course: Practical Course TLS Implementation

number:
142250
teaching methods:
practical course
media:
Moodle, computer based presentation
responsible person:
Prof. Dr. Jörg Schwenk
Lecturers:
Dr.-Ing. Juraj Somorovsky (ETIT), M. Sc. Robert Merget (ETIT)
language:
german
HWS:
3
CP:
3
offered in:
winter term

dates in winter term

  • kick-off meeting: Tuesday the 15.10.2019 from 12:00 in ID 04/653
  • lab Tuesdays: from 12:00 to 14.00 o'clock in ID 04/653

Exam

Form of exam:lab
Registration for exam:Directly with the lecturer
continual assessment

goals

The students get to know a modern cryptographic protocol in detail. The students work with concepts of modern software development. An outlook on current research in this area is given.

content

The TLS protocol is the most important cryptographic protocol on the Internet and is used to protect every important Web page or Web service. In recent years, many attacks on this protocol have become known, such as POODLE, DROWN, Lucky 13 or ROBOT. Therefore, a new TLS version was developed in the last years in co-operation of industry and science: TLS 1.3. The new version should protect against all known attacks and at the same time increase the performance of TLS. TLS 1.3 uses only the latest cryptographic mechanisms, so the protocol design is of great interest to every crypto developer and designer.

As part of the course, students will implement a TLS 1.3 server. This task is divided into several sub tasks and the topic is gradually introduced to the students. The following topics will also be discussed:

  • Introduction to TLS, JUnit Tests and Git
  • TLS 1.3
  • Cryptography with Java
  • Clean code
  • TLS Attacker
  • TLS Fuzzing

recommended knowledge

  • Successful completion of the course Network Security 2
  • Java programming skills

miscellaneous

Referenzen:
  • Robert Cecil Martin: Clean Code: Refactoring, Patterns, Testen und Techniken für sauberen Code
  • RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3 (https://tools.ietf.org/html/rfc8446)