Information Systems Security

Academic Year 2023/2024 - Teacher: Michele Giuseppe MALGERI

Expected Learning Outcomes

Knowledge and Understanding Abilities:

  • Knowledge of the theoretical foundations and practical aspects of network security.
  • Understanding of the principles of cryptography and currently used ciphers.
  • Knowledge of the most important security protocols.
  • Familiarity with the technologies and algorithms for creating key network security services.
  • Understanding of the principles of secure application design.

Applying Knowledge and Understanding Abilities:

  • Ability to correctly configure security services such as authentication systems, privacy management, and local network management.

Ability of Making Judgments:

  • The student is capable of independently assessing risks and choosing from state-of-the-art technologies.

Communication Skills

  • The student can effectively communicate technical and theoretical aspects related to computer security.

Learning skill

  • Students learn to critically assess threats and vulnerabilities in information systems, as well as defense strategies and security protocols.

Course Structure

The predominant teaching method is frontal lectures. Periodically, relevant topics are discussed in class, and specific aspects are deepened.

In the event that the course is delivered in a blended or distance learning mode, necessary adjustments may be introduced compared to what was previously stated, in order to adhere to the planned program as indicated in the syllabus."

Required Prerequisites

  • Knowledge and understanding of Network Protocols (TCP/IP):
  • Basic Knowledge of Programming Languages
  • Fundamental understanding of operating systems.

Attendance of Lessons

"Not mandatory but highly recommended."

Detailed Course Content


  • Fundamental Terminology and Concepts: Algorithms, Kerckhoff's Principle, Parameters and Robustness of a Encryption Algorithm, Cipher Vulnerability. Secure Cryptographic Systems. Diffusion and Confusion Principle. Codes, Alphabet Representation.
  • Overview of Classic Encryption Techniques: Monoalphabetic Techniques, OTP (Complexity Study, Robustness, Limits, Cryptanalysis); Polyalphabetic Techniques: Vigenere, Cryptanalysis; Transposition Techniques: Rail Fence, Columnar Transposition; Rotation Machines: Enigma, Construction Details, Operation Mechanism, Key Space Calculation.
  • Block Cipher: General Characteristics. Concept of Product Cipher. Feistel Cipher. DES, Double DES, and Triple DES Cipher, General Characteristics. Motivation, Operation, Robustness, F Function and S-Box Design. SAC and BIC Criteria. Key Generation. Cryptanalysis: Known Weak Elements, Keys, Complementation, Differential, Linear. AES, Criteria for Selection, General Characteristics, Operation, Robustness, Finite Field of Galois Overview.
  • Chaining Techniques for Block Ciphers: ECB, CBC, FCB, OFB, CTR (Details of Operation, Weaknesses and Strengths of Each Technique).
  • Stream Cipher: Structure of Stream Cipher, RC4 Cipher.
  • Key Distribution: Key Distribution Techniques, Secrecy Issues, Duration.
  • Public Key Algorithms: Diffie-Hellman Protocol. Public Key Cryptography Requirements. RSA.

Basic Mechanisms: 

  • Message Authentication Code, Hashing. Hashing Algorithms, SHA, MD5.
  • Digital Signature.
  • Certificates, X.509, Revocation Management (OCSP), Public Key Infrastructure.
  • Authentication: Passwords, Salt, Criteria, OTP Systems. Kerberos (Operation, Distribution Problems, Possible Attacks).
  • PGP, History, Algorithms, Certificates, Trust Management.

Networks and Firewalls

  • Classification, and Main firewall Topologies.
  • IPSec, Architecture, AH and ESP, Key Management.
  • SSL, Protocols, Architecture, Transport Layer Security.
  • SSH, Features and Usage, Protocol, Handshaking, Authentication Types.
  • Email, Email Issues, S/MIME, Certified Email.

Overview of Risk Analysis Techniques, Cost-effectiveness.

Topics marked with (*) represent the minimum skill to pass the exam.

Textbook Information

Cryptography and Network Security, (minimum 5/Edition)
William Stallings
Publisher: Prentice Hall

Course Planning

 SubjectsText References
1"Insecurity Factors, Attack Techniques, Types, and Classification of the 'Availability' Problem."textbook
2"Cryptography: Classic Monoalphabetic Ciphers (Caesar, Playfair, Hill, One-Time Pad), Polyalphabetic Ciphers (Vigenere), Enigma Machine (Historical Overview and Operation), Transposition Ciphers, Cryptanalysis."textbook
3"Cryptography: Block Ciphers (DES and its derivatives 2-DES and 3-DES, AES). Chaining Techniques."textbook
4"Cryptography: Asymmetric Ciphers. Diffie-Hellman, RSA, ElGamal."textbook
5"Mechanisms: *Random Number Generation, *Message Authentication Code, Hash Functions and Algorithms (*SHA, Whirlpool), *Digital Signature, Certificates and their Management (*PGP, *X509)."textbook
6"Protocols and Standards: *IPSec, *SSL, SSH, *S/MIME, Certified Email."textbook
7"Firewall, Characteristics, *Classification, *Example Configuration."textbook

Learning Assessment

Learning Assessment Procedures

"Not mandatory but highly recommended."

Examples of frequently asked questions and / or exercises

  • Discussion of one of the main encryption standards.
  • Discussion of one of the main network security protocols."