PV204 Security Technologies

Faculty of Informatics
Spring 2024
Extent and Intensity
2/2/2. 5 credit(s) (plus extra credits for completion). Recommended Type of Completion: zk (examination). Other types of completion: k (colloquium).
Taught in person.
Teacher(s)
doc. RNDr. Petr Švenda, Ph.D. (lecturer)
Ing. Milan Brož, Ph.D. (lecturer)
Mgr. Vít Bukač, Ph.D. (lecturer)
Lukasz Michal Chmielewski, PhD (lecturer)
RNDr. Václav Lorenc (lecturer), doc. RNDr. Petr Švenda, Ph.D. (deputy)
RNDr. Antonín Dufka (assistant)
Guaranteed by
doc. RNDr. Petr Švenda, Ph.D.
Department of Computer Systems and Communications – Faculty of Informatics
Contact Person: doc. RNDr. Petr Švenda, Ph.D.
Supplier department: Department of Computer Systems and Communications – Faculty of Informatics
Timetable
Mon 16:00–17:50 A217
  • Timetable of Seminar Groups:
PV204/01: Thu 14:00–15:50 B011, P. Švenda
PV204/02: Thu 16:00–17:50 B011, P. Švenda
PV204/03: Thu 10:00–11:50 B011, P. Švenda
Prerequisites
Registration to PV204 requires: 1) long-term interest in IT security; 2) programming skills (ideally C and Java) under Unix/Linux or Windows; 3) fluent English.
Course Enrolment Limitations
The course is also offered to the students of the fields other than those the course is directly associated with.
The capacity limit for the course is 36 student(s).
Current registration and enrolment status: enrolled: 23/36, only registered: 1/36, only registered with preference (fields directly associated with the programme): 0/36
fields of study / plans the course is directly associated with
there are 70 fields of study the course is directly associated with, display
Course objectives
The aim of this subject is to understand the deeper aspects of selected security and applied cryptographic topics. The topics cover cryptographic hardware security, including side-channel attacks, secure authentication, and authorization protocols, trusted boot, analysis of malware and rootkits (both black-box and gray-box), reverse engineering of binary applications, techniques used in Bitcoin cryptocurrency, micro-architectural attacks like Meltdown and Spectre and file/disk encryption. Students should be able to apply the gained knowledge in practice based on experience gained from the laboratory, homework assignments, and extensive project work.
Learning outcomes
After course completion, the student will be able to:
- explain the security advantages of hardware security element to a typical desktop operating system;
- analyze the implementation of a cryptographic algorithm for a presence of the timing side-channel;
- describe and use good practices for password handling, including password alternatives and their advantages;
- explain principles of key establishment protocols and building blocks of modern secure messaging systems;
- explain principles and used technologies of trusted computing;
- describe the technology behind disk encryption and used encryption modes;
- perform basic analysis of infected computer image;
- implement security-related application utilizing cryptographic smartcard with JavaCard platform and transfer data via a secure channel;
- understand the root cause of micro-architectural attacks against modern CPUs
- explain security building blocks of cryptocurrencies like Bitcoin
Syllabus
  • Side-channel attacks (timing, power and fault analysis)
  • Basics of smart cards (PC/SC, APDU, basic applet – JavaCard & .net card & MULTOS), secure programs on JavaCard platform
  • Secure authentication and authorization (common protocols like FIDO U2F and Signal, secure implementation, attacks)
  • Hardware Security Modules (HSM), PKCS#11 API, cryptographic hardware in cloud deployment
  • Trusted boot (TPM, trusted boot process, remote attestation)
  • Micro-architectural attacks against modern CPU (Meltdown, Spectre attacks principle, fixes, exploitability)
  • Black-box analysis of malware (infection vectors, analysis of the environment, network analysis)
  • Grey-box analysis of malware (analysis of memory dumps, tools)
  • Reverse engineering of binary applications (decompiler, disassembler, native-code debugging, binary patching)
  • File and disk encryption (Common architectures, used cryptographic modes, typical attacks)
  • Bitcoin cryptocurrency (P2P Bitcoin network, transactions, mining, second-layer networks like Lighting Network, use of hardware wallets, attacks)
Teaching methods
lectures, seminars in a security lab, homework assignments, team project
Assessment methods
Two hours per week are scheduled for a lecture, two hours per week scheduled for seminars; otherwise, students work on project and homework assignments in their free time. There are ten homework assignments and a collaborative team project. 50 % of points are required to pass the course.
Language of instruction
English
Follow-Up Courses
Further comments (probably available only in Czech)
Study Materials
The course is taught annually.
Teacher's information
Seminar groups include 10-15 students. The lab is accessible to students (working on PV204 projects and also other projects/thesis) also outside scheduled seminars.
The course is also listed under the following terms Spring 2008, Spring 2009, Spring 2010, Spring 2011, Spring 2012, Spring 2013, Spring 2014, Spring 2015, Spring 2016, Spring 2017, Spring 2018, Spring 2019, Spring 2020, Spring 2021, Spring 2022, Spring 2023.
  • Enrolment Statistics (recent)
  • Permalink: https://is.muni.cz/course/fi/spring2024/PV204