Secgroup Ca' Foscari DSI

This course aims at introducing basic concepts and techniques for the development of secure systems and networks. In the first semester, we will talk about Cryptography and Security protocols; in the second semester we will apply the theory in a laboratory of  “ethical hacking”.

This course is part of the Laurea Magistrale (Master degree) in Computer Science at Ca’ Foscari, Venice, with the code [CM0228]. More information is available at the official page of the course.

News

• To remove the annoying locale warning of perl in testbed add a “export LC_ALL=en_US.UTF-8″ in your .profile
• Results of midterm exam are available here.
• Istruzioni (sorry this will be translated in English very soon!) per l’accesso alla vpn e alle macchine vulnerabili. Zip di configurazione per la vpn

Assessment

Written and (optional) oral exam, plus an evaluation on the lab based on assignments and challenges.

Recommended books

• D. R. Stinson, Cryptography, Theory and Practice, CRC Press.
• A. J. Menezes, P. C. van Oorschot, S. A. Vanstone, Handbook of Applied Cryptography, CRC Press.
• J. Erickson, Hacking, the art of exploitation, No starch press, 2008.

Table of contents (Theory, first semester)

• Introduction
• Classical cryptography
• Monoalphabetic ciphers
• A formal definition of cryptosystem
• Polyalphabetic ciphers (C)
• Known-plaintext attacks
• Stream ciphers (C)
• Shannon theory on perfect ciphers
• Modern cryptography
• Composition of ciphers
• The Advanced Encryption Standard (AES)
• Block cipher modes of operation (C)
• More block ciphers
• Meet-in-the-middle attack
• Asymmetric-key ciphers
• The RSA cipher
• Security of RSA (C)
• Digital signatures, cryptographic hash functions and MACs (C)
• Applied cryptography
• Identification (C)
• Strong authentication based on symmetric-key cryptography
• Diffie-Hellman key agreement
• Strong authentication based on asymmetric-key cryptography
• Key management

(C) challenges not yet solved

(C) challenges already solved (you are invited to post your solution anyway)

Table of contents (Lab, second semester)

• Program exploitation. Integrity of C programs. Overflow and overwriting of variables and function return values. Stack protections: canary, variable rearrangement, randomized. Shellcodes and non-executable stack. Format strings: how to arbitrarily read/write into program memory.
• Assembly and gdb
• Overflow and stack protection
• Format strings
• Network security
• Cross site scripting (VPN)
• Cross site request forgery (VPN)
• SQL injections (VPN)
• Blind injections
• seminario PKCS#11

NOTE: These pages will be continuously updated during the whole semester. If you have comments/questions please post them.