• Lecturer: Prof. Dr. Schwenk
• Language: German
• Credits: 5 CP
• Programs: B.Sc. IT-Security, M.Sc. IT-Security / Networks and Systems
• Examination: 100 % Written Exam (120 Minutes) + 10 % Homework

Prior Knowledge

Basic knowledge of TCP/IP, security problems of Computer Networks

Learning Outcomes

After successfully completing the module, students have a comprehensive understanding of the technical aspects of network security. They have recognized that cryptography alone is not enough to solve security-related problems. They have acquired a comprehensive understanding of complex IT systems. By thinking independently about how to improve network security, students prepare themselves for their role in professional life. They can analyze new problems and develop new solutions. They can argue the benefits of the solutions they have developed in discussions. They have understood that non-technical factors such as questions of liability and liability and the resulting costs have a significant influence on IT security decisions.

Course Description

When cryptography is used in a technical environment such as a computer, data or telephone network, security depends not only on purely cryptographic factors but also on the technical embedding of the encryption and signature algorithms. Prominent examples (of faulty embedding) are EFAIL (efail.de), attacks on the WLAN encryption systems WEP and WPA (KRACK), and various attacks on TLS (Bleichenbacher, POODLE, DROWN, ROBOT). The module deals with concrete networks for data transmission and examines them from all sides about their security.

• HTTP security (HTTP Authentication, Secure HTTP, architecture of SSL/TLS)
• Transport Layer Security (TLS 1.2, versions SSL 2.0 to TLS 1.3)
• Attacks on SSL and TLS (BEAST, CRIME, POODLE, Lucky13, Bleichenbacher, DROWN, Heartbleed, Invalid Curve)
• Secure Shell - SSH
• Domain Name System and DNSSEC (factorizable keys)
• Web application security (HTML, URI, XSS, CSRF, SQLi, SSO)
• XML and JSON security