Secure Application Design (SS 2024)

Course Number 705056 | Sommersemester 2024

Building Secure Applications

Content

In this lecture, we will translate the cryptographic groundwork of your Bachelor's studies into the real world. We will discuss how cryptographic keys are managed, how trust in them is established, and how protocols are built. Additionally, we will review various real-world applications, and investigate how they use cryptographic tools to address the challenges they set out to solve. The course is held on campus (HS i11); lecture recordings will be available after the fact via TUbe. At the end of the semester, a written exam will be offered on campus. After the main exam date, further exams will be oral, offered on demand. The initial KU presentations are on campus (HS i11). A recording will be available. All other KU tasks can be undertaken remotely. Discord is the primary means of communication. Private questions may be addressed via email.

Material

NOTE: The contents of this course changed significantly in SS2023 (last year). Any previous recordings you may find will likely not reflect the current state of the curriculum.
Date Who Lecture 14:00–16:00 (HS i11) Recording
01.03.2024 JH Intro & Recap: Cryptography TUbe
08.03.2024 JH Common Attacks & Vulnerabilities TUbe
15.03.2024 JH Trust & Privacy TUbe
22.03.2024 TZ Identity TUbe
12.04.2024 JH Authentication TUbe
19.04.2024 LH Key Management TUbe
26.04.2024 LH TLS Handshake Protocol TUbe
03.05.2024 JH OpenID Connect TUbe
17.05.2024 TZ ID Austria & eIDAS TUbe (2023; part 1, part 2)
24.05.2024 PT Green Pass, AWP & Digital Wallet TUbe (2023)
07.06.2024 A-SIT Current Topics Spotlight no recording
14.06.2024 LH Messengers TUbe
21.06.2024 You! Seminar: Middleware Security
28.06.2024 VO Exam

Practicals

Date What?
01.03.2024 Introduction to the Practicals (HS i11, from 15:15) (slides)
01.03.2024 Assignment Sheet
01.03.2024 Intro Challenges Available
≤ 14.03.2024 Solve Intro Challenges
15.03.2024 Introduction to Challenge Creation (HS i11, from 15:30) (slides)
≤ 22.03.2024 Group Formation
23.03.2024 Plan & Implement Your Challenge (start of P2)
≤ 12.04.2024 Submit Design Concept
≤ 26.04.2024 Implement Your Challenges
03.05.2024 Challenges Available (start of P3)
≤ 21.06.2024 Solve Others' Challenges & Submit Write-Up

Administrative Information

Getting a Grade (VO)

There are two ways to obtain a grade for the VO. You can either take an exam or give a seminar talk. The standard way to get a grade is to take a written 60-minute exam at the end of the semester. There will be one scheduled exam date. After this date, exams will default to being oral unless there is significant coordinated student demand. To arrange an oral exam date, email us at least two weeks in advance and offer at least three potential timeslots. Both written and oral exams are partial open-book. You may bring one two-sided, hand-written, A4 sheet containing whatever information you think you will need during the exam. Only hand-written sheets are permitted. Print-outs, photocopies, etc. are not permitted. You can find & register for upcoming written exam dates in TUGRAZonline. For very motivated students, it is also possible to give a seminar talk. To do this, choose a subject related to real-world use of cryptography that you are passionate about, or find particularly interesting. Submit a brief outline of your proposal via email by March 17th. We will communicate with you to agree on a topic. You will then submit a ≥7 page report by May 19th, and give a seminar talk in the lecture on June 21st. If these tasks are completed satisfactorily, you will receive a passing VO grade without the need for an exam. The range of acceptable topics is very broad, from case studies of particularly clever cryptographic protocols to usability analyses or ethical discussions. If you are unsure about a potential topic, do not hesitate to get in touch.

Practicals (KU)

The practicals are divided into three phases. In phase 1, you will solve pre-made Capture-the-Flag (CTF) challenges from last year's course, to familiarize yourself with the concept. This is done by yourself. In phase 2, you will design and implement your own challenge. This is done in groups. In phase 3, you will solve challenges posed by the other teams. This is done by yourself. Phase 1 awards 10 points. Phase 2 awards 30 points. Phase 3 awards 60 points. You need at least 50% of points in each phase to pass the course. If you pass all phases, your grade will be determined as follows:
  • ≥ 87½ points: Sehr Gut (1)
  • ≥ 75 points: Gut (2)
  • ≥ 62½ points: Befriedigend (3)
  • ≥ 50 points: Genügend (4)
For the full details, please see the KU assignment sheet.

Contact and Communication

For questions regarding the courses we have the following communication channels:
  • Discord: IAIK server, channels #sead-*-announcements for any necessary announcements and reminders.
  • Discord: IAIK server, channel #sead for all questions regarding lectures and exercises.
  • Discord: IAIK server, channel #sead-looking-for-team to find team members for the exercises.
  • sead@iaik.tugraz.at for administrative questions specific to your situation. Please use Discord for questions that might be of interest for other students.

Lecturers

Jakob Heher
Jakob
Heher

PhD Student

View more
Lena Heimberger
Lena
Heimberger

PhD Student

View more
Hannes Weissteiner
Hannes
Weissteiner

PhD Student

View more