Class Description

Course_ID: MYE007

Weekly Hours: 5

Semester: >=6

ECTS Credits: 5

Course Homepage: http://www.cse.uoi.gr/~stergios/teaching/mye007

Description:

Introduction to security: computer security, security model, attacks, OSI security architecture, functional requirements and strategy

Symmetric cryptography: definitions, requirements, Feistel structure, DES, 3DES, AES, stream ciphers, modes, secret key distribution

Elements of number theory: birthday paradox, divisibility and prime numbers, Euler’s Totient function, Euclidian algorithm

Public-key cryptography: steps, requirements, RSA, Diffie-Hellman, message authentication code (MAC), one-way hash function (SHA-1, SHA-512, MD5), HMAC, digital signatures

Software security: buffer-overflow attack, shellcode, secure programming, defensive programming, command/SQL injection, cross-site scripting (XXS), time-of-check-to-time-of-use (TOCTOU)

Security of computer systems: access control, discretionary access control, role-based access control, mandatory access control (Bell-Lapadula, Biba), trusted computing, trusted platform module (TPM)

Network security: denial of service, spoofing, reflection, firewall, network address translation (NAT)

Internet security: Internet Protocol Security (IPSec) protocol, security association, authentication header and encapsulating security payload, transport and tunnel mode

Web security: protocol for web traffic security (SSL/TLS), protocol for secure use of credit cards (SET)

Distributed authentication: Kerberos protocol, X.509 authentication service

Blockchain and cryptocurrency: block, blockchain, address, transaction, consensus, proof of work, mining

Programming development of software (buffer overflow) and network (man-in-the-middle) attacks.