IT Security and Cryptography in Practice

Code

IT-SCP1

Version

2.0

Offered by

ICT Engineering

ECTS

Prerequisites

The participants should have participated in an introductory security course whose competencies match those obtained in the Software Engineering course Network and Security.

Since the course is a student led seminar, the number of participating students cannot exceed 8. The students are selected based on their application which should contain a clear and well-formulated project idea.

Main purpose

IT Security and Cryptography in Practice is an elective course at the Software Engineering Programme. It is offered in the spring and fall semesters. This course is student-driven and is focused on the real-world application of IT security in a practical environment. It includes experiencing how information and risk, threats and attacks, cyber security architecture and operations, secure systems hardening and usability and cyber security management are applied to provide resilience in practical context. Students who do this course will obtain practical experience in the design, implementation, and evaluation of cyber security approaches.

This course deals with advanced and practical aspects of IT and Cyber security and the students acquire knowledge, skills and competencies used when designing and implementing security and cryptography in practice.

The course has two components: i) Student-driven seminars where the students meet and discuss their ideas and projects. These projects must have an intended purpose and may be derived from the students’ practical experiences, ii) A research report where the students demonstrate their professional maturity in terms of designing, discussing and implementing IT Security and cryptography.

These applications may include but are in no way limited to:
- Elliptic Curve Cryptography
- Digital Signatures
- Zero-knowledge Proofs
- Post Quantum Cryptography
- Anonymous Communication (TOR)
- Bitcoins and/or other cryptocurrencies
- Blockchain Technology
- (Pseudo-)Random Bit Generators
- Fast exponentiation
- Factoring/Discrete Log Algorithms
- Finding provable primes
- Dual EC
- Kleptography
- The Security of cloud computing
- TLS and Web security
- Triple Handshake Attack
- Wireless and Network Security
- IP Security
- Insecurity of GSM communication
- Station-to-Station Security
- Wireless (In)security
- IoT Security
- Privacy and GDPR
- (Mis)uses of IPSEC
- Two-Factor Authentication

Knowledge

After successfully completing the course, the student will have gained

- an understanding of the cross-disciplinary nature of cyber security, and the complexities, challenges and wider implications of the contexts in which cyber security problems occur in the workplace.
- knowledge about several key implementations of cryptography and other IT-security related issues.

Skills

After successfully completing the course, the student will be able to

- Draw on and apply relevant IT security approaches, tools and frameworks for IT security enquiry to different settings in real world situations.
- Frame and address IT security problems, questions and issues as a IT security project, being aware of the environment and context in which the problem exists.

Competences

After successfully completing the course, the student will have acquired competences in

- Applying complex cryptographic primitives to real-world cases
- Documenting and explaining an IT-security project clearly and unambiguously to peers
- Reviewing, evaluating and reflecting upon knowledge, skills and practices in cyber security.

Topics

Teaching methods and study activities

The course is built up around three seminars:

An introductory seminar, a midway seminar and a final seminar. All seminars are student-driven and the instructor acts more so as an organiser and facilitator. The students will also be coupled with a peer in order to receive feedback and sparring.

Resources

The students must research and find their own sources.

Evaluation

Examination

Exam prerequisites:
3 mandatory assignments handed in:

1) A 1-page summary of their project idea.
2) A 1-page summary of their midterm seminar report.
3) A 1-page summary of their final report.

If a student fails to meet one or more of the above mandatory assignments, the student will be given an extra assignment, to qualify for re-exam. The scope of this assignment depends on the scope of the missing requirements.

Type of exam:
The exam has ongoing assessment.
Midway exam based on Midway Paper (30%)
Final Exam based on Final Paper (70%)
Internal assessment

Tools allowed:
All

Re-exam:
The re-exam consists of two parts:

1) A 1-page summary of each of the main topics in the course, incl. the student’s own topic (10%)
2) A 20-minute oral exam based on Final Paper (90%)

The student may choose to resubmit a revised version of the final paper.
The main topics of the course are determined by the students at the beginning of the course and consists of the topics of their final paper.