Advanced Web Security
Avancerad webbsäkerhet

EITN41F, 7.5 credits

Valid from: Autumn 2018
Decided by: Professor Thomas Johansson
Date of establishment: 2018-11-15

General Information

Division: Electrical and Information Technology
Course type: Course given jointly for second and third cycle
The course is also given at second-cycle level with course code: EITN41
Teaching language: Swedish

Aim

The course aims at deepen the student’s knowledge about the security problems and solutions that relate to web based technology. Some areas requiring use of cryptographic primitives will be addressed in detail. Knowledge of these will give the student tools to understand also related areas.

Goals

Knowledge and Understanding

For a passing grade the doctoral student must

• Describe some advanced security problems that arise when using web based services.
• Describe how cryptographic data can be represented on the web.
• Describe possibilities and problems related to e-commerce and electronic payments.

Competences and Skills

For a passing grade the doctoral student must

• Be able to analyze the security protocols, identify weaknesses and problems and be able to propose solutions.
• Show that you understand the technical solutions that are used to avoid a security flaw.
• Show that you understand the security limitations in the protocols.
• Apply the design choices of the studied protocols to other protocols.
• Be able to implement a given security protocol

Judgement and Approach

For a passing grade the doctoral student must

• Be able to discuss and present your solutions to the home assignments.
• Be able to discuss the design choices of the security protocols discussed in the course.

Course Contents

Data representations: CMS, ASN.1, BER, CER and DER encoding Web Services Security: SAML, XML Signature and encryption, OAuth, OpenID PKI: CRL, OCSP, RA, CA, and signing procedures Anonymity: Anonymity solutions, Chaum mixes, Tor, attacks E-voting: E-voting protocols, homomorphic encryption, ZK-proofs, threshold decryption Secure messaging: OTR e-commerce: Electronic payments, SET, 3D Secure, Bitcoin, micropayments, untraceable E-cash

Course Literature

Lecture notes and research articles

Instruction Details

Types of instruction: Lectures, project

Examination Details

Examination formats: Oral exam, written report, written assignments
Grading scale: Failed, pass
Examiner:

Admission Details

Assumed prior knowledge: EIT060/EITA25 Computer Security, EITF05 Web Security

Further Information

Course Coordinator: Martin Hell, martin.hell@eit.lth.se

Course Occasion Information

Contact and Other Information

Course coordinators:
Web page: https://www.eit.lth.se/kurs/eitn41