Background and Learning Objectives
The large-scale deployment of Internet-based services and the open nature of the Internet come alongside with the increase of security threats against existing services. As the size of the global network grows, the incentives of attackers to abuse the operation of online applications also increase and their advantage in mounting successful attacks becomes considerable.
These cyber-attacks often target the resources, availability, and operation of online services. In the recent years, a considerable number of online services such as Amazon, CNN, eBay, and Yahoo were hit by online attacks; the losses in revenues of Amazon and Yahoo were almost 1.1 million US dollars. With an increasing number of services relying on online resources, security becomes an essential component of every system.
Content Description
This lecture covers the security of computer, software systems, and tamper resistant hardware. The course starts with a basic introduction on encryption functions, spanning both symmetric and asymmetric encryption techniques, discusses the security of the current encryption standard AES and explains the concept of Zero-Knowledge proofs. The course then continues with a careful examination of wired and wireless network security issues, and web security threats and mechanisms. This part also extends to analysis of buffer overflows. Finally, the course also covers a set of selected security topics such as trusted computing and electronic voting.
Topics:
-
Encryption Schemes (Private Key vs. Public Key, Block cipher security) and Cryptographic Protocols
-
Cryptanalysis,e.g., side channel attacks
-
Network Security
-
Wireless Security
-
Web Security (SQL, X-Site Scripting)
-
Buffer Overflows
-
Malware & Botnets
-
Trusted computing
-
Electronic Voting
-
OS Security