Lecturer: Prof. Dr. Guenther Pernul

Description

The principle goal of this course is to teach basic information security concepts. First we review the importance of information security and present some relevant background and history. We introduce some basic security terminology which will be used throughout the course. Altogether five main areas are covered.
The first topic "informatics bestiarium" deals with the various threads existing in computer systems. A broad overview of malicious code, like intruders, viruses, worms and Trojan horses is presented in this chapter.
The second topic gives an introduction to the basic principles of cryptography, like ciphers that use substitution and transposition. We will take a closer look at the ideas behind complex popular algorithms like RSA, DES, and AES.
Under the third topic we take a look at public key infrastructures (PKI) and the use and principles of digital signatures. The responsibilities of certification authorities, the content of electronic certificates and the process of signing and verifying electronic documents are covered.
From any multi-user system we are expecting certain basic security functionality. Usually these are user identification and authentication, authorization and access control, and finally auditing. The fourth topic comprises a brief overview of these issues.
The final topic focuses on "Internet security". We investigate different algorithms and applications for building up security on the different levels of the ISO/OSI network architecture. A closer look is given to PGP which provides a confidentiality and authentication service that can be used for electronic mail and file storage applications.

Outline

1. Introduction to information security
   1.1 Basic terms and definitions
2. Informatics bestiarium (crime, viruses and other wildlife)
   2.1 Eavesdropping and spying
   2.2 Masquerading
   2.4 Scanning, scavenging and reuse
   2.5 Trojan horses
   2.6 Worms
   2.7 Computer viruses
   2.8 Trapdoors and logic bombs
   2.9 Hacking
3. Introduction into cryptography
   3.1 Attacks, encryption, cryptoanalysis
   3.2 Early examples
   3.3 Symmetric encryption
   3.4 Public key cryptography
   3.5 Applications
4. General security services
   4.1 Identification and authentication
   4.2 Authorization and access control
   4.3 Auditing
5. Internet security (secure messaging)
   5.1 Internet messaging
   5.2 PGP
   5.3 S/MIME

Learning Objectives

Students will learn the most important topics of information security. After successfully participating in this course, students will:

• understand the problems regarding information security that can occur,
• know various types of malicious code, like intruders, viruses, worms, and Trojan horses,
• understand the basic concepts of cryptography, common encryption methods,
• public key infrastructures (PKI), and digital signatures,
• have a basic understanding of security services in general and in particular on different levels of the Internet's architecture,
• be able to use security mechanisms in building IS architectures.

Method of teaching

This course is a hypermedia course (type 2). The course is conducted in form of lectures available as hypertext and accompanied by weekly exercises. Communication between students and instructors is based on electronic media like discussion forum, bulletin board, chat room, and e-mail.

The examination consists of two take-home exams covering the reading material and the lectures.

Requirements

Minor experiences in computer organization, use, and programming are necessary.

Credits

For MBI students: 6 credit points