The course aims to provide students with the theoretical and practical knowledge necessary to address the analysis, design, and implementation of secure systems in various application contexts. Initially, students will learn the fundamental concepts of cybersecurity, including the main protection services and mechanisms, threats and vulnerabilities, as well as attack and defence methodologies. Security models and protection architectures will be analysed, with a particular focus on risk management and mitigation. Subsequently, advanced defence mechanisms will be explored, including protection strategies for complex environments and emerging techniques to counter more sophisticated threats. Part of the course will focus on the theoretical and practical aspects of cryptography, which is one of the pillars of cybersecurity. The mathematical foundations of these algorithms, particularly number theory, will be explored to enable students to understand the practical and theoretical implications of the cryptographic solutions adopted in modern systems. Furthermore, part of the course will focus on the analysis and design of modern biometric systems for identity verification, as well as the related security issues. The course includes numerous practical exercises and examples, as well as a series of laboratory exercises and projects carried out in virtualised environments, which will allow students to develop practical skills in identifying and mitigating vulnerabilities.

The course is delivered in a blended e-learning format via the University of Udine's Moodle platform, with all teaching materials available online. Teaching methods include lectures, flipped classroom sessions, in-class exercises, homework assignments, and hands-on laboratory activities. Lecture recordings are available to students via Microsoft Teams.

The exam is spread over two separate days and consists of a written test, an oral examination, and a laboratory activity assigned during the course. The written test assesses theoretical knowledge, methodological understanding, and the ability to apply them to real-world problems. The oral examination and laboratory assessment will take place upon successful completion of the written test.

• Security fundamentals
  Basic concepts: confidentiality, integrity, availability, authentication, non-repudiation, levels of impact; the OSI security architecture, security threats and security attacks, attack surfaces and attack trees, security services and mechanisms.
• Mathematical background
  Introduction to number theory and cryptographic hardness assumptions; modular arithmetic, prime numbers, fundamental theorem of arithmetic, Fermat primes, Diophantine equations, Fermat's and Euler's theorems, testing for primality, the Chinese remainder theorem, discrete logarithm; algebraic structures, finite fields, polynomial arithmetic; concepts of linear algebra and linear algebra operations over a set of residues.
• Private-key cryptography
  Basics of cryptography and cryptanalysis, Shannon's theory of perfect secrecy, Kerckhoffs's principle; symmetric encryption, substitution and transposition techniques, OTP, frequency analysis and Kasiski analysis; block ciphers, confusion and diffusion, avalanche effect, Feistel structure; DES and 3DES algorithms; AES algorithm; stream ciphers, RC4 algorithm; meet-in-the-middle attack, block cipher modes of operation; application examples.
• Public-key cryptography and hash functions
  Asymmetric encryption, RSA public-key encryption algorithm, Diffie–Hellman key exchange protocol, cryptographic hash functions, security of hash functions, message authentication codes (MAC and HMAC), digital signatures and authentication protocols; key management and distribution (KDC and CA), X.509; application examples.
• Protocols and design principles for security in computer networks
  Overview of computer networking; transport-level security: web security threats, Secure Sockets Layer (SSL) and Transport Layer Security (TLS), HTTPS, Secure Shell (SSH), Secure Eleccronic Transaction (SET); IP Security: VPN, IPsec architecture, encapsulating security payload and authentication header, IPSec services, security association, transport and tunnel modes; wireless LAN and wireless LAN security (IEEE 802.11i), WLAN security services and phases of operation.
• Network endpoint security
  Content filtering and proxy servers: firewall characteristics and access policy, packet filtering firewall, stateful inspection firewall, application-level proxy, circuit-level proxy, DMZ, firewall location and configurations; intrusion detection systems: intruders, approaches to intrusion detection, host-based and network-based IDSs, honeypots.
• Malicious software
  Types of malwares (virus, worm, rootkit, backdoor, etc.), propagation, payload, malware defense and countermeasures; denial-of-service (DoS) attack, flooding attacks, distributed DoS (DDoS), types of flooding-based DDoS attacks, defenses against DoS attacks.
• Software security and vulnerabilities
  Stack buffer overflows, defending against buffer overflows, handling program input, SQL injection, code injection and countermeasures; application examples.
• User authentication and biometric security
  Password-based authentication, token-based authentication, biometric authentication, remote user authentication; introduction to biometrics, biometric systems classification, biometric system architecture and operating modes, multimodal biometrics; criteria for system performance evaluation, biometric systems vulnerabilities; practical application and biometric systems implementation.
• Laboratory activities
  Virtualisation and virtual machines (VMs), virtual networking and operating systems (debian-based distro, freeBSD, and Kali linux), OSINT; security-oriented network configurations using pfSense; offensive security and implementation of attacks (e.g., host discovery, port scanning, IP spoofing, DNS cache snooping, keylogging, password cracking, network sniffing, DHCP starvation attack, MAC flooding, ARP poisoning, DNS poisoning, TCP/IP session hijacking, DoS/DDoS attacks, wireless hacking, etc.); penetration testing; capture the flag (CTF) challenge.

1. W. Stallings, “Cryptography and Network Security: Principles and Practices”, 8th edition, Pearson, 2020
2. J.F. Kurose and K.W. Ross, “Computer networking: a top-down approach”, 7th edition, Pearson, 2017
3. J.M. Kizza, “Guide to Computer Network Security”, 4th edition, Springer, 2017
4. D. Palma and P. L. Montessoro, “Biometric-Based Human Recognition Systems: An Overview”, in Recent Advances in Biometrics, IntechOpen, London, 2022

Attempting attacks on real systems is illegal and may lead to prosecution. All experiments must be conducted using test environments only. I do not promote malicious practices and I will not be responsible for any illegal activities.