Syllabus academic year 2009/2010
(Created 2009-08-11.)
SECURE SYSTEMS AND APPLICATIONSEIT015

Higher education credits: 7,5. Grading scale: TH. Level: G2 (First level). Language of instruction: The course might be given in English. Optional for: C4, C4ks, C4sd, D4, D4ks, E4. Course coordinator: Prof Ben Smeets, ben.smeets@eit.lth.se, Inst för elektro- och informationsteknik. Recommended prerequisits: EIT060 Computer Security or EDI051 Cryptology. Assessment: Grade 3,4 requires approved project reports that will be graded. Grade 5 can be obtained after successful written or oral exam. Students should sign-up for written or oral exam. Re-examination in ordinary re-examination period: NO. Home page: http://www.eit.lth.se/course/eit015.

Aim
The goal of this course is to give the students an in-depth insight into the main stream problems and solutions within computer security. This to allow the student by him/herself to select among existing solutions and/or to present solutions with good quality.

Knowledge and understanding
For a passing grade the student must

Skills and abilities
For a passing grade the student must

Judgement and approach
For a passing grade the student must

During the course you have to present and discuss your projects

Contents
Inledning: In-depth knowledge in computer security is needed when designing secure information systems and (computer) applications. In particular, it is important to understand how security protocols and cryptographic methods should be applied to obtain secure applications. Since attacks on systems will occur it is also important to understand how intrusion can be analyzed and should be dealt with in a professional way. Furthermore, one should understand how “the enemy” works and thinks to obtain his/her goal.

Computer Forensics: principles, standard practices, tools

Digital signatures: Digital signatures in reality, Public Key Infrastructure (PKI) (certificat, revocation, CA, RA, X509), XML signatures

Special crypto algorithms: blind signatures, e-voting, dual signatures

E-commerce: solutions (”Amazon.com”, ”E-cash”), micro-payment,

DRM system: DRM (ebook, OMA DRM Phase 2),

Smartcardt: ISO standard, programming, attacks

Secure networks:: authentication methods, RADIUS, DIAMETER, description and comparison of IPSEC/VPN, TLS, SSL. WLAN security. UMTS, Denial of Service (DOS) attacks, Internet security

Trusted Platforms: Hardware vs Software, Java, Secure OS, Virtualization, Trusted Computing Group (TPM, MTM, authenticated boot)

Secure programming: methodolgy, tools, code protection

Literature
Lecture notes in form of powerpoint slides and articles.