Information Systems Security
Academic Year 2022/2023 - Teacher: Michele Giuseppe MALGERIExpected Learning Outcomes
Knowledge and understanding abilities
_ Knowledge of theoretical principles and technology of Network Security
_ Knowledge of cryptography principles and most important and used schemas
_ Knowledge of currently used security protocols
_ Knowledge of the technologies and algorithms need to most important network services linked to network security
_ Knowledge of the security design methods
Applying knowledge and understanding abilities
_ Ability to correctly configure a network services using state of the art devices
Course Structure
The course is arranged into a series of lectures and some open discussions about the main topics.
Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce change with respects to previous statements, in line with the programme planned and outlined in the syllabus
Detailed Course Content
Kerckoff, Security Attacks, Security Services, Security Mechanisms
Substitution Techniques, Transposition Techniques, Rotor Machines (Enigma)
Block Ciphers and the Data Encryption Standard: Block Cipher Principles, The Data Encryption Standard, The Strength of DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles. The AES Cipher, Multiple Encryption and Triple DES 175
Block Cipher Modes of Operation, ECB, CBC, FCB, OFB, CTR
Stream Ciphers and RC4 189
Key Distribution Random Number Generation, Public-Key Encryption and Hash Functions
Public-Key Cryptography and RSA, Principles of Public-Key Cryptosystems, The RSA Algorithm
Key Management; Other Public-Key Cryptosystems, Diffie-Hellman Key Exchange
Message Authentication and Hash Functions, Authentication Requirements, Authentication Functions, Message Authentication Codes, Hash Functions
Digital Signatures and Authentication Protocols
Network Security Applications, Kerberos, Electronic Mail Security, Pretty Good Privacy, S/MIME
IP Security Overview, IP Security Architecture, Authentication Header, Encapsulating Security Payload
Secure Socket Layer and Transport Layer Security
Viruses and Related Threats
Security Standards
Textbook Information
Cryptography and Network Security,
William Stallings
Publisher: Prentice Hall
Course Planning
| Subjects | Text References | |
|---|---|---|
| 1 | Fattori di insicurezza, tecniche di attacco, tipologia e classificazione il problema dell'"availability" | Libro di testo |
| 2 | Crittografia: *cifrari classici monoalfabetici (Cesare Playfair Hill One Time Pad). Polialfabetivi, *Vigenere, Macchina Enigma (cenni storici e *funzionamento), Cifrari a trasposizione. *Crittoanalisi | Libro di testo |
| 3 | Crittografia: Cifrari a blocchi (*DES e derivati 2-DES e *3-DES, *AES). *Tecniche di concatenazione | Libro di testo |
| 4 | Crittografia: cifrari asimmetrici. *Diffie-Hellman, *RSA, ElGamal. | Libro di testo |
| 5 | Meccanismi: *generazione dei numeri random, *Message authentication code, Funzioni e algoritmi di Hash (*SHA, Whirlpool,) *Firma Digitale, Certificati e loro gestione (*PGP, *X509) | Libro di testo |
| 6 | Protocolli e standard: *IPSec, *SSL, SSH, SET, *S/MIME, Posta elettronica certificata | Libro di testo |
| 7 | *Firewall, caratteristiche, *classificazione, *configurazione di esempio | Libro di testo |