Secure Application Design (SS 2022)

Content

The lecture will give a recap on the core properties of cryptographic primitives, which will themselves be regarded as a black box: e.g. an RSA-based signature algorithm or an ECC-based signature algorithm achieve the same results from an application’s point of view regardless of the huge differences in their mathematical or structural nature (hint: if you are interested in how ECC, RSA or the AES algorithm actually works, there are other lecture for that). After having a clear view on the available building blocks and their protective functions the lecture will focus on the primary task on how to build secure functions and applications by considering all aspects: key delivery, key storage and usage, trust-models, or high-level crypto protocols. To do so the lecture will focus on real world examples, whose cryptographic functions will be built up from scratch dealing with all required aspects. The practical assignments will focus on the actual usage and deployment of cryptographic primitives and their associated keys.

COVID-19 Info

For the second half of the semester, the lecture (VO) is in person in HS i11. Recordings will be made available. VO exams will be conducted in person near the end of the semester. The exercises (KU) are virtual.

Contact

For live updates and announcements, please join the IAIK Discord and enable the SEAD channels in #getting-started. Also, please feel free to send more private questions via email to sead@iaik.tugraz.at. Further, please use this email address to submit your team's KU concept of Phase One, as described in the KU description below, and also to contact your mentor.

Material

Date	Who	Video	Slides
16.03.2022	JH, KK	Intro - Welcome to SEAD	VO Intro, KU Intro
		Introduction to the Building Block format
		Building Block: Hash	Slides
		Building Block: MAC	Slides
		Building Block: Digital Signatures	Slides
		Building Block: Symmetric Encryption	Slides
		Building Block: Asymmetric Encryption	Slides
		Building Block: Hybrid Encryption	Slides
06.04.2022	KT	Recap 1: Basic Building Blocks (Recording)	Slides
		Building Block: Perfect Forward Secrecy	Slides
		Building Block: Key Management	Slides
		Building Block: Trust	Slides
		Building Block: Data Formats	Slides
04.05.2022	KT	Recap 2: Higher-Level Building Blocks (Recording: Part 1, Part 2)	Slides
11.05.2022	JH	Case Study 1: Registrierkassensicherheitsverordnung (RKSV)	Slides, .py demo
18.05.2022	KT	Case Study 2: ID Austria	Slides
25.05.2022	KT	Case Study 3: Green Pass	Slides
01.06.2022	KK	Case Study 4: Building Block: Signal Protocol	Slides
08.06.2022	FD	Security Research	Slides
15.06.2022	KK	On Threat Modeling	Slides_plain, Slides_video

Previous Lecture Exams

Date	Exam Questions
29.06.2022	PDF

Practicals

Date	Material
16.03.2022	KU Description v1.0
	Link for Team Registration
24.03.2022	Update: KU Description v1.1
03.06.2022	Update: KU Description v2.0

Administrative Information

Previous Knowledge

Knowledge on how cryptography works (RSA, ECC, AES, hashes etc.)

Prerequisites Curriculum

See position in the curriculum

Objective

Understanding on how to arrange cryptographic primitives to higher level functions and how to deal with auxiliary functions (e.g. key-management, trust-relationships, secure key storage/usage) in applications.

Language

English

Teaching Method

Emphasis on a strong interaction between the students and the teacher

How to get a grade

Registration

https://online.tugraz.at/tug_online/sa.gruppen_einteilung?clvnr=254074&corg=983

Lecturers