SCI - Eléments de sécurité IT

Appartient à l'UE Sécurité

Personnes enseignantes

Remarque préliminaire importante : le cours est donné et évalué en anglais Important preliminary notice: the course is given and graded in english

General description

Secure software development and web security has become increasingly needed in modern computer systems, as a vast majority of the features of a program are distributed over the internet. Usually, systems transmit and store sensitive information that need to be protected. This course is given to fulfill that objective, mainly by introducing the student to core concepts of cryptography and its applications, mathematics left aside.

Conceptual prerequisites and organisation

The only two official corequirements are DEV3 (C+/C++) and WEBG3 or WEBG4 (web development).

However, the student will find the course easier should they master the concepts presented in the following courses:

  • INT1: basic notions on computer networks and communication protocols
  • SYS1 & 2: introduction to operating systems
  • ALGx, DEVx, ATLGx: software development, programation and algorithmics in various programming languages
  • WEBGx: web development

Also, note that this courses is also organised in the management section during the second semester, under the name SECG4. Students with timetable conflicts or a good reason can make a motivated request to follow it instead of this one. Accepting that request is fully left to the school’s autorities.

Objectives

The objectives of this course are multiple:

  • Understand the principles of authentication, confidentiality, integrity and non-repudiation;
  • Understand the concepts of symmetric and public key cryptography;
  • Understand and implement several applications, attacks and protections related to the above concepts;
  • Given a project specifications, spot what needs to be secured, understand how it should be made and implement it.

Table of contents

  1. Introduction
    1. Objectives
    2. Algorithmic complexity
    3. Kerckoff’s principles
    4. Main topics
  2. Cipher algorithms
    1. Introduction
    2. Monoalphabetic ciphers
    3. Symmetric and public key ciphers
  3. Hash functions
    1. Introduction
    2. Characteristics
    3. Building up hash functions
  4. Numerical signatures
    1. Introduction
    2. Principle of signature
    3. Certification authority
  5. Applications
    1. Introduction
    2. Authentication
    3. Passwords
    4. Threshold cryptography
  6. Vulnerabilities
    1. Introduction
    2. Data remanence
    3. Side channel attacks
    4. OWASP vulnerabilities

The course can be pulled from its public repository at [https://gitlab.com/rabsil/introduction-to-security]

Modalities of evaluation

In first session,

  • 30% of the mark is made up of practical work (graded labs and their defense),
  • 35% of the mark is made up of a computer project (defended on exam day),
  • 35% of the mark is made up of a theory (oral) exam.

In second session,

  • 65% of the mark is made up of a computer project (defended on exam day),
  • 35% of the mark is made up of a theory (oral) exam.

Bibliography

  • Introduction to Computer Security Michael Goodrich and Roberto Tamassia - Pearson Education Limited, 2013
  • Computer security: A hands-on approach Wenliang Du - CreateSpace Independent Publishing Platform, 2017
  • OWASP Foundation https://owasp.org/ - Last accessed in March 2021.