We will start the course with an introduction. This will happen in Zoom, see the schedule for the date and time.
Zoom is a tool for video conferencing. There are clients for the web browser (no installation), the computer (Linux, Mac, Windows) and smartphones (Android, iPhone). Note that it is mandatory to have functioning webcam and headset (anyone with a smartphone has this and so does anyone with a laptop).
You can also use this tool for yourselves too to have meetings in working groups, practice for presentations etc.: just start the client and create your own meeting.
All details covered during this session (and more) can be found in the study guide. Please make sure to read it.
All scheduled events for this course will be scheduled using the University's central scheduling system. That means all events should be visible to you in your personal schedule in the Student Portal and be able to export them to the calendar app of your choice.
To familiarize yourself with the topic and its importance in society, we will start the course with a seminar to discuss the role of security: What's up with security? (see the schedule for the date and time).
Create or sign up to a group (see Working Groups below). These groups will be reused throughout the course, whenever group work is required.
What is security? introduces the foundations of security, its goals and the basic terminology.
The scientific method discusses the scientific method and how it is applied in the field of security.
Attacking humans introduces the role of humans in the security of a system. As Bruce Schneier said: "[o]nly amateurs attack machines; professionals target people." In many security incidents, humans are the cause, not computers.
[Psychology] covers some basic aspects of human psychology that is relevant for security.
There is one interactive session for this module, see the schedule for date and time. Watch the videos linked above before the session. During the session we will summarize (together) the most important parts, discuss the most difficult/ambiguous/strange/counter-intuitive parts.
[Shannon entropy] introduces the core concept of elementary information theory, i.e. Shannon entropy.
[Applications of information theory] gives a few examples where information theory can be applied, particularly in the area of security.
High-level overview of crypto provides a high-level overview of modern cryptography, beyond the standard concepts of encryption and decryption, such as zero-knowledge proofs of knowledge.
[Introduction to authentication]
[Something you know]
[Something you have]
Evaluating and designing authentication is a lab/seminar which focuses on evaluating the usability and security of common authentication methods. It also looks towards better alternatives. This is spread over two sessions.
Private communication is a lab/seminar focuses on the usability of private communication. It evaluates a few tools for private communication.
[Protocols and formal verification] is an introduction to security analysis of protocols, both "natural" analysis and formal verification.
[Access control] introduces the area of access control. It covers access control models (e.g. ABAC) and policies (e.g. Bell-LaPadula and Biba).
[Accountability] provides an overview of accountability principles, logging etc.
[Trusted computing] discusses common approaches and their limitations to trusted computing.
[Software security] introduces the problems of software security.
The course concludes with a project: Applying security and usability in practice. There are tutoring sessions scheduled, see the schedule for dates and times.
The report will be peer-reviewed by your colleagues before you hand it in for final assessment. Upload your report below and then peer-review someone else's report.
Use the feedback you got from the peer-review to improve your report and then upload it for final assessment.