course: Network Security 2

number:
141243
teaching methods:
lecture with tutorials
media:
computer based presentation
responsible person:
Prof. Dr. Jörg Schwenk
Lecturers:
Prof. Dr. Jörg Schwenk (ETIT), M. Sc. Robert Merget (ETIT), Dr.-Ing. Juraj Somorovsky (ETIT)
language:
german
HWS:
4
CP:
5
offered in:
summer term

dates in summer term

  • start: Thursday the 04.04.2019
  • lecture Thursdays: from 14:15 to 15.45 o'clock in ID 04/471
  • lecture Thursdays: from 14:15 to 15.45 o'clock in ID 04/459
  • tutorial Mondays: from 12:15 to 13.45 o'clock in ID 04/471
  • tutorial Mondays: from 12:15 to 13.45 o'clock in ID 04/459

Exam

Form of exam:written
Registration for exam:FlexNow
Date:30.07.2019
Begin:15:30
Duration:120min
Rooms : HIB ,  HIC ,  HID
Individual appointments of students to each exam location will be issued by the responsible chair.

goals

The students have an understanding of all the technical aspects of network security. It is clear that cryptography alone is not enough. Students can think about improving security on their own.

content

Cryptography is used to protect the confidentiality, authenticity, and integrity of data transmitted over data networks. Both symmetric methods (Pay-TV, mobile radio, WLAN) and asymmetric or hybrid methods (e-mail, WWW, VPN) are used. In the lecture, concrete cryptographic systems for securing networks will be examined and their security will be examined from all sides. Network Security 2 covers all topics related to WWW technologies:

  • TCP/UDP, HTTP, HTTP Authentication, Secure HTTP,
  • Architecture of SSL/TLS (Handshake, Record Layer, Alert),
  • Transport Layer Security (1.0, 1.1, 1.2, 1.3), DTLS,
  • Attacks on the SSL/TLS Record Layer (Padding Oracle, BEAST, CRIME, Lucky13, POODLE),
  • Attacks on the SSL/TLS handshake (Bleichenbacher, DROWN, ROBOT, invalid Curve),
  • Secure SHell (SSH),
  • Web application security (HTML5, DOM, Same Origin Policy, XSS, CSRF, SQLI, UIR), Single Sign-On (OpenID, Microsoft Passport),
  • Web Services (XML Security, Microsoft Passport, WS-Security, JSON Security).

In addition to the systems themselves, published attacks on these systems are discussed; the students are invited to make their own scientific considerations to improve security.

requirements

keine

recommended knowledge

Basic knowledge of TCP/IP, basic knowledge of security problems of computer networks at the level of popular journals (e.g., c't).