72942 - Information Security M

Learning outcomes

At the end of the course, the student will have in-depth knowledge of the algorithms, mechanisms, protocols, and main management infrastructures for protecting information security and computing systems against intentional attacks. The student will also learn the fundamental theoretical concepts underlying the construction of cryptographic mechanisms.

In particular, thanks to the acquired knowledge, the student will be able to apply and adopt the most suitable mechanisms, protocols, and infrastructures depending on the specific characteristics of the application contexts. Moreover, the student will be capable of designing security mechanisms/services based on well-defined engineering principles and reasoned criteria, aiming to achieve the best possible balance between security needs and other application requirements (usability, maintainability, scalability, etc.).

Course contents

The aim of the course is to provide an in-depth study of the models, systems and mechanisms for securing processing systems with both a theoretical and a practical focus.

Suggested background: to gain more from the course it is important to have clear the concepts and tools provided by the computer networks, operating systems and computer security laboratory courses.

 The course contents are divided into three macro-areas:

1. Modern cryptography applied

• Insights and pitfalls in using PRNG, stream ciphers and block ciphers, cryptographically secure hash functions, asymmetric ciphers
• Examples of attacks based on the incorrect use of ciphers and correct methods of use
• Examples of cryptographic applications in some scenarios (wireless networks, cloud, IoT, ..)
• Symmetric and asymmetric cryptographic key management models and systems (Key distribution center, PKI, PGP)

2. Authentication Models and Systems

• Recalls on authentication systems and principles of designing secure authentication protocols
• Single Sign-on authentication models with related examples of protocols / systems (Kerberos, ...)
• Federated authentication models with relative examples of protocols / systems (Oauth, OpenID, SAML, ..)

3. Blockchain technologies

• Principles of operation
• Hints of operation of the Bitcoin and Ethereum platforms

The course will be accompanied by a set of practical lab exercises, in which students will be encouraged to carry out guided activities in the form of personal and independent work. The texts and solutions of the exercises will be made available on the course website.

Readings/Bibliography

Slides on the course web site
References:

[1] Bruce Schneier: “Applied Cryptography ” John Wiley 1996

[2] A.J. Menezes, P.C. Van Oorschot, S.A. Vanstone: “Handbook of Applied Cryptography” CRC Press 1997

[3] William Stalling: “Sicurezza delle reti. Applicazioni e standard ” Addison Wesley Longman Italia

[4] William Stallings: "Crittografia e sicurezza delle reti", Mc Graw Hill

[5] G. Karame, E. Androulaki: "Bitcoin and Blockchain Security", Artech House computer security series

Teaching methods

Lectures will include the presentation and discussion of the course content.

The course will be complemented by a set of group work activities focused on the discussion of real-world use cases, as well as a set of practical lab exercises in which students will be encouraged to carry out guided activities through personal and independent work.

Assessment methods

The course includes a final written exam aimed at assessing the level of learning achieved, both in terms of architectural design methodologies and models, and in terms of implementation skills related to the main technologies and systems described and used during the course.
The written exam, lasting approximately 120–150 minutes, will consist of at least six questions, partly focused on verifying theoretical knowledge and partly on solving practical exercises involving the technologies explored during the course.

A practical assignment to be completed independently is also required and will be presented and discussed in person.

The final grade is based on the result of the written exam. Passing the practical assignment is mandatory for the written exam grade to be recorded, but it does not contribute to the final grade.

Students may also choose to associate the project activity of Sicurezza dell'Informazione M (3CFU) with this course.

Teaching tools

The material presented during lectures (slides, solved exercises, suggested exercises, examples, and project proposals) will be fully made available on the course website on Virtuale @UNIBO (not yet available and to be populated progressively during the course).

This material should be considered the primary study resource for exam preparation; the suggested bibliography is provided as optional support and integration.

Students with learning disorders and\or temporary or permanent disabilities: please, contact the office responsible (https://site.unibo.it/studenti-con-disabilita-e-dsa/en/for-students ) as soon as possible so that they can propose acceptable adjustments. The request for adaptation must be submitted in advance (15 days before the exam date) to the lecturer, who will assess the appropriateness of the adjustments, taking into account the teaching objectives.

Office hours

See the website of Rebecca Montanari