cod. 1010559

Academic year 2023/24
1° year of course - Second semester
Academic discipline
Sistemi di elaborazione delle informazioni (ING-INF/05)
Ingegneria informatica
Type of training activity
48 hours
of face-to-face activities
6 credits
hub: PARMA
course unit

Learning objectives

The course aims to provide the student with the knowledge of the main mechanisms used for securing networked systems and for protecting computer networks; in particular the knowledge and understanding of applied cryptography for data authentication, integrity protection and confidentiality; knowledge of the main security protocols, possible software and network vulnerabilities and protection mechanisms.


Familiarity with TCP/IP protocols.

Course unit content

Cryptography basics and algorithms;

Authentication mechanisms and digital signature; identification and key exchange; anonymity;

Protocols for secure communications;

Main software and network vulnerabilities, attacks, and countermeasures.

Laboratory activities.

Full programme

Syllabus (every class or laboratory = 2 hours)

Class 1: course organization, objectives, textbooks, exam details; preview of the course; security services; symmetric cryptography, attacks, computational security

Class 2: substitution ciphers, polyalphabetic substitution ciphers, one time pad (OTP) cipher, transposition, product cipher; stream and block ciphers

Class 3: AES; encryption of long messages; padding; ECB; examples of attacks to ECB; CBC

Class 4: examples of attacks to CBC; exercises with Openssl

Class 5: OFB, CFB, CTR; hash functions, brute force attack, birthday paradox, Merkle-Damgard structure, length extension attack

Class 6: SHA1, SHA2, sponge function, SHA3; password hashing; encryption using hash functions

Class 7: number theory: modular arithmetic, prime, relatively prime, GCD, Euclid's algorithm, multiplicative inverse

Class 8: laboratory exercises with symmetric cipher and hash programming

Class 9: multiplicative inverse existence, extended Euclid's algorithm, example, totient function, Euler's theorem; RSA overview

Class 10: demonstration of Euler's theorem and corollary, primitive root, discrete logarithm, primarity test; RSA, example

Class 11: textbook RSA, RSA security, using RSA

Class 12: DH; message authentication (authenticity), MAC functions, HMAC, authenticated encryption

Class 13: digital signature, RSA signature, DSA; identification, challenge-response authentication, symmetric-key based authentication schemes

Class 14: symmetric-key based authentication schemes, mutual authentication, public-key based authentication schemes, One-Time Password, Lamport's scheme, example: HTTP authentication; secret key establishment, long and short-term keys

Class 15: key establishment properties, session key exchange through symmetric cryptography, session key exchange through asymmetric cryptography, authenticated DH; KDC; public key distribution, digital certificates

Class 16: digital certificates, cert chain, trust path; CA, PKI, X.509 certificates, PKCS, CRL

Class 17: laboratory exercises on asymmetric cryptography and X.509, using openssl

Class 18: IPSec, IKE, Transport Layer Security (TLS), example with Wireshark

Class 19: TLS handshake, DTLS; anonymity, high-latency anonymity systems; low-latency anonymity systems, onion routing, TOR

Class 20: vulnerabilities; network vulnerabilities

Class 21: software vulnerabilities, buffer overflow, SQL injection, web vulnerabilities

Class 22: vulnerability scanning; firewalls; Intrusion Detection Systems (IDSs)

Class 23: laboratory exercises on vulnerability scanning and firewalls

Class 24: exercises


[1] L. Veltri, "Cybersecurity", slides of the course, available on the course web site
[2] W. Stallings, "Cryptography and Network Security: Principles and Practice", 8th Edition, Pearson, 2020
[3] W. Stallings, "Computer Security: Principles and Practice", 4th Edition, Pearson, 2017

Teaching methods

Class lessons (40h), and in class and laboratory exercises (8h).

Assessment methods and criteria

The exam consists in a written test formed by questions and exercises.
Examples of exercises are shown and solved during the course.

Other information

- - -