course: Network Security 2
- teaching methods:
- lecture with tutorials
- computer based presentation
- responsible person:
- Prof. Dr. Jörg Schwenk
- Prof. Dr. Jörg Schwenk (ETIT), M. Sc. Robert Merget (ETIT), Dr.-Ing. Juraj Somorovsky (ETIT)
- offered in:
- summer term
dates in summer term
- start: Thursday the 04.04.2019
- lecture Thursdays: from 14:15 to 15.45 o'clock in ID 04/471
- lecture Thursdays: from 14:15 to 15.45 o'clock in ID 04/459
- tutorial Mondays: from 12:15 to 13.45 o'clock in ID 04/471
- tutorial Mondays: from 12:15 to 13.45 o'clock in ID 04/459
|Form of exam:||written|
|Registration for exam:||FlexNow|
|Rooms :||HIB , HIC , HID|
|Individual appointments of students to each exam location will be issued by the responsible chair.|
The students have an understanding of all the technical aspects of network security. It is clear that cryptography alone is not enough. Students can think about improving security on their own.
Cryptography is used to protect the confidentiality, authenticity, and integrity of data transmitted over data networks. Both symmetric methods (Pay-TV, mobile radio, WLAN) and asymmetric or hybrid methods (e-mail, WWW, VPN) are used. In the lecture, concrete cryptographic systems for securing networks will be examined and their security will be examined from all sides. Network Security 2 covers all topics related to WWW technologies:
- TCP/UDP, HTTP, HTTP Authentication, Secure HTTP,
- Architecture of SSL/TLS (Handshake, Record Layer, Alert),
- Transport Layer Security (1.0, 1.1, 1.2, 1.3), DTLS,
- Attacks on the SSL/TLS Record Layer (Padding Oracle, BEAST, CRIME, Lucky13, POODLE),
- Attacks on the SSL/TLS handshake (Bleichenbacher, DROWN, ROBOT, invalid Curve),
- Secure SHell (SSH),
- Web application security (HTML5, DOM, Same Origin Policy, XSS, CSRF, SQLI, UIR), Single Sign-On (OpenID, Microsoft Passport),
- Web Services (XML Security, Microsoft Passport, WS-Security, JSON Security).
In addition to the systems themselves, published attacks on these systems are discussed; the students are invited to make their own scientific considerations to improve security.
Basic knowledge of TCP/IP, basic knowledge of security problems of computer networks at the level of popular journals (e.g., c't).