After successful completion of the course, students are able to:

• understand the main challenges in modern IT systems in the field of security and privacy
• explain the fundamental concepts of existing technologies and tools aimed at protecting the security of IT systems and the privacy of users
• identify simple software vulnerabilities in existing IT systems and application and understand their impact in terms of security and privacy

First part: Cryptography and its applications

• Fundamentals of symmetric cryptography: basic encryption schemes, product ciphers, stream and block ciphers, the AES algorithm, modes of operation, usage of cryptographic libraries in the programming language Python
• Fundamentals of asymmetric cryptography: the RSA algorithm, the Diffie-Hellman key exchange protocol, Man-in-the-Middle attacks, implementation and usage of asymmetric encryption schemes in Python
• One-Way-Hash functions and Message Authentication Codes
• Digital signatures, certificates and Public-Key-Infrastructures
• Identification and authentication methods, 2-factor authentication, overview of Single-Sign-On systems deployed on the Internet, authentication methods employed in the most common operating systems, password cracking with the tool John the Ripper 

Second part: Security and Privacy on the Internet

• Fundamental of networks (IP addresses, ports, protocols), analysis of network traffic with the tool Wireshark
• Firewall systems
• E-Mail security and encryption (PGP and S/MIME)
• Fundamental technologies of the Internet: protocols (HTTP, TLS), languages (HTML, JavaScript) and anatomy of a Web application (with examples in Python)
• Web attacks: Cross-Site-Scripting (XSS), Cross-Site-Request-Forgery (CSRF), SQL Injections, command injection
• Technologies for the protection of users’ privacy on the Internet (VPN, TOR)
• Malware and related defense mechanisms

The course will be held in presence. During the lectures, which can be followed in place or over a live stream, the topics of the course will be clarified and practical examples and applications will be discussed. Lectures are registered and the recordings will be published in TUWEL in the next 1-2 days. Students must enroll to the course on TISS to obtain access to the TUWEL platform.

Should unpredictable events occur that prevent the offering of lectures in place for a certain period of time, the course will be temporarily switched to Distance Learning. In such a case, lectures will be offered online over Zoom and the recordings will be uploaded after a couple of days on TUWEL. Eventual changes will be notified per e-mail and on the TUWEL forum.

In order to strengthen and put in practice the concepts explained during the lectures, students are required to solve practical assignments including the development of small programs in Python, the usage of the tools presented during the course to carry out some tasks or analyze the source code of small web applications to identify vulnerabilities and exploit them. 

Aside from lectures, we will provide regular meetings (over Zoom) where the students can be supported by tutors and lecturers in developing the solution of their homework and where they can ask questions to the topics presented during the course.

ECTS-Breakdown (3 ECTS: 75 Stunden)

• 14h: Participation to lectures
• 40h: Homework
• 18h: Self-study and preparation to tests
• 3h: Participation to tests

The evaluation is based on the performance obtained by the students in the following parts:

• Exercise part: up to 50 points
• 1^st test: up to 25 points
• 2^nd test: up to 25 points

The number of points of the exercise part is given by the sum of the scores obtained in the various assignments. Assignments that are not handed in are worth 0 points. 

Two different attempts are offered for each of the two tests: the first one during the semester, the second one before the beginning of the winter semester (mid of September). Tests are scheduled to take place in presence: if this is not possible (e.g., because of a lockdown or restrictions concerning the attendance at the university), tests will take place online over Zoom meetings and a camera (either on the laptop or on an additional device like a smartphone) must be active for the entire duration of the exam.

Tests will consist of multiple-choice questions and open answer questions about the contents of the course and the topics treated in the assignments. For every test, students can take part to both attempts (e.g., to improve their grade), but only the last handed in attempt will be considered.

Please notice that this course is only offered to students of the curriculum Digital Skills (study code 045 006). Registrations of students with different study codes will not be accepted.

• Cyber-Sicherheit: Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und Eigenschaften von Cyber-Sicherheitssystemen in der Digitalisierung (in German)
  Taschenbuch – 12. August 2019 von Norbert Pohlmann
  ISBN 978-3-658-25398-1
  https://norbert-pohlmann.com/cyber-sicherheit/

• Experience in programming with Python acquired by successfully completing the course Fundamentals of programming and algorithms.
• Knowledge of the SQL language, as taught in the course Foundations of information systems, is an advantage.