Selected Topics in IT-Security

Lecturers: Dr. Matthias Hamann, Dr. Ghassan Karame
Teaching Assistant: Christian Müller

The large-scale deployment of Internet-based services and the open nature of the Internet come alongside with the increase of security threats against existing services. As the size of the global network grows, the incentives of attackers to abuse the operation of online applications also increase and their advantage in mounting successful attacks becomes considerable.

These cyber-attacks often target the resources, availability, and operation of online services. In the recent years, a considerable number of online services such as Amazon, CNN, eBay, and Yahoo were hit by online attacks; the losses in revenues of Amazon and Yahoo were almost 1.1 million US dollars. With an increasing number of services relying on online resources, security becomes an essential component of every system.

This course aims to increase the security awareness of students and offers them a basic understanding with respect to a variety of interesting topics. After this course, students will be able to (1) learn about symmetric and asymmetric encryption schemes, (2) classify and describe vulnerabilities and protection mechanisms of popular network protocols, web protocols, and software systems (3) analyze / reason about basic protection mechanisms for modern OSs, software and hardware systems.

Remote Lectures

Due to the suspension of teaching operations at the university, we offer remote lectures. The live-stream is available at the regular days and times (as noted in the schedule) here:
https://ilias.uni-mannheim.de/goto.php?target=webr_979268

Lecture and Exercise

Tuesdays: 1530h-1700h, room: A1.01 in B6 23-25
Tuesdays: 1715h-1845h, room: A1.01 in B6 23-25

ILIAS

We have an ILIAS course where you will find all lecture materials, which you may find here: https://ilias.uni-mannheim.de/goto.php?target=crs_958194

Lecture Topics

Bitcoin & Blockchain
Password Security
Biometric Authentication
Symmetric and Asymmetric Crypto
Side Channels
TLS
IPsec & VPN
Tor
WEP/WPA/WPA2
System Security
Spam & Social Engineering
Mail Spoofing & Mail Encryption
Web Security & SQL Injection & XSS
Buffer Overflows & Meltdown/Spectre
Malware & Trusted Computing

Lecture Roadmap

Please note: you have to bring your own laptop to the exercises!

The exercise scoreboard can be found here: https://itsec.informatik.uni-mannheim.de/

Tentative Agenda (Last update on: 2020-03-23)
Date	Time	Topics	Lecturer
Feb. 11	1530h - 1845h	Introduction to Cryptography	Karame
Feb. 18	1530h - 1700h	WEP/WPA/WPA2 Security	Hamann
Feb. 18	1715h - 1845h	Exercise Session 01	Müller
Feb. 25	1530h - 1845h	Side Channels & Zero Knowledge	Karame
Mar. 03	1530h - 1700h	IPsec & Tor & VPN	Hamann
Mar. 03	1715h - 1845h	Exercise Session 02	Müller
Mar. 10	1530h - 1700h	Spam & Phishing & Social Engineering & Mail Spoofing 1	Hamann
Mar. 10	1715h - 1845h	Exercise Session 03	Müller
Mar. 17	1530h - 1845h	TLS	Karame
Mar. 23	1015h - 1145h	Exercise Session 04	Müller
Mar. 24	1530h - 1845h	SQL Injection & XSS	Karame
Mar. 31	---	Mail Spoofing 2 & Rights Management (Video)	Hamann/Armknecht
Mar. 31	---	--- moved to Mar. 23 ---	---
Apr. 07	---	/** Easter	---
Apr. 14	---	* Holidays **/	---
Apr. 21	1530h - 1845h	Malware & Botnet & Trusted Computing	Karame
Apr. 28	1530h - 1700h	Password-Based Security & Biometric Authentication	Hamann
Apr. 28	1715h - 1845h	Exercise Session 05	Müller
May 05	1530h - 1845h	Bitcoin	Karame
May 12	1530h - 1700h	Buffer Overflow & Meltdown/Spectre	Hamann
May 12	1715h - 1845h	Exercise Session 06	Müller
May 19	1530h - 1845h	Blockchain and other Altcoins	Karame
May 26	1530h - 1700h	Guest Lecture: TBA	N.N.
May 26	1715h - 1845h	Exercise Session 07 & Q'n'A	Hamann

Exam Admission Requirements

You need to achieve at least 40% of the exercise points of the first half of the semester, and 40% of the exercise points of the second half of the semester to be admitted to the exam. You can track your progress in the ITSec-Flag-System.