goals, technology (DNS tampering, IP blocking etc). Blocking through laws or intimidation. Why privacy and anonymity? Remailers, mix networks, attacks. Censorship resistance tools and their architecture: Tor, Freenet, Psiphon.

  • Concurrency and security. Consistency models, ACID properties, race conditions, multi-threading side channels, system-call wrapper vulnerabilities, practical attacks, security principles.

Part 2: Cryptography [lecturer: Markus Kuhn]

  • Secure hash functions. One-way functions, collision resistance, Merkle-Damgård construction, padding, MD5, SHA.

  • Applications of secure hash functions. HMAC, stream authentication, Merkle tree, commitment protocols.

  • Key distribution problem. Needham-Schroeder protocol, Kerberos, hardware-security modules, public-key encryption schemes, CPA and CCA security for asymmetric encryption.

  • Number theory. Modular arithmetic, greatest common divisor, Euclid’s algorithm, modular inversion, groups, rings, fields, finite groups, cyclic groups, generators, Euler’s theorem, Chinese remainder theorem, modular roots, subgroup of quadratic residues, modular exponentiation, easy and difficult problems.

  • Discrete logarithm problem. Diffie-Hellman key exchange, ElGamal encryption, hybrid cryptography, elliptic-curve systems.

  • Trapdoor permutations. Security definition, turning one into a public-key encryption scheme, RSA, attacks on “textbook” RSA, RSA as a trapdoor permutation, optimal asymmetric encryption padding, common factor attacks.

  • Digital signatures. Lamport one-time signatures, ElGamal signatures, DSA, RSA signatures, Certificates, PKI.


At the end of the course students should be able to tackle an information protection problem by drawing up a threat model, formulating a security policy, and designing specific protection mechanisms to implement the policy.

Recommended reading

* Anderson, R. (2008). Security engineering. Wiley (2nd ed.). Freely downloadable in PDF from
Katz, J., Lindell, Y. Introduction to modern cryptography. Chapman & Hall/CRC, 2008.

Further reading:

Gollmann, D. (2010). Computer security. Wiley (3rd ed.).
Cialdini, R. (2008). Influence: science and practice. Pearson (5th ed.)
Stajano, F. (2002). Security for ubiquitous computing. Wiley.
Kahneman, D. (2012). Thinking fast and slow. Penguin.