Search result: Catalogue data in Spring Semester 2020
Cyber Security Master ![]() | ||||||
![]() | ||||||
![]() ![]() | ||||||
Number | Title | Type | ECTS | Hours | Lecturers | |
---|---|---|---|---|---|---|
263-4660-00L | Applied Cryptography ![]() ![]() Number of participants limited to 150. | W | 8 credits | 3V + 2U + 2P | K. Paterson | |
Abstract | This course will introduce the basic primitives of cryptography, using rigorous syntax and game-based security definitions. The course will show how these primitives can be combined to build cryptographic protocols and systems. | |||||
Learning objective | The goal of the course is to put students' understanding of cryptography on sound foundations, to enable them to start to build well-designed cryptographic systems, and to expose them to some of the pitfalls that arise when doing so. | |||||
Content | Basic symmetric primitives (block ciphers, modes, hash functions); generic composition; AEAD; basic secure channels; basic public key primitives (encryption,signature, DH key exchange); ECC; randomness; applications. | |||||
Literature | Textbook: Boneh and Shoup, “A Graduate Course in Applied Cryptography”, https://crypto.stanford.edu/~dabo/cryptobook/BonehShoup_0_4.pdf. | |||||
Prerequisites / Notice | Ideally, students will have taken the D-INFK Bachelors course “Information Security" or an equivalent course at Bachelors level. | |||||
![]() ![]() | ||||||
Number | Title | Type | ECTS | Hours | Lecturers | |
252-0408-00L | Cryptographic Protocols ![]() | W | 6 credits | 2V + 2U + 1A | M. Hirt, U. Maurer | |
Abstract | The course presents a selection of hot research topics in cryptography. The choice of topics varies and may include provable security, interactive proofs, zero-knowledge protocols, secret sharing, secure multi-party computation, e-voting, etc. | |||||
Learning objective | Indroduction to a very active research area with many gems and paradoxical results. Spark interest in fundamental problems. | |||||
Content | The course presents a selection of hot research topics in cryptography. The choice of topics varies and may include provable security, interactive proofs, zero-knowledge protocols, secret sharing, secure multi-party computation, e-voting, etc. | |||||
Lecture notes | the lecture notes are in German, but they are not required as the entire course material is documented also in other course material (in english). | |||||
Prerequisites / Notice | A basic understanding of fundamental cryptographic concepts (as taught for example in the course Information Security or in the course Cryptography Foundations) is useful, but not required. | |||||
263-2925-00L | Program Analysis for System Security and Reliability ![]() | W | 6 credits | 2V + 1U + 2A | P. Tsankov | |
Abstract | Security issues in modern systems (blockchains, datacenters, AI) result in billions of losses due to hacks. This course introduces the security issues in modern systems and state-of-the-art automated techniques for building secure and reliable systems. The course has a practical focus and covers systems built by successful ETH spin-offs. | |||||
Learning objective | * Learn about security issues in modern systems -- blockchains, smart contracts, AI-based systems (e.g., autonomous cars), data centers -- and why they are challenging to address. * Understand how the latest automated analysis techniques work, both discrete and probabilistic. * Understand how these techniques combine with machine-learning methods, both supervised and unsupervised. * Understand how to use these methods to build reliable and secure modern systems. * Learn about new open problems that if solved can lead to research and commercial impact. | |||||
Content | Part I: Security of Blockchains - We will cover existing blockchains (e.g., Ethereum, Bitcoin), how they work, what the core security issues are, and how these have led to massive financial losses. - We will show how to extract useful information about smart contracts and transactions using interactive analysis frameworks for querying blockchains (e.g. Google's Ethereum BigQuery). - We will discuss the state-of-the-art security tools (e.g., https://securify.ch) for ensuring that smart contracts are free of security vulnerabilities. - We will study the latest automated reasoning systems (e.g., https://verx.ch) for checking custom (temporal) properties of smart contracts and illustrate their operation on real-world use cases. - We will study the underlying methods for automated reasoning and testing (e.g., abstract interpretation, symbolic execution, fuzzing) are used to build such tools. Part II: Security of Datacenters and Networks - We will show how to ensure that datacenters and ISPs are secured using declarative reasoning methods (e.g., Datalog). We will also see how to automatically synthesize secure configurations (e.g. using SyNET and NetComplete) which lead to desirable behaviors, thus automating the job of the network operator and avoiding critical errors. - We will discuss how to apply modern discrete probabilistic inference (e.g., PSI and Bayonet) so to reason about probabilistic network properties (e.g., the probability of a packet reaching a destination if links fail). Part III: Machine Learning for Security - We will discuss how machine learning models for structured prediction are used to address security tasks, including de-obfuscation of binaries (Debin: https://debin.ai), Android APKs (DeGuard: http://apk-deguard.com) and JavaScript (JSNice: http://jsnice.org). - We will study to leverage program abstractions in combination with clustering techniques to learn security rules for cryptography APIs from large codebases. - We will study how to automatically learn to identify security vulnerabilities related to the handling of untrusted inputs (cross-Site scripting, SQL injection, path traversal, remote code execution) from large codebases. To gain a deeper understanding, the course will involve a hands-on programming project where the methods studied in the class will be applied. | |||||
