After successful completion of the course, students are able to:

• understand the main challenges in modern IT systems in the field of security and privacy
• explain the fundamental concepts of existing technologies and tools aimed at protecting the security of IT systems and the privacy of users
• identify simple software vulnerabilities in existing IT systems and application and understand their impact in terms of security and privacy

First part: Cryptography and its applications

• Fundamentals of symmetric cryptography: basic encryption schemes, product ciphers, stream and block ciphers, the AES algorithm, modes of operation, usage of cryptographic libraries in the programming language Python
• Fundamentals of asymmetric cryptography: the RSA algorithm, the Diffie-Hellman key exchange protocol, Man-in-the-Middle attacks, implementation and usage of asymmetric encryption schemes in Python
• One-Way-Hash functions and Message Authentication Codes
• Digital signatures, certificates and Public-Key-Infrastructures
• Identification and authentication methods, 2-factor authentication, overview of Single-Sign-On systems deployed on the Internet, authentication methods employed in the most common operating systems, password cracking with the tool John the Ripper 

Second part: Security and Privacy on the Internet

• Fundamental of networks (IP addresses, ports, protocols), analysis of network traffic with the tool Wireshark
• Firewall systems
• E-Mail security and encryption (PGP and S/MIME)
• Fundamental technologies of the Internet: protocols (HTTP, TLS), languages (HTML, JavaScript) and anatomy of a Web application (with examples in Python)
• Web attacks: Cross-Site-Scripting (XSS), Cross-Site-Request-Forgery (CSRF), SQL Injections, command injection
• Technologies for the protection of users’ privacy on the Internet (VPN, TOR), End-to-End encryption and its applications for secure communication (Whatsapp, Signal)

The course will be held in Distance Learning. During the lectures, which will be offered online over Zoom meetings, the topics of the course will be clarified and practical examples and applications will be discussed. Lectures are registered and the recordings will be published in TUWEL in the next 1-2 days. Students must enroll to the course on TISS to obtain access to the TUWEL platform. 

In order to strengthen and put in practice the concepts explained during the lectures, students are required to solve practical assignments including the development of small programs in Python, the usage of the tools presented during the course to carry out some tasks or analyze the source code of small web applications to identify vulnerabilities and exploit them. 

Aside from lectures, we will provide regular meetings (over Zoom) where the students can be supported by tutors and lecturers in the solution of their homework and where they can ask questions to the topics presented during the course.

ECTS-Breakdown (3 ECTS: 75 Stunden)

• 14h: Participation to lectures
• 40h: Homework
• 18h: Self-study and preparation to tests
• 3h: Participation to tests

The evaluation is based on the performance obtained by the students in the following parts:

• Exercise part: up to 50 points
• 1^st test: up to 25 points
• 2^nd test: up to 25 points

The number of points of the exercise part is given by the sum of the scores obtained in the various assignments. Assignments that are not handed in are worth 0 points. 

Two different attempts are offered for each of the two tests: the first one during the semester, the second one before the beginning of the winter semester (mid of September). Tests will take place online over Zoom meetings and a camera (either on the laptop or on an additional device like a smartphone) must be active for the entire duration of the exam. Tests will consist of multiple-choice questions and open answer questions about the contents of the course and the topics treated in the assignments. For every test, students can take part to both attempts (e.g., to improve their grade), but only the last handed in attempt will be considered.

In order to pass the course, students must obtain at least 50% of the points in each of the evaluation items (25 points in the exercise part, 12.5 points in each of the two tests).

The final grade of the course is derived from the number of obtained points as follows:

• from 87.5 to 100 points: 1 (sehr gut)
• from 75 up to 87.5 points (excluded): 2 (gut)
• from 62.5 up to 75 points (excluded): 3 (befriedigend)
• from 50 up to 62.5 points (excluded): 4 (genügend)
• below 50 points: 5 (nicht genügend)

• Cyber-Sicherheit: Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und Eigenschaften von Cyber-Sicherheitssystemen in der Digitalisierung (in German)
  Taschenbuch – 12. August 2019 von Norbert Pohlmann
  ISBN 978-3-658-25398-1
  https://norbert-pohlmann.com/cyber-sicherheit/

• Experience in programming with Python acquired by successfully completing the course Fundamentals of programming and algorithms.
• Knowledge of the SQL language, as taught in the course Foundations of information systems, is an advantage.