CYBERSECURITY

International Teaching CYBERSECURITY

0622900004
DIPARTIMENTO DI INGEGNERIA DELL'INFORMAZIONE ED ELETTRICA E MATEMATICA APPLICATA
EQF7
DIGITAL HEALTH AND BIOINFORMATIC ENGINEERING
2021/2022



YEAR OF COURSE 2
YEAR OF DIDACTIC SYSTEM 2018
SECONDO SEMESTRE
CFUHOURSACTIVITY
432LESSONS
324EXERCISES
216LAB
Objectives
THE COURSE ILLUSTRATES THE METHODOLOGIES AND THE BASIC TOOLS FOR THE MANAGEMENT OF INFORMATION SECURITY IN DIGITAL SYSTEMS AND NETWORKS. THIS GOAL IS ACHIEVED THROUGH KNOWLEDGE OF CRYPTOGRAPHIC TECHNIQUES, ALGORITHMS AND AUTHENTICATION PROTOCOLS, PROTOCOLS FOR SECURE COMMUNICATION, PROTECTION MECHANISMS FROM POSSIBLE VULNERABILITIES.

KNOWLEDGE AND UNDERSTANDING
THEORETICAL AND PRACTICAL ASPECTS OF INFORMATION SECURITY IN SYSTEM AND COMMUNICATION NETWORKS; AUTHENTICATION SCHEMES AND PROTECTION SCHEMES USING CRYPTOGRAPHY; SECURITY PROPERTIES OF CRYPTOGRAPHIC PRIMITIVES; UNDERSTANDING OF MAIN TOOLS TO DESIGN SECURE PRIMITIVES; KNOWLEDGE AND UNDERSTANDING OF TECHNIQUES TO EXPLOIT VULNERABILITIES PENETRATING IN SYSTEMS AND INTRUSION DETECTION; KNOWLEDGE AND CLASSIFICATION OF VIRUSES AND MALWARE, AND TECHNIQUES TO ANALYZE AND DETECT THEM.

APPYING KNOWLEDGE AND UNDERSTANDING
ABILITY TO EVALUATE THE SECURITY PROPERTIES OF A SYSTEM, TO DESIGN A SIMPLE SECURE SYSTEM AND TO DEMONSTRATE ITS PROPERTIES. TO CONFIGURE AUTHENTICATION MECHANISMS AND OF SECURE EXCHANGE OF DATA THROUGH INSECURE NETWORKS. TO IDENTIFY POSSIBLE SOLUTIONS TO DEFEND INFORMATION SYSTEMS IN NETWORKS; CAPABILITY TO DETECT ATTACKS TO SYSTEMS, TO APPLY ACQUIRED KNOWLEDGE TO PREVENT AND REMOVE INTRUSIONS.
Prerequisites
BASIC CONCEPTS OF PROBABILITY, DESIGN AND ANALYSIS OF ALGORITHMS, JAVA LANGUAGE
Contents
INTRODUCTION TO CRYPTOGRAPHY AND DATA SECURITY
(LECTURE/PRACTICE/LABORATORY HOURS 2/0/0)

CLASSICAL CIPHERS, PERFECT SECURITY AND ONE-TIME PAD
(LECTURE/PRACTICE/LABORATORY HOURS 2/1/0)

RANDOMNESS AND PSEUDORANDOMNESS
(LECTURE/PRACTICE/LABORATORY HOURS 2/1/1)

SECURITY AND THREAT MODELS
(LECTURE/PRACTICE/LABORATORY HOURS 3/1/0)

PRIVATE-KEY ENCRYPTION
(LECTURE/PRACTICE/LABORATORY HOURS 2/1/1)

MODES OF OPERATION IN ENCRYPTION SCHEMES
(LECTURE/PRACTICE/LABORATORY HOURS 1/0/1)

MESSAGE AUTHENTICATION CODES (MACS)
(LECTURE/PRACTICE/LABORATORY HOURS 1/1/1)

COLLISOIN-RESISTANT HASH FUNCTIONS AND APPLICATIONS
(LECTURE/PRACTICE/LABORATORY HOURS 2/3/1)

NUMBER THEORY FOR SECURE SYSTEMS
(LECTURE/PRACTICE/LABORATORY HOURS 1/1/1)

STANDARD HARDNESS ASSUMPTIONS
(LECTURE/PRACTICE/LABORATORY HOURS 1/1/0)

KEY ESTABLISHMENT ON PUBLIC CHANNELS
(LECTURE/PRACTICE/LABORATORY HOURS 2/1/0)

PUBLIC-KEY ENCRYPTION
(LECTURE/PRACTICE/LABORATORY HOURS 1/1/1)