263-4600-00L | Formal Methods for Information Security ![]() | W | 5 credits | 2V + 1U + 1A | R. Sasse, C. Sprenger | |
Abstract | The course focuses on formal methods for the modelling and analysis of security protocols for critical systems, ranging from authentication protocols for network security to electronic voting protocols and online banking. | |||||
Learning objective | The students will learn the key ideas and theoretical foundations of formal modelling and analysis of security protocols. The students will complement their theoretical knowledge by solving practical exercises, completing a small project, and using state-of-the-art tools. | |||||
Content | The course treats formal methods mainly for the modelling and analysis of security protocols. Cryptographic protocols (such as SSL/TLS, SSH, Kerberos, SAML single-sign on, and IPSec) form the basis for secure communication and business processes. Numerous attacks on published protocols show that the design of cryptographic protocols is extremely error-prone. A rigorous analysis of these protocols is therefore indispensable, and manual analysis is insufficient. The lectures cover the theoretical basis for the (tool-supported) formal modeling and analysis of such protocols. Specifically, we discuss their operational semantics, the formalization of security properties, and techniques and algorithms for their verification. In addition to the classical security properties for confidentiality and authentication, we will study strong secrecy and privacy properties. We will discuss electronic voting protocols, and RFID protocols (a staple of the Internet of Things), where these properties are central. The accompanying tutorials provide an opportunity to apply the theory and tools to concrete protocols. Moreover, we will discuss methods to abstract and refine security protocols and the link between symbolic protocol models and cryptographic models. Furthermore, we will also present a security notion for general systems based on non-interference as well as language-based information flow security where non-interference is enforced via a type system. | |||||
263-4656-00L | Digital Signatures ![]() | W | 4 credits | 2V + 1A | D. Hofheinz | |
Abstract | Digital signatures as one central cryptographic building block. Different security goals and security definitions for digital signatures, followed by a variety of popular and fundamental signature schemes with their security analyses. | |||||
Learning objective | The student knows a variety of techniques to construct and analyze the security of digital signature schemes. This includes modularity as a central tool of constructing secure schemes, and reductions as a central tool to proving the security of schemes. | |||||
Content | We will start with several definitions of security for signature schemes, and investigate the relations among them. We will proceed to generic (but inefficient) constructions of secure signatures, and then move on to a number of efficient schemes based on concrete computational hardness assumptions. On the way, we will get to know paradigms such as hash-then-sign, one-time signatures, and chameleon hashing as central tools to construct secure signatures. | |||||
Literature | Jonathan Katz, "Digital Signatures." | |||||
Prerequisites / Notice | Ideally, students will have taken the D-INFK Bachelors course "Information Security" or an equivalent course at Bachelors level. | |||||
![]() ![]() | ||||||
Number | Title | Type | ECTS | Hours | Lecturers | |
263-4651-00L | Current Topics in Cryptography ![]() ![]() Number of participants limited to 24. The deadline for deregistering expires at the end of the second week of the semester. Students who are still registered after that date, but do not attend the seminar, will officially fail the seminar. | W | 2 credits | 2S | D. Hofheinz, U. Maurer, K. Paterson | |
Abstract | In this seminar course, students present and discuss a variety of recent research papers in Cryptography. | |||||
Learning objective | Independent study of scientific literature and assessment of its contributions as well as learning and practicing presentation techniques. | |||||
Content | The course lecturers will provide a list of papers from which students will select. | |||||
Literature | The reading list will be published on the course website. | |||||
Prerequisites / Notice | Ideally, students will have taken the D-INFK Bachelors course “Information Security" or an equivalent course at Bachelors level. Ideally, they will have attended or will attend in parallel the Masters course in "Applied Cryptography”. |
Page 1 of 1