Information Security and Privacy

There are no prerequisites.

Introduction.
• Key standards and organizations (ISO, ITU-T, IETF, W3C, OASIS, OMA).
• Risk management.
• Security mechanisms (symmetric and asymmetric algorithms, strong one way hash functions, homomorphic cryptography), security services (principles and practical implementations of authentication, confidentiality, integrity, non-repudiation, access control, logging and alarming), public key infrastructure (time base, name space management, operational protocols), post-quantum computing (quantum key exchange, Lamport crypto scheme), side channels problems and countemeassures.
• Engineering issues related to securiity mechanisms.
• Authentication, authorization and accounting infrastructure (principles, examples of standardized solutions like RADIUS and Diameter).
• Security of physical and data layers (example protocols are WEP, WPA, WPA2 and WPA3).
• Security of network, transport and application layers, including internet of things and clouds (example protocols and applications included are IPSec, TLS, S/MIME, XMLSec, SAML, XACML, WS-*, Bitcoin and blockchains, Passkey).
• Formal methods (taxonomy of formal methods with examples like R. Rueppl's method and SPIN / Promela).
• Privacy (privacy by design) with trust management and reputation management in services oriented architectures.
• New security paradigms – Interenet of Things and cloud computing.
• Secure programming practices and verification (model checking).
• Risk management in information systems, organizational views and human factor views (security policies, human factor modelling and simulations).
• Accreditation and auditing of IS related to security (ISO 2700X, CISSP), standards for technical implementations of hardware and software components (Common Criteria), and standards for security management of artificial intellignece solutions.
• Basic legislation in the area of IS security and privacy (EU directives, national implementations).
• Conclusions.
• Addendum: Mini practical tasks covering the latest selected technological issues.

Stallings W., Network Security Essentials, Pearson educations, 2017.
D. Trček, Informacijska varnost in zasebnost, kopije prosojnic, FRI UL 2023.
D. Trček: Information Systems Security and Privacy, Springer, New York, Heidelberg, 2006.

The goal of the course is to educate students to be able to actively provide security and privacy in contemporary information systems, be it as systems administrators, or developers of new solutions.
Categorized competences:

• Developing skills in critical, analytical and synthetic thinking.
• The ability to define, understand and solve creative professional challenges in computer and information science.
• The ability of professional communication in the native language as well as a foreign language.
• Compliance with security, functional, economic and environmental principles.
• The ability to understand and apply computer and information science knowledge to other technical and relevant fields (economics, organisational science, fine arts, etc).
  -Practical knowledge and skills of computer hardware, software and information technology necessary for successful professional work in computer and information science.

After completing this course a student will:

-know and be familiar with principles for providing security and privacy in information systems,
-know and understand standard solutions in this area,
-be able to administer security and privacy of information systems,
-be able to develop simpler solutions in this domain,
-be qualified for internal security and privacy auditing,
-be able to define security policy.

Lectures, laboratory work (with practical prototype implementations), students’ presentations.
Attendance of laboratory work is mandatory (the exact percentage is announced at the beginning of a study year).
The lecturer may impose mandatory attendance of lectures.

50% of the final grade is obtained on the basis of on-going laboratory work (home-works, quizzes, practical project implementations and presentations).
The other 50% is obtained on the basis of a written exam, or written and oral exam (the lecturer may decide that a coursework replaces the oral exam).
To be eligible for the written exam, a candidate must have successfully completed laboratory work, and fulfilled other obligations related to lecturing that the lecturer may have imposed. For successful completition of the course both grades have to be pos
grading: 5 (fail), 6-10 (pass) (according to the Statute of UL)

Nekaj najpomembnejših del:
1. TRČEK, Denis, Cultural heritage preservation by using blockchain technologies. Heritage science. Jan. 2022, vol. 10, str. 1-11, ISSN 2050-7445. https://heritagesciencejournal.springeropen.com/articles/10.1186/s40494-021-00643-9, 2022.
2. Trček D, Wireless sensors grouping proofs for medical care and ambient assisted-living deployment, Sensors, vol. 16, no. 1, str. 1-12, 2016.
3. HUČ, Aleks, TRČEK, Denis. Anomaly detection in IoT networks : from architectures to machine learning transparency. IEEE access. Apr. 2021, vol. 9, str. 60607-60616, ISSN 2169-3536. https://ieeexplore.ieee.org/document/9406023.
4. Trček D., Lightweight protocols and privacy for all-in-silicon objects, Ad hoc networks, Elsevier, ISSN 1570-8705, July 2013, vol. 11, no. 5, str. 1619-1628.
5. Trček D., Brodnik A., Hard and soft security provisioning for computationally weak pervasive computing systems in e-health, IEEE wireless communications, vol. 20, no. 4, 8 str., 2013.

Celotna bibliografija je dostopna na SICRISu:
The whole bibliography can be obtained at the below URL:
https://bib.cobiss.net/biblioweb/eval/si/slv/evalrsr/11077.