Syllabus 2007/2008 EIT015

Syllabus academic year 2007/2008

SECURE SYSTEMS AND APPLICATIONS

EIT015

Higher education credits: 7,5. Grading scale: TH. Level: G2 (First level). Language of instruction: The course might be given in English. Optional for: C4, C4ks, C4sd, D4, D4ks, E4. Course coordinator: Prof Ben Smeets, ben.smeets@it.lth.se, Inst f informationsteknologi. Recommended prerequisits: EIT060 Computer Security or EDI051 Cryptology. Assessment: Grade 3,4 requires approved project reports that will be graded. Grade 5 can be obtained after successful written or oral exam. Students should sign-up for written or oral exam. Re-examination in ordinary re-examination period: NO. Home page: http://www.it.lth.se/ssoa.

Aim
The goal of this course is to give the students an in-depth insight into the main stream problems and solutions within computer security. This to allow the student by him/herself to select among existing solutions and/or to present solutions with good quality.

Knowledge and understanding
For a passing grade the student must

Analyze a security problem in a computer system
Present solutions of good quality to many standard computer security problems
Possess detailed knowledge of building blocks used in computer security
Understand the mechanisms of the most frequent used attack methods

Skills and abilities
For a passing grade the student must

present detailed descriptions of systems that are applied to improve security in computer system
give a sound motivation of a proposal of a solution to a computer security problem

Judgement and approach
For a passing grade the student must

During the course you have to present and discuss your projects

Contents
Inledning: In-depth knowledge in computer security is needed when designing secure information systems and (computer) applications. In particular, it is important to understand how security protocols and cryptographic methods should be applied to obtain secure applications. Since attacks on systems will occur it is also important to understand how intrusion can be analyzed and should be dealt with in a professional way. Furthermore, one should understand how the enemy works and thinks to obtain his/her goal.

Computer Forensics: principles, standard practices, tools

Digital signatures: Digital signatures in reality, Public Key Infrastructure (PKI) (certificat, revocation, CA, RA, X509), XML signatures

Special crypto algorithms: blind signatures, e-voting, dual signatures

E-commerce: solutions (Amazon.com, SET, E-cash), micro-payment,

DRM system: DRM (ebook, OMA DRM Phase 2),

Smartcardt: ISO standard, programming

Secure networks:: authentication methods, RADIUS, DIAMETER, description and comparison of IPSEC/VPN, TLS, SSL. WLAN security. UMTS, Denial of Service (DOS) attacks, Internet security,

Literature
Lecture notes in form of powerpoint slides and articles.