Selected Topics in IT-Security

CS 408 | English

Lecturers: Prof. Dr. Frederik Armknecht, Dr. Ghassan Karame
Teaching Assistant: Christian Müller

The large-scale deployment of Internet-based services and the open nature of the Internet come alongside with the increase of security threats against existing services. As the size of the global network grows, the incentives of attackers to abuse the operation of online applications also increase and their advantage in mounting successful attacks becomes considerable.

These cyber-attacks often target the resources, availability, and operation of online services. In the recent years, a considerable number of online services such as Amazon, CNN, eBay, and Yahoo were hit by online attacks; the losses in revenues of Amazon and Yahoo were almost 1.1 million US dollars. With an increasing number of services relying on online resources, security becomes an essential component of every system.

This course aims to increase the security awareness of students and offers them a basic understanding with respect to a variety of interesting topics. After this course, students will be able to (1) learn about symmetric and asymmetric encryption schemes, (2) classify and describe vulnerabilities and protection mechanisms of popular network protocols, web protocols, and software systems (3) analyze / reason about basic protection mechanisms for modern OSs, software and hardware systems.

Re-Sit Exam

  • Written, in-person 90-minute exam on 2021-08-28, from tba to tba in room tba in building tba.

Exam

  • Written, in-person 90-minute exam on 2021-06-24, from 0900h to 1030h in room A0.01 in building B6.

Lecture and Exercise

  • Thursdays: 1530h-1700h, room: WIM-ZOOM-06 (you need to be logged into Portal2 before following this link)
  • Thursdays: 1715h-1845h, room: WIM-ZOOM-06 (you need to be logged into Portal2 before following this link)

Lectures by Dr. Karame will be held as live sessions.

Lectures by Prof. Armknecht (cf. Lecture Roadmap) will be offered as inverted lectures, i.e., videos are available on ILIAS for self-study and you may ask questions about or discuss the topic on the indicated date. The exercise session starts shortly after the question/discussion session, and thus, has no fixed start time.

ILIAS

We have an ILIAS course where you will find all lecture materials, which you may find here: https://ilias.uni-mannheim.de/goto.php?target=crs_1090575

Lecture Topics

  • Bitcoin & Blockchain
  • Password Security
  • Biometric Authentication
  • Symmetric and Asymmetric Crypto
  • Side Channels
  • TLS
  • IPsec & VPN
  • Tor
  • WEP/WPA/WPA2
  • System Security
  • Spam & Social Engineering
  • Mail Spoofing & Mail Encryption
  • Web Security & SQL Injection & XSS
  • Buffer Overflows & Meltdown/Spectre
  • Malware & Trusted Computing

Lecture Roadmap

Please note: you have to have access to a laptop for the exercises!

The exercise scoreboard can be found here: https://itsec.informatik.uni-mannheim.de/

Tentative Agenda (Last update on: 2021-03-01)
DateTimeTopicsLecturer

Mar. 04

1530h – 1845h

Intro To Crypto (*)

Karame

Mar. 11

1530h – 1845h
 

WEP/WPA/WPA2 Security
Exercise Session 01

Armknecht
Müller

Mar. 18

1530h – 1845h

Side Channels & Zero-Knowledge

Karame

Mar. 25

1530h – 1845h

IPsec & Tor & VPN
Exercise Session 02

Armknecht
Müller

Apr. 01

---

/** Easter

---

Apr. 08

---

   * Holidays **/

---

Apr. 15

1530h – 1845h

TLS

Karame

Apr. 22

1530h – 1845h

Spam & Phishing & Social Engineering & Mail Spoofing
Exercise Session 03

Armknecht
Müller

Apr. 29

1530h – 1845h

SQL Injection & XSS

Karame

May 06

1530h – 1845h

Rights Management
Exercise Session 04

Armknecht
Müller

May 13

---

// Public Holiday

---

May 20

1530h – 1845h

Malware & Botnet & Trusted Computing

Karame

May 27

1530h – 1845h

Password-Based Security & Biometric Authentication
Exercise Session 05

Armknecht
Müller

Jun. 03

---

// Public Holiday

---

Jun. 10

1530h – 1845h

Bitcoin

Karame

Jun. 17

1530h – 1845h

Buffer Overflow & Meltdown/Spectre
Exercise Session 06

Armknecht
Müller

(*) For symmetric cryptography, you may also use a video by Prof. Arkmnecht as additional resource.