IN4253ET "Hacking lab" applied security analysis

The security of computer and telecommunication systems is becoming an increasing concern. In this course, we will review the current state of the art on security research and gain practical experience in assessing the security and vulnerabilities of communication systems. Engineers are typically taught to focus on performance, correctness, scalability, and maintainability when building communication and information processing systems. However, an additional set of design principles are required to achieve security. In this course, we discuss security principles, common pitfalls and vulnerabilities.

The weekly lectures provide an introduction into security research, with a focus on real-world security, privacy-enhancing technology and common security pitfalls.

Each student participates in a "Hack Project", with a group of one to four students. Students can select between a wide range of available Hack Project outlines within the first week. The goal may be to evaluate the security of a real-world IT system, developing a proof-of-concept exposing a vulnerability or focussed on preserving privacy in a post-Snowden world. Students may propose their own Hack Project based on their background knowledge and skills. Such Hack Projects need to be approved and shaped together with the instructor. Example of possible outlined hardware-oriented projects are: development of a wifi tracker, programing an FPGA system to break passwords, assess the security of RFID cards, or to transparently intercept Ethernet traffic. Concrete software projects are: hacking Bitcoin, improving the TOR anonymity protocol and create Android-based tools for human rights activists in Iran, Egypt and Russia.

Each Hack Project is documented with a written report. This can be in the form of a 6-8 page IEEE-style scientific article or a traditional more lengthy report. All results, experiences and findings are presented to the entire class in the last week of the course. Hack Projects also report their progress several times during the course, after the weekly lectures.

Study Goals

After this course, the student will have a thorough knowledge of security in real-world systems, and will be able to explore the literature on this topic independently. The student will be aware of the poor state of security in real-world computer systems. The student can explain the common pitfalls, why these known failures still occur and reasons behind the poor state of security in general.

Teachers

dr.ir. Christian Doerr (NAS)

Complex and dynamical systems: social network analysis, internet security, collective intelligence.

Johan Pouwelse

Last modified: 2023-11-03

Details

Credits: 5 EC
Period: 0/0/2/0
Contact: Christian Doerr