Credits: 5EC
Delivery: This course is not tele-lectured.
Motivation: The security of computer and telecommunication systems is becoming an increasing concern. In this course, we will review the current state of the art on security research and gain practical experience in assessing the security and vulnerabilities of communication systems.
Synopsis: Engineers are typically taught to focus on performance, correctness, scalability, and maintainability when building communication and information processing systems. However, an additional set of design principles are required to achieve real-world security. In this course, we discuss security principles, common pitfalls and vulnerabilities.
The weekly lectures provide an introduction into security research, with a focus on real-world security, privacy-enhancing technology and common security pitfalls.
Each student participates in a "Hacking Project", ina group of up to four students. Students can select from a wide range of available hacking project outlines within the first week. The goal may be to evaluate the security of a real-world IT system, developing a proof-of-concept exposing a vulnerability, or focusing on preserving privacy in a post-Snowden world. Past projects in the hacking lab included: development of a wifi tracker, programing an FPGA system to break passwords, tapping into fiber optic cables, or the development stealth apps for secure communication.
Learning outcomes: The student will acquire:
- Knowledge of the current state of the art in cyptanalysis, network and hardware security, privacy and anonymization protocols, and critical infrastructure protection
- Hands-on experience in security engineering or security evaluation in a personalized project
- Skills and knowledge in topics necessary for his/her project
Lecturers: Dr Christian Doerr (TUD), Dr Stjepan Picek (TUD)
Examination: A small team of up to four students design and implement a project, write the results up and present the major learning outcomes in an intermediate and final demo to the class.
Contents: An up-to-date selection of the following topics: Hardware hacking, electronics, networks and wireless technology, privacy, surveillance, Anti-surveillance technology, darknets, Internet anonymity, cyber currency, reputation systems, password cracking, Bitcoin hacking, Tor hacking, Drone hacking, Android stealth, NAT hacking, Wifi Range extension.