Introduction to Cybersecurity and Cryptography 1000-2M24WCK
The lecture will consist of three segments.
The first part will be dedicated to classical cryptography (symmetric and asymmetric encryption, digital signature, etc.) and its mathematical foundations (e.g. the role of elliptic curves).
The second part will present an outline (in theoretical terms) of the applications of these mechanisms (VPN, TOR, blockchain, etc.) and classical and historical attacks on them.
The last segment will be a look into the future, i.e. a selection of existing mathematical ideas that are not yet in common use, but probably have a chance to be important in the future. Among others, multi-party computation, e-voting, zero-knowledge and the basics of security in the post-quantum world will be discussed.
During the laboratory classes, students will attack poorly secured systems - and thanks to this, they will learn about different types of vulnerabilities and how to write more secure code. During the classes, we will discuss, among other things, how to break the security of a web application, break encryption, use low-level vulnerabilities such as buffer overflows, and reverse engineer compiled programs. The classes will include a large number of exercises, in which the task of students will be primarily to find and exploit a security hole.In addition to attack techniques, methods of protection against them will also be presented.
Type of course
Prerequisites
Course coordinators
Assessment criteria
The final grade is based on the sum of points obtained from 4 laboratory tasks (total 0 to 40) and the exam (0 to 15). The exam is written and consists of 15 short questions.
Bibliography
Cryptography
Yehuda Lindell, Jonathan Katz, “Introduction to Modern Cryptography”;
Jean-Philippe Aumasson, “Serious Cryptography: A Practical Introduction to Modern Encryption”;
Coursera.org: Cryptography I online course (free without certificate);
Cryptopals (https://cryptopals.com/): a collection of tasks for implementing various cryptographic constructs and classic attacks;
Laurens Van Houtven “Crypto101” (https://www.crypto101.io/);
Monthly “Delta”: “A już się da” (https://www.deltami.edu.pl/delta/rubryka/a_jednak_sie_da/).
Web applications
Sekurak website (https://sekurak.pl/): articles on various types of vulnerabilities (XSS, SQL Injection, XXE, etc.);
PortSwigger website (https://portswigger.net/web-security): articles from the Web Security Academy section;
Root Me website (https://root-me.org/): tasks from the Web category;
Michał Bentkowski, Gynvael Coldwind and others: “Web Application Security”.
Reverse engineering
Gynvael Coldwind, “FAQ: How to learn reverse-engineering” (https://gynvael.coldwind.pl/?id=664);
Dennis Yurishev, “Reverse Engineering for Beginners” (https://beginners.re/);
Dennis Andriesse, “Practical Binary Analysis”.
Binary exploitation
https://pwnable.kr/ website: tasks;
https://pwnable.xyz/: tasks;
https://pwn.college/: tasks and course.
Other
CERT Polska team website (https://hack.cert.pl/): tasks;
Gynvael Coldwind's YT channel (https://www.youtube.com/user/GynvaelColdwind): streams about low-level programming and security;
LiveOverflow YT channel (https://www.youtube.com/c/LiveOverflow): videos about security;
So-called "write-ups", i.e. descriptions available on the Internet in various places (e.g. on blogs) of how specific attacks were successfully carried out (e.g. at CTF competitions). You can search for them by entering the appropriate phrase in the search engine, e.g. "sql injection with no space write-up".
Notes
|
Term 2024Z:
None |
Term 2025Z:
None |
Additional information
Information on level of this course, year of study and semester when the course unit is delivered, types and amount of class hours - can be found in course structure diagrams of apropriate study programmes. This course is related to the following study programmes:
- Bachelor's degree, first cycle programme, Computer Science
- Master's degree, second cycle programme, Computer Science
Additional information (registration calendar, class conductors, localization and schedules of classes), might be available in the USOSweb system: