Advanced Web Security
Avancerad webbsäkerhet

EITN41, 7.5 credits, A (Second Cycle)

Valid for: 2026/27
Faculty: Faculty of Engineering LTH
Decided by: PLED C/D
Date of Decision: 2026-04-16

General Information

Depth of study relative to the degree requirements: Second cycle, in-depth level of the course cannot be classified
Elective for: BME5, C4-sec, C4-pvs, D4-ns, E5
Language of instruction: The course will be given in English

Aim

The course aims at deepen the student’s knowledge about the security problems and solutions that relate to web based technology. Some areas requiring use of cryptographic primitives will be addressed in detail. Knowledge of these will give the student tools to understand also related areas.

Learning outcomes

Knowledge and understanding
For a passing grade the student must

• Describe some advanced security problems that arise when using web based services.
• Describe how cryptographic data can be represented on the web.
• Describe possibilities and problems related to e-commerce and electronic payments.

Competences and skills
For a passing grade the student must

• Be able to analyze the security protocols, identify weaknesses and problems and be able to propose solutions.
• Show that you understand the technical solutions that are used to avoid a security flaw.
• Show that you understand the security limitations in the protocols.
• Apply the design choices of the studied protocols to other protocols.
• Be able to implement a given security protocol

Judgement and approach
For a passing grade the student must

• Be able to discuss and present your solutions to the home assignments.
• Be able to discuss the design choices of the security protocols discussed in the course.

Contents

Data representations: CMS, ASN.1, BER, CER and DER encoding

PKI and Web Security: PKCS#12, CRL, OCSP, signing procedures, identity based cryptosystems

Anonymity: Anonymity solutions, Chaum mixes, Tor, attacks

E-voting: E-voting protocols, homomorphic encryption, ZK-proofs, threshold decryption

Secure messaging: OTR, the Signal protocol

e-commerce: Electronic payments, SET, 3D Secure, Bitcoin and Blockchains, untraceable E-cash

All course material and lectures will be in English.

Examination details

Grading scale: TH - (U, 3, 4, 5) - (Fail, Three, Four, Five)
Assessment:

o obtain a pass, passing grades for the assignments, the theory quiz, and the hacking project are required. The hacking projects are carried out in pairs and are presented orally.
For a grade of 4, an additional passing hacking project, a passing grade for a specified advanced implementation assignment (possibly completed in pairs), and a passing oral examination are required.
For a grade of 5, an additional passing hacking project, a passing grade for an open, self-defined advanced implementation assignment, and a passing oral examination are required.

The examiner, in consultation with Disability Support Services, may deviate from the regular form of examination in order to provide a permanently disabled student with a form of examination equivalent to that of a student without a disability.

Modules
Code: 0119. Name: Home Assignments.
Credits: 7.5. Grading scale: TH - (U, 3, 4, 5).

Admission

Admission requirements:

• (EDAA80 Introduction to Programming or EDAA50 Programming, First Course or EDAB05 Introduction to Programming or EDAA45 Introduction to Programming or EDAA55 Programming, First Course) and (EITA25 Computer Security or EIT060 Computer Security)

Reading list

• Lecture notes.
• Academic articles.

Contact

Course coordinator: Paul Stankovski Wagner, paul.stankovski_wagner@eit.lth.se
Course homepage: https://www.eit.lth.se/course/EITN41

Further information