The objective of this course is to introduce the theory of the modeling of secure cryptographic systems and protocols, on the basis of the current state of the art. Moreover, another goal is to train skills on cybersecurity aimed to identify potential threats of computer and information systems, as well as to protect the related security perimeter.

01. Cybersecurity: attack and defense.
    01.01 Security perimeter.
    01.02 Kill chain: penetration testing and attack models.
    01.03 Kill chain: risk management and defense models.
    01.04 Security of the new technologies.
    01.05 Exercises of penetration testing.

02. Confidentiality and symmetric key cryptography. 
    02.01 Secret key cryptography.
    02.02 Stream ciphers.
    02.03 Block ciphers.
    02.04 Security against chosen plaintext attack.

03. Integrity, MAC and hashing algorithms.
    03.01 Message authentication code (MAC).
    03.02 Keyed hash functions.
    03.03 Keyless hash functions.

04. Authentication and symmetric key cryptography.
    04.01 Authenticated encryption.
    04.02 Public key cryptography.
    04.03 Security against chosen ciphertext attack.
    04.04 Digital signatures.

05. Cryptographic protocols.
    05.01 Identification protocols.
    05.02 Zero-knowledge proofs (ZKP).
    05.03 Authenticated key exchange.
    05.04 Advanced authentication protocols.
    05.05 Formal verification of cryptographic protocols.

There are no mandatory prerequisites.

Knowledge and understanding: the student will be able to understand the theoretical notions behind the definition of cryptographic primitives and behind the construction of secure cryptographic protocols and systems, the solutions aimed at ensuring the main classes of security properties, the management issues for corporate security perimeters and the defense techniques against cyberattacks.

Applying knowledge and understanding: the student will be able to understand the main characteristics that make cryptographic protocols secure and corporate computer systems vulnerable to cyberattacks, with the aim of being able to apply such a knowledge for the modeling of secure systems with respect to the main security properties.

Making judgements: the student will be able to identify the main vulnerabilities of a corporate computer system and to verify the robustness of security perimeters, by specifying which defense tools are more adequate in this respect.

Communication skills: the student will be able to explain appropriately how and by which technologies it is possible to guarantee the security of corporate systems. The student will be also able to determine strengths and weaknesses of the main securing techniques.

Learning skills: the student will learn the capability of estimating the security properties of a cryptographic system and the main analysis techniques used for the verification of the security perimeter of corporate systems.

The teaching material prepared by the lecturer in addition to recommended textbooks (such as for instance slides, lecture notes, exercises, bibliography) and communications from the lecturer specific to the course can be found inside the Moodle platform › blended.uniurb.it

Examples of projects conducted and presented in seminar form are available within the Moodle platform for blended learning.

Teaching

Theory lectures and laboratory exercises, both face-to-face and on-line.

Teaching is delivered in a blended mode, that is, lectures are held simultaneously in the classroom and from remote within the Moodle platform.

Innovative teaching methods

Project activities are planned for learning based on the learning-by-doing approach. The projects carried out are presented through student-led seminars.

Attendance

Although recommended, course attendance is not mandatory.

Course books

Sections 01 to 04 are covered by: Niels Ferguson, Bruce Schneier: Practical cryptography,  J. Wiley Editor, 2003.

Section 05 is covered by: Cybersecurity: Attack and Defense Strategies, Yuri Diogenes and Erdal Ozkaya, Pack Pub., 2018.

Assessment

The exam consists of an oral examination and of a project, which contribute to the same extent to the final score.

The oral examination is made out of three questions, one for each section of the course program. The aim of the oral examination is to verify communication skills and level of understanding.

The project must be decided in agreement with the lecturer and involves three alternative modes: writing a paper on a depth analysis of a topic on which the student has to prepare a lecture, or else the formal analysis of a cryptographic protocol by using automated software verification tools, or else the deployment of a virtual network in which to conduct penetration testing and validation of defense models. The aim of the project is to verify learning skills and the ability of applying knowledge and understanding, as well as to verify making judgement abilities and communication skills.

Disability and Specific Learning Disorders (SLD)

Students who have registered their disability certification or SLD certification with the Inclusion and Right to Study Office can request to use conceptual maps (for keywords) during exams.

To this end, it is necessary to send the maps, two weeks before the exam date, to the course instructor, who will verify their compliance with the university guidelines and may request modifications.

Teaching

As for attending students.

Attendance

As for attending students.

Course books

As for attending students.

Assessment

As for attending students.

Disability and Specific Learning Disorders (SLD)

Students who have registered their disability certification or SLD certification with the Inclusion and Right to Study Office can request to use conceptual maps (for keywords) during exams.

To this end, it is necessary to send the maps, two weeks before the exam date, to the course instructor, who will verify their compliance with the university guidelines and may request modifications.