HYBRID ENCRYPTION
(LECTURE/PRACTICE/LABORATORY HOURS 1/0/1)

DIGITAL SIGNATURES AND APPLICATIONS
(LECTURE/PRACTICE/LABORATORY HOURS 2/3/1)

DIGITAL CERTIFICATES
(LECTURE/PRACTICE/LABORATORY HOURS 1/1/1)

SECURING TCP/IP VIA TLS
(LECTURE/PRACTICE/LABORATORY HOURS 1/1/1)

SECURING BROWSERS AND WEB SERVERS VIA HTTPS
(LECTURE/PRACTICE/LABORATORY HOURS 1/1/1)

SECRET SHARING AND DECENTRALIZATION
(LECTURE/PRACTICE/LABORATORY HOURS 1/1/1)

ANALYSIS OF THE SECURITY OF SYSTEM
(LECTURE/PRACTICE/LABORATORY HOURS 2/2/2)

TECHNIQUES FOR INTRUSION AND INTRUSION DETECTION
(LECTURE/PRACTICE/LABORATORY HOURS 1/1/1)

FIREWALL, TUNNELLING AND VPN
(LECTURE/PRACTICE/LABORATORY HOURS 1/1/1)

VIRUS AND MALWARE
(LECTURE/PRACTICE/LABORATORY HOURS 1/1/1)


TOTAL LECTURE/PRACTICE/LABORATORY HOURS 32/24/16
Teaching Methods
THE CLASS CONSISTS OF LECTURES, GUIDED EXERCISES IN THE CLASSROOM OR IN A LAB.
THE LECTURES PRESENT CRYPTOGRAPHIC PRIMITIVES, ALGORITHMS AND SECURE PROTOCOLS DISCUSSING SPECIFICALLY THEIR APPLICATIONS TO SOLVE REAL-WORLD PROBLEMS.
IN THE LAB STUDENTS ARE REQUIRED TO USE TOOLS, PROGRAMMING LANGUAGES AND LIBRARIES RELATED TO THE TOPICS DISCUSSED DURING THE LECTURES. IN THE GUIDED EXERCISES STUDENTS ARE DIVIDED IN GROUPS AND A PROJECT-WORK IS ASSIGNED TO EACH GROUP TO DEVELOP DURING THE COURSE. THE PROJECT-WORK INCLUDES THE MAIN TOPICS OF THE COURSE AND IS FINALIZED TO THE ACQUISITION OF THE CAPACITY TO USE THE APPROPRIATE TOOLS TO SOLVE A PROBLEM. THE PROJECT-WORK IS ALSO USEFUL TO DEVELOP AND STRENGTHEN THE ABILITY OF WORKING IN A TEAM.
Verification of learning
THE FINAL EXAM IS DESIGNED TO EVALUATE AS A WHOLE THE KNOWLEDGE AND UNDERSTANDING OF THE CONCEPTS PRESENTED IN THE COURSE, AND THE ABILITY TO APPLY SUCH KNOWLEDGE IN SOLVING SECURITY PROBLEMS.

THE EXAM CONSISTS OF THE EVALUATION OF THE PROJECT REALIZED DURING THE COURSE AND OF A WRITTEN EXAM.
THE EXAM WILL FOCUS ON ASSESSING KNOWLEDGE OF CRYPTOGRAPHIC PRIMITIVES, SECURITY ALGORITHMS AND PROTOCOLS, INTRUSIONS AND VULNERABILITIES. THE WORK-PROJECT WILL BE USEFUL TO ASSESS EXPERTISE IN APPLYING NOTIONS ILLUSTRATED DURING THE COURSE.
IN THE FINAL EVALUATION, EXPRESSED IN THIRTIES, THE EVALUATION OF THE PROJECT WILL IMPACT ON THE 40% OF THE FINAL VOTE, WHILE THE WRITTEN EXAM FOR THE REMAINING 60%.
Texts
THERE IS A MAIN TEXTBOOK:
JONATHAN KATZ, YEHUDA LINDELL
INTRODUCTION TO MODERN CRYPTOGRAPHY
CHAPMAN AND HALL/CRC; (AT LEAST 2ND EDITION).

SUPPLEMENTARY TEACHING MATERIAL WILL BE AVAILABLE ON THE UNIVERSITY E-LEARNING PLATFORM (HTTP://ELEARNING.UNISA.IT) ACCESSIBLE TO STUDENTS USING THEIR OWN UNIVERSITY CREDENTIALS.
More Information
THE COURSE IS HELD IN ENGLISH
  BETA VERSION Data source ESSE3