191.124 Fundamentals of Security and Privacy
This course is in all assigned curricula part of the STEOP.
This course is in at least 1 assigned curriculum part of the STEOP.

2022S, VU, 2.0h, 3.0EC
Lecture TubeTUWEL

Properties

  • Semester hours: 2.0
  • Credits: 3.0
  • Type: VU Lecture and Exercise
  • LectureTube course
  • Format: Distance Learning

Learning outcomes

After successful completion of the course, students are able to:

  • understand the main challenges in modern IT systems in the field of security and privacy
  • explain the fundamental concepts of existing technologies and tools aimed at protecting the security of IT systems and the privacy of users
  • identify simple software vulnerabilities in existing IT systems and application and understand their impact in terms of security and privacy

Subject of course

First part: Cryptography and its applications

  • Fundamentals of symmetric cryptography: basic encryption schemes, product ciphers, stream and block ciphers, the AES algorithm, modes of operation, usage of cryptographic libraries in the programming language Python
  • Fundamentals of asymmetric cryptography: the RSA algorithm, the Diffie-Hellman key exchange protocol, Man-in-the-Middle attacks, implementation and usage of asymmetric encryption schemes in Python
  • One-Way-Hash functions and Message Authentication Codes
  • Digital signatures, certificates and Public-Key-Infrastructures
  • Identification and authentication methods, 2-factor authentication, overview of Single-Sign-On systems deployed on the Internet, authentication methods employed in the most common operating systems, password cracking with the tool John the Ripper 

Second part: Security and Privacy on the Internet

  • Fundamental of networks (IP addresses, ports, protocols), analysis of network traffic with the tool Wireshark
  • Firewall systems
  • E-Mail security and encryption (PGP and S/MIME)
  • Fundamental technologies of the Internet: protocols (HTTP, TLS), languages (HTML, JavaScript) and anatomy of a Web application (with examples in Python)
  • Web attacks: Cross-Site-Scripting (XSS), Cross-Site-Request-Forgery (CSRF), SQL Injections, command injection
  • Technologies for the protection of users’ privacy on the Internet (VPN, TOR), End-to-End encryption and its applications for secure communication (Whatsapp, Signal)

Teaching methods

The course will be held in Distance Learning. During the lectures, which will be offered online over Zoom meetings, the topics of the course will be clarified and practical examples and applications will be discussed. Lectures are registered and the recordings will be published in TUWEL in the next 1-2 days. Students must enroll to the course on TISS to obtain access to the TUWEL platform. 

In order to strengthen and put in practice the concepts explained during the lectures, students are required to solve practical assignments including the development of small programs in Python, the usage of the tools presented during the course to carry out some tasks or analyze the source code of small web applications to identify vulnerabilities and exploit them. 

Aside from lectures, we will provide regular meetings (over Zoom) where the students can be supported by tutors and lecturers in the solution of their homework and where they can ask questions to the topics presented during the course.

Mode of examination

Immanent

Additional information

ECTS-Breakdown (3 ECTS: 75 Stunden)

  • 14h: Participation to lectures
  • 40h: Homework
  • 18h: Self-study and preparation to tests
  • 3h: Participation to tests

Lecturers

Institute

Course dates

DayTimeDateLocationDescription
Thu18:00 - 19:4503.03.2022 - 02.06.2022 OnlineLecture
Fundamentals of Security and Privacy - Single appointments
DayDateTimeLocationDescription
Thu03.03.202218:00 - 19:45 OnlineLecture
Thu10.03.202218:00 - 19:45 OnlineLecture
Thu17.03.202218:00 - 19:45 OnlineLecture
Thu24.03.202218:00 - 19:45 OnlineLecture
Thu31.03.202218:00 - 19:45 OnlineLecture
Thu07.04.202218:00 - 19:45 OnlineLecture
Thu05.05.202218:00 - 19:45 OnlineLecture
Thu12.05.202218:00 - 19:45 OnlineLecture
Thu19.05.202218:00 - 19:45 OnlineLecture
Thu02.06.202218:00 - 19:45 OnlineLecture

Examination modalities

The evaluation is based on the performance obtained by the students in the following parts:

  • Exercise part: up to 50 points
  • 1st test: up to 25 points
  • 2nd test: up to 25 points

The number of points of the exercise part is given by the sum of the scores obtained in the various assignments. Assignments that are not handed in are worth 0 points. 

Two different attempts are offered for each of the two tests: the first one during the semester, the second one before the beginning of the winter semester (mid of September). Tests will take place online over Zoom meetings and a camera (either on the laptop or on an additional device like a smartphone) must be active for the entire duration of the exam. Tests will consist of multiple-choice questions and open answer questions about the contents of the course and the topics treated in the assignments. For every test, students can take part to both attempts (e.g., to improve their grade), but only the last handed in attempt will be considered.

In order to pass the course, students must obtain at least 50% of the points in each of the evaluation items (25 points in the exercise part, 12.5 points in each of the two tests).

The final grade of the course is derived from the number of obtained points as follows:

  • from 87.5 to 100 points: 1 (sehr gut)
  • from 75 up to 87.5 points (excluded): 2 (gut)
  • from 62.5 up to 75 points (excluded): 3 (befriedigend)
  • from 50 up to 62.5 points (excluded): 4 (genügend)
  • below 50 points: 5 (nicht genügend)

Exams

DayTimeDateRoomMode of examinationApplication timeApplication modeExam
Thu18:00 - 20:0015.09.2022 Onlineassessed01.07.2022 00:00 - 14.09.2022 20:00TISS1. Test - 2. Termin
Thu18:00 - 20:0022.09.2022 Onlineassessed01.07.2022 00:00 - 21.09.2022 20:00TISS2. Test - 2. Termin

Course registration

Begin End Deregistration end
15.02.2022 00:00 17.03.2022 00:00 17.03.2022 00:00

Precondition

The student must have at least all of the course(s) completed listed below:

Curricula

Study CodeSemesterPrecon.Info
045 006 Digital Skills STEOP
Course requires the completion of the introductory and orientation phase

Literature

Some of the topics of the course are covered in the following book:
 
  • Cyber-Sicherheit: Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und Eigenschaften von Cyber-Sicherheitssystemen in der Digitalisierung (in German)
    Taschenbuch – 12. August 2019 von Norbert Pohlmann
    ISBN 978-3-658-25398-1
    https://norbert-pohlmann.com/cyber-sicherheit/

Previous knowledge

  • Experience in programming with Python acquired by successfully completing the course Fundamentals of programming and algorithms.
  • Knowledge of the SQL language, as taught in the course Foundations of information systems, is an advantage.

Preceding courses

Continuative courses

Language

German