  PSI-AdvaSP-M Advanced Security and Privacy

Prof. Dr. Dominik Herrmann

2,00 SWS, Tutorials start in the second week of the lecture period.
Zeit und Ort: Mi 10:00 - 12:00, WE5/00.019; Einzeltermin am 19.7.2019 10:00 - 12:00, WE5/00.019

Voraussetzungen / Organisatorisches
Participants should be familiar with basic concepts in information security and privacy, which can be acquired, for instance, by taking the module "Introduction to Security and Privacy" (PSI-IntroSP-B). This includes basic knowledge about the commonly used security terminology, common types of malware and attacks, buffer overflows and related attacks, cryptography, network security, web security, and concepts of privacy. Moreover, participants should have practical experience with at least one scripting or programming language such as Python or Java.

Approach: This module is taught in English. It consists of a lecture and tutorials. During the course of the tutorials there will be theoretical and practical assignments (task sheets). Assignments and exam questions can be answered in English or German. Lecture and tutorials are partially taught in form of a paper reading class. Participants are expected to read the provided literature in advance and participate in the discussions.

Information security and privacy are relevant in almost all information systems today. Many real-world use cases have complex security and privacy requirements involving multiple parties. Often there are multiple stakeholders with different, sometimes even contradictory interests. For instance, some use cases call for a solution that allows a service provider to process sensitive data without learning its content. In other cases it is not the content but some meta information such as location and usage intensity that has to be protected. And then there are scenarios where seemingly harmless pieces of data can be used to disclose or infer very personal pieces of information about an individual. This module covers advanced techniques for information security and privacy that can be used to satisfy the complex requirements of practical systems. It builds upon the basic concepts in information security that are introduced in the module "Introduction to Security and Privacy" (PSI-IntroSP-B).
Selected topics: cryptographic methods and protocols, e.g., homomorphic encryption, attribute-based credentials, secure multi-party computation, zero-knowledge proofs, format-preserving and identity-based encryption, group signatures, and proxy re-encryption; attacks on privacy in datasets and communications (inference techniques, online tracking); privacy engineering and privacy enhancing technologies (e.g., Tor); usable security and privacy; other current topics in privacy and security. Some parts of the lecture are aligned with current events and recently published research. The selected topics are therefore subject to change.

Competencies: This module is designed to bring students towards the research boundaries in the field of security and privacy technologies by covering a selection of contemporary topics in depth. The focus of the module is on technical safeguards that can be used by system designers and users to enforce properties such as confidentiality and integrity. Moreover, sophisticated attacks on security and privacy are explained. Successful students will be able to explain attack strategies and defenses discussed in recent research papers. They will also be able to analyze whether a particular attack or defense is relevant in a specific scenario. Finally, they will be able to implement selected attacks and defenses with a programming language of their choice.

Credits: 6

www: https://vc.uni-bamberg.de/moodle/course/view.php?id=35294

Institution: Lehrstuhl für Privatsphäre und Sicherheit in Informationssystemen

