-
Notifications
You must be signed in to change notification settings - Fork 1
Home
This site is designed to provide reference materials and reading for the students and teachers of the communication security class. It is meant to be a forum where we share assignments, libraries/code and materials with the students.
Pull requests with improvements and additional materials from students are appreciated, as well as questions and comments.
I (Martin) don't like to use slides to convey complex and fragile information, where a little bit of mis-understanding can render a whole lot of work meaningless. Security falls squarely in this bucket. Therefore, we don't teach with slides. We work with, in my opinion, the best college-level textbook of information security. Ross Anderson's Security Engineering will provide most of the materials. The course is based on the Second Edition, but we will liberally pick from the third edition before we make the switch completely.
This year, we will also be working with Serious Cryptography from J.P. Aumasson to get more in-depth coverage of cool areas. Also highly recommended. Serious Cryptography: A Practical Introduction to Modern Encryption
Should you prefer video, here is the recording of (some) 2020 Lectures delivered over MS Teams: https://owncloud.cesnet.cz/index.php/s/19Avos2sF7L7njS
We teach in blocks. Due to the fact that all teachers are security practitioners and have other professional obligations, we will adapt the schedule to our travel plans. This means that we will liberally turn lab timeslots into lectures and vice-versa. Apologies for the disturbance, but, this is a security class, right?
This year, based on the student feedback from the last year, we will invert the order of classes. So we will start with Cryptography basics (so that the labs don't get too far ahead of the class) and only then will cover protocols and Security basics. This is an experiment, so don't hesitate to let us know what you think.
We will rely on Anderson
Security Engineering, 3rd edition, Chapter 5
For nitty-gritty details and excellent presentation of traditional algorithms, Menezes is still my preferred reference. BEWARE: It is almost 20 years old by now!
Handbook of Applied Cryptography
- Definitions of basic terms
- Security concepts and properties
- Discussion of tradeoffs in security
Reading: What is SE? Additional reading: Opponent modelling
Some things never change Thanks to U of Virginia for maintaining this foundational paper.
First introduction into security protocols. Simple ones will be discussed during this lecture.
Authentication protocols, passwords, ...
Reading: Protocols (and by now, you should have guessed that buying the book would be an excellent idea...)
Additional Resources:
KU Leuven Blog about the paper
Note that the topic of attacks on car authentication is treated in the third edition chapter on Protocols
Reading - second half of the chapter: Protocols
Unlike the above sections, the information about TLS provided by Security Engineering is bit lightweight. That is actually perfectly fine for a reference textbook, but we will rely on some additional details available elsewhere.
Please, consider the excellent resource below:
Padding Oracles and other attacks in Practice: Attacks on SSL
This block will discuss the telco system security and its evolution from insecure-by-default through OK until today.
The class on crypto-currencies is based on "Mastering Bitcoin" from Andreas Antonopoulos. Obviously, we can't fit the whole book into a 90-minute long lecture, but the essentials of (bitcoin) blockchain are really well covered in the book and the text can still be recommended as the best introduction for undergraduate-level self study.
(to be completed as we go)
Labs are taught and evaluated in the block system. You will enjoy four blocks, each with a different teacher, but all of them coordinated and supervised by Tomas Komarek.
Block 1: Basic crypto and side channel attacks. In this block, we will use your existing knowledge of crypto (you took the crypto algo class offered by our Dept. of Mathematics, right?) to play with some elementary attacks. This hands-on experience will help you to understand some more complex crypto concepts better, as we get to them in class.
Block 2: Web server security
Block 3: TLS Security
Block 4: Blockchain and Bitcoin
I agree with Paul Graham's opinion on grading and exams. At this point of your scholarship, your focus should be on learning and self-improvement, not grades (or free time...).
Each student must finish all 4 lab blocks to the satisfaction of the instructor teaching the lab block to get the "zapocet", a necessary pre-condition of the exam.
Baseline grading is very simple - each of the labs is evaluated on the 25 point scale. Extra points for the activity during lectures and/or extra effort during labs are added on top. The sum is then converted to lab grade using the standard CTU metrics.
Each student can then either accept the lab grade as hers/his grade for the course, or can volunteer for additional theoretical exam covering the theoretical part of the course. The resulting grade is then an average of the lab grade and the exam performance. Please, expect the (successful) exam to take at least 4-6 hours of work.
We have no tolerance to people who get caught cheating - this is a security class after all. If you get caught cheating, you will be failed and reported to the FEE administration.