EITN41F

Temporary

Advanced Web Security

7.5

Course given jointly for second and third cycle

7201 (Electrical and Information Technology)

 -11-15

Professor Thomas Johansson

Swedish

Every autumn semester

The course aims at deepen the student’s knowledge about the security problems and solutions that relate to web based technology. Some areas requiring use of cryptographic primitives will be addressed in detail. Knowledge of these will give the student tools to understand also related areas.

Data representations: CMS, ASN.1, BER, CER and DER encoding

Web Services Security: SAML, XML Signature and encryption, OAuth, OpenID

PKI: CRL, OCSP, RA, CA, and signing procedures

Anonymity: Anonymity solutions, Chaum mixes, Tor, attacks

E-voting: E-voting protocols, homomorphic encryption, ZK-proofs, threshold decryption

Secure messaging: OTR

e-commerce: Electronic payments, SET, 3D Secure, Bitcoin, micropayments, untraceable E-cash

Describe some advanced security problems that arise when using web based services.
Describe how cryptographic data can be represented on the web.
Describe possibilities and problems related to e-commerce and electronic payments.

Be able to analyze the security protocols, identify weaknesses and problems and be able to propose solutions.
Show that you understand the technical solutions that are used to avoid a security flaw.
Show that you understand the security limitations in the protocols.
Apply the design choices of the studied protocols to other protocols.
Be able to implement a given security protocol

Be able to discuss and present your solutions to the home assignments.
Be able to discuss the design choices of the security protocols discussed in the course.

Lectures

Project

Oral exam

Written report

Written assignments

Failed, pass

EIT060/EITA25 Computer Security, EITF05 Web Security

 

Lecture notes and research articles

Course Coordinator: Martin Hell, martin.hell@eit.lth.se

EITN41F

 -11-15

Professor Thomas Johansson