Information Security and Privacy

2023/2024
Programme:
Computer Science and Mathematics, Second Cycle
Year:
1 in 2 year
Semester:
first
Kind:
optional
ECTS:
6
Language:
slovenian, english
Course director:

Denis Trček

Hours per week – 1. semester:
Lectures
3
Seminar
0
Tutorial
2
Lab
0
Prerequisites

There are no prerequisites.

Content (Syllabus outline)

Introduction.
• Key standards and organizations (ISO, ITU-T, IETF, W3C, OASIS, OMA).
• Risk management.
• Security mechanisms (symmetric and asymmetric algorithms, strong one way hash functions, homomorphic cryptography), security services (principles and practical implementations of authentication, confidentiality, integrity, non-repudiation, access control, logging and alarming), public key infrastructure (time base, name space management, operational protocols), post-quantum computing (quantum key exchange, Lamport crypto scheme), side channels problems and countemeassures.
• Engineering issues related to securiity mechanisms.
• Authentication, authorization and accounting infrastructure (principles, examples of standardized solutions like RADIUS and Diameter).
• Security of physical and data layers (example protocols are WEP, WPA, WPA2 and WPA3).
• Security of network, transport and application layers, including internet of things and clouds (example protocols and applications included are IPSec, TLS, S/MIME, XMLSec, SAML, XACML, WS-*, Bitcoin and blockchains, Passkey).
• Formal methods (taxonomy of formal methods with examples like R. Rueppl's method and SPIN / Promela).
• Privacy (privacy by design) with trust management and reputation management in services oriented architectures.
• New security paradigms – Interenet of Things and cloud computing.
• Secure programming practices and verification (model checking).
• Risk management in information systems, organizational views and human factor views (security policies, human factor modelling and simulations).
• Accreditation and auditing of IS related to security (ISO 2700X, CISSP), standards for technical implementations of hardware and software components (Common Criteria), and standards for security management of artificial intellignece solutions.
• Basic legislation in the area of IS security and privacy (EU directives, national implementations).
• Conclusions.
• Addendum: Mini practical tasks covering the latest selected technological issues.

Readings

Stallings W., Network Security Essentials, Pearson educations, 2017.
D. Trček, Informacijska varnost in zasebnost, kopije prosojnic, FRI UL 2023.
D. Trček: Information Systems Security and Privacy, Springer, New York, Heidelberg, 2006.

Objectives and competences

The goal of the course is to educate students to be able to actively provide security and privacy in contemporary information systems, be it as systems administrators, or developers of new solutions.
Categorized competences:

  • Developing skills in critical, analytical and synthetic thinking.
  • The ability to define, understand and solve creative professional challenges in computer and information science.
  • The ability of professional communication in the native language as well as a foreign language.
  • Compliance with security, functional, economic and environmental principles.
  • The ability to understand and apply computer and information science knowledge to other technical and relevant fields (economics, organisational science, fine arts, etc).
    -Practical knowledge and skills of computer hardware, software and information technology necessary for successful professional work in computer and information science.
Intended learning outcomes

After completing this course a student will:

-know and be familiar with principles for providing security and privacy in information systems,
-know and understand standard solutions in this area,
-be able to administer security and privacy of information systems,
-be able to develop simpler solutions in this domain,
-be qualified for internal security and privacy auditing,
-be able to define security policy.

Learning and teaching methods

Lectures, laboratory work (with practical prototype implementations), students’ presentations.
Attendance of laboratory work is mandatory (the exact percentage is announced at the beginning of a study year).
The lecturer may impose mandatory attendance of lectures.

Assessment

50% of the final grade is obtained on the basis of on-going laboratory work (home-works, quizzes, practical project implementations and presentations).
The other 50% is obtained on the basis of a written exam, or written and oral exam (the lecturer may decide that a coursework replaces the oral exam).
To be eligible for the written exam, a candidate must have successfully completed laboratory work, and fulfilled other obligations related to lecturing that the lecturer may have imposed. For successful completition of the course both grades have to be pos
grading: 5 (fail), 6-10 (pass) (according to the Statute of UL)

Lecturer's references

Nekaj najpomembnejših del:
1. TRČEK, Denis, Cultural heritage preservation by using blockchain technologies. Heritage science. Jan. 2022, vol. 10, str. 1-11, ISSN 2050-7445. https://heritagesciencejournal.springeropen.com/articles/10.1186/s40494-021-00643-9, 2022.
2. Trček D, Wireless sensors grouping proofs for medical care and ambient assisted-living deployment, Sensors, vol. 16, no. 1, str. 1-12, 2016.
3. HUČ, Aleks, TRČEK, Denis. Anomaly detection in IoT networks : from architectures to machine learning transparency. IEEE access. Apr. 2021, vol. 9, str. 60607-60616, ISSN 2169-3536. https://ieeexplore.ieee.org/document/9406023.
4. Trček D., Lightweight protocols and privacy for all-in-silicon objects, Ad hoc networks, Elsevier, ISSN 1570-8705, July 2013, vol. 11, no. 5, str. 1619-1628.
5. Trček D., Brodnik A., Hard and soft security provisioning for computationally weak pervasive computing systems in e-health, IEEE wireless communications, vol. 20, no. 4, 8 str., 2013.

Celotna bibliografija je dostopna na SICRISu:
The whole bibliography can be obtained at the below URL:
https://bib.cobiss.net/biblioweb/eval/si/slv/evalrsr/11077.