Information Security (IN0693)
6
max ECTS
48
overall hours
scientific sector
ING-INF/05

Location:

University of Udine - Scientific Pole

General info:

The course is provided in blended e-learning mode using the Moodle platform of the University of Udine and the whole teaching material will be available on-line. Teaching methods include lectures, flipped classroom, classroom exercises, and laboratory activities.

Objectives:

The course aims at providing students with the knowledge and methods to deal with the analysis, design, and implementation of secure systems in different application contexts. First, students learn the security fundamentals, such as security services and mechanisms, threats and vulnerabilities, attacks, defenses, security models, etc. Various mechanisms for the implementation of effective defense services will then be investigated, analysing both the theoretical and practical aspects and finally introducing some advanced topics in the field of information security. The course is accompanied by numerous practical examples and exercises as well as laboratory experiences and hands-on projects.

Examination methods:

The exam is distributed over two separate days and it comprises a written test and an oral test in addition to the development of a laboratory activity assigned during the course. The written examination is devoted to assessing both the student's knowledge and understanding of theory and methods related to the topics covered in the course, as well as the student's ability to apply this knowledge to solve real‐world problems. The oral interview plus the evaluation of the laboratory activity report will take place after passing the written test.

Course content:

  • Security fundamentals
    confidentiality, integrity, availability, authentication, non-repudiation; security threats and possible security attacks; security breach attack techniques; security services and mechanisms.
  • Cryptography
    basics of cryptography and cryptanalysis, elements of number theory, private-key encryption, symmetric encryption algorithms; public-key encryption, asymmetric encryption algorithms, key management and distribution; message integrity and authentication, cryptographic hash functions, message authentication codes (MAC, HMAC, CMAC, etc.), digital signatures and certificates; applications.
  • Software security and vulnerabilities
    input validation, buffer overflow, SQL injection, code injection and countermeasures, malicious software.
  • Network security and vulnerabilities
    overview of computer networking, spoofing, sniffing, mapping, MAC flooding, ARP poisoning, DNS vulnerabilities, TCP session hijacking, man-in-the-middle attacks, Denial of Service attacks, etc; security and vulnerabilities of wireless networks.
  • Protocols and design principles for security in computer networks
    network, transport, and application layers security by means of cryptography (SSL, TLS, SET, SSH, VPN, IPSEC, HTTPS…); models, AAA, DAC, MAC, AM.
  • Systems security
    intruders, intrusion detection, password management; demilitarised zone, content filtering and proxy server, firewalls.
  • Biometrics and security
    introduction to biometrics and the biometric security systems, application fields for biometrics; biometric systems architecture and operating modes; biometric systems vulnerabilities; criteria for performance evaluation of biometric-based security systems; basic mathematical notions and examples of biometric recognition systems implementation.
  • Laboratory activities
    virtualisation and virtual machines (VMs); operating environment; security-oriented network configurations based on virtual machines, attacks implementation and countermeasures verification.

Books:

  1. W. Stallings, "Cryptography and Network Security: Principles and Practices", 8th edition, Pearson, 2020
  2. J.F. Kurose and K.W. Ross, "Computer networking: a top-down approach", 7th edition, Pearson, 2017
  3. J.M. Kizza, "Guide to Computer Network Security", 4th edition, Springer, 2017
  4. D. Palma and P.L. Montessoro, "Biometric-Based Human Recognition Systems: An Overview", in Recent Advances in Biometrics, IntechOpen, London, 2022

Note:

Trying attacks on real systems is against law and you might be prosecuted. Always do experiments with test hosts and users. I don't promote malicious practices and I will not be responsible for any illegal activities.