Selected Topics in IT-Security

Lecturers: Dr. Matthias Hamann, Dr. Ghassan Karame
Teaching Assistant: Christian Müller

The large-scale deployment of Internet-based services and the open nature of the Internet come alongside with the increase of security threats against existing services. As the size of the global network grows, the incentives of attackers to abuse the operation of online applications also increase and their advantage in mounting successful attacks becomes considerable.

These cyber-attacks often target the resources, availability, and operation of online services. In the recent years, a considerable number of online services such as Amazon, CNN, eBay, and Yahoo were hit by online attacks; the losses in revenues of Amazon and Yahoo were almost 1.1 million US dollars. With an increasing number of services relying on online resources, security becomes an essential component of every system.

This course aims to increase the security awareness of students and offers them a basic understanding with respect to a variety of interesting topics. After this course, students will be able to (1) learn about symmetric and asymmetric encryption schemes, (2) classify and describe vulnerabilities and protection mechanisms of popular network protocols, web protocols, and software systems (3) analyze / reason about basic protection mechanisms for modern OSs, software and hardware systems.


  • Written, in-person 90-minute exam on 2020-06-13, from 0830h to 1000h in room A3 0.01.

Remote Lectures

Due to the suspension of teaching operations at the university, we offer remote lectures. We now use the Zoom platform, the meeting room is available at the regular days and times (as noted in the schedule) here:

If you want to join the meeting room using your browser (directly, no additional app), use the following link:

Lecture and Exercise

  • Tuesdays: 1530h-1700h, room: A1.01 in B6 23-25
  • Tuesdays: 1715h-1845h, room: A1.01 in B6 23-25


We have an ILIAS course where you will find all lecture materials, which you may find here:

Lecture Topics

  • Bitcoin & Blockchain
  • Password Security
  • Biometric Authentication
  • Symmetric and Asymmetric Crypto
  • Side Channels
  • TLS
  • IPsec & VPN
  • Tor
  • System Security
  • Spam & Social Engineering
  • Mail Spoofing & Mail Encryption
  • Web Security & SQL Injection & XSS
  • Buffer Overflows & Meltdown/Spectre
  • Malware & Trusted Computing

Lecture Roadmap

Please note: you have to bring your own laptop to the exercises!

The exercise scoreboard can be found here:

Tentative Agenda (Last update on: 2020-05-19)
Feb. 111530h - 1845hIntroduction to CryptographyKarame
Feb. 181530h - 1700hWEP/WPA/WPA2 SecurityHamann
Feb. 181715h - 1845hExercise Session 01Müller
Feb. 251530h - 1845hSide Channels & Zero KnowledgeKarame
Mar. 031530h - 1700hIPsec & Tor & VPNHamann
Mar. 031715h - 1845hExercise Session 02Müller
Mar. 101530h - 1700hSpam & Phishing & Social Engineering & Mail Spoofing 1Hamann
Mar. 101715h - 1845hExercise Session 03Müller
Mar. 171530h - 1845hTLSKarame
Mar. 231015h - 1145hExercise Session 04Müller
Mar. 241530h - 1845hSQL Injection & XSSKarame
Mar. 31---Mail Spoofing 2 & Rights Management (Video)Hamann/Armknecht
Mar. 31------ moved to Mar. 23 ------
Apr. 07---/**  Easter---
Apr. 14---   *  Holidays  **/---
Apr. 211530h - 1845hMalware & Botnet & Trusted ComputingKarame
Apr. 28---Password-Based Security & Biometric Authentication (Video)Hamann/Armknecht
Apr. 281530h - 1700hExercise Session 05Müller
May 051530h - 1845hBitcoinKarame
May 12---Buffer Overflow & Meltdown/Spectre (Video)Hamann/Armknecht
May 121530h - 1700hExercise Session 06Müller
May 191530h - 1845hBlockchain and other AltcoinsKarame
May 261530h - 1700hExercise Session 07 & Q'n'AHamann/Müller
May 26---